Proximia security policy
Security is at the heart of what we do - helping our customers improve their security and compliance posture starts with our own.
Foundational Principles
Zero Trust is a cybersecurity framework designed to minimize risks by assuming that no entity—whether inside or outside the network—can be automatically trusted. It relies on continuous verification and strict access controls. The pillars of Zero Trust include the following:
Compliance
Proximia is in the process of obtaining SOC 2 Type II compliance certification and becoming HIPAA compliant. Visit our Trust Center for progress.
01. Identity
- Verify the identity of users, devices, and services through strong authentication mechanisms, such as multi-factor authentication (MFA), biometrics, and secure single sign-on (SSO).
- Enforce least privilege access based on roles and policies.
02. Devices
- Continuously monitor and secure all devices accessing the network.
- Ensure device compliance by checking their security posture, such as patch levels, antivirus status, and encryption.
04. Applications
- Ensure that applications are secured against vulnerabilities and accessible only to authorized users and devices.
- Monitor application usage to detect anomalous behaviors and potential threats.
05. Data
- Classify and protect sensitive data with encryption, data loss prevention (DLP), and access controls.
- Enforce policies to ensure data is accessed securely and used appropriately.
06. Workloads
- Protect workloads in cloud, on-premises, or hybrid environments.
- Apply consistent security policies to containerized, virtualized, or serverless workloads.
07. Visibility & Analytics
- Continuously monitor and analyze network traffic, user behavior, and device activity for real-time threat detection.
- Use tools like SIEM (Security Information and Event Management) and UEBA (User and Entity Behavior Analytics) for insights.
08. Automation & Orchestration
- Implement automated responses to threats and policy violations.
- Use tools like SOAR (Security Orchestration, Automation, and Response) to streamline incident management.
- Verify the identity of users, devices, and services through strong authentication mechanisms, such as multi-factor authentication (MFA), biometrics, and secure single sign-on (SSO).
- Enforce least privilege access based on roles and policies.
- Continuously monitor and secure all devices accessing the network.
- Ensure device compliance by checking their security posture, such as patch levels, antivirus status, and encryption.
- Segment networks to limit lateral movement in case of a breach.
- Use microsegmentation and granular controls to protect sensitive data and applications.
- Encrypt network traffic both internally and externally (e.g., TLS, VPN).
- Ensure that applications are secured against vulnerabilities and accessible only to authorized users and devices.
- Monitor application usage to detect anomalous behaviors and potential threats.
- Classify and protect sensitive data with encryption, data loss prevention (DLP), and access controls.
- Enforce policies to ensure data is accessed securely and used appropriately.
- Protect workloads in cloud, on-premises, or hybrid environments.
- Apply consistent security policies to containerized, virtualized, or serverless workloads.
- Continuously monitor and analyze network traffic, user behavior, and device activity for real-time threat detection.
- Use tools like SIEM (Security Information and Event Management) and UEBA (User and Entity Behavior Analytics) for insights.
- Implement automated responses to threats and policy violations.
- Use tools like SOAR (Security Orchestration, Automation, and Response) to streamline incident management.
These pillars work together to build a comprehensive security posture that aligns with the principles of Zero Trust: “Never trust, always verify” and “Assume breach.”
Data protection

Data at Rest
All repositories, including those containing customer data, are securely encrypted at rest. Sensitive database data is abstracted and protected through multiple layers of encryption. This ensures that the data is encrypted even before it is stored in the database, rendering both physical and logical access to the database insufficient to decipher the most sensitive information.

Data in Transit
Proximia employs mTLS 1.3 or a higher protocol for secure data transmission across potentially insecure networks. We utilize JSON Web Tokens (JWTs) to manage authentication and authorization, incorporating robust security features such as expiration durations and the utilization of cryptographic algorithms for signing. This ensures that tokens cannot be tampered with or reused after their expiration date.

Vault
Encryption keys are securely managed in Azure Key Vault using Hardware Security Modules (HSMs). This prevents direct access by any individuals, including employees of Proximia or cloud providers. The keys stored in HSMs are utilized for encryption and decryption operations via APIs. Legacy Application secrets are triple-encrypted and stored independently from identifying data, utilizing distinct keys for each encryption layer.
Product Security

Penetration Testing
Proximia collaborates with a highly esteemed penetration testing consulting firm within the industry on an annual basis. The assessments encompass all aspects of the Proximia product and cloud infrastructure, with source code fully accessible to the testers to enhance the effectiveness and comprehensiveness of the evaluations.
We provide comprehensive penetration test reports through our Trust Center.

Vulnerability Scanning
Proximia requires vulnerability scanning at key stages of our Secure Development Lifecycle (SDLC):
Enterprise Security
Endpoint Protection
All corporate devices are centrally managed and are equipped with mobile device management software and anti-malware protection. Endpoint security alerts are monitored with 24/7/365 coverage. We utilize MDM software to enforce secure configuration of endpoints, including disk encryption, screen lock configuration, and software updates.
Secure Remote Access
Proximia secures remote access to internal resources using Zero Trust Remote Network (ZTRN), a highly secure remote solution. In addition to the network pipe having end-to-end impenetrable encryption, the inlet is protected with dynamic-proximity and biometric triggers that leverage a continuous, mutual zero trust authentication paradigm.
Security Education
Proximia provides comprehensive security training to all employees upon onboarding and annually through educational modules. Additionally, all new employees attend a mandatory onboarding session centered around fundamental security principles. Furthermore, all new engineers attend a mandatory onboarding session focused on secure coding principles and practices.
Proximia’s security team disseminates regular threat briefings to employees, informing them of pertinent security and safety-related updates that necessitate special attention or action.
Identity & Access Management
Proximia uses Connect - Proximia's Zero Trust identity and access software with persistent protection from login and beyond.
Proximia employees are granted access to applications based on their role and automatically deprovisioned upon termination of their employment. Further access must be approved according to the policies set for each application.
Proximia employees are granted access to applications based on their job role. Upon termination of employment, access is automatically deprovisioned. Additional access must be approved according to the policies set for each application.
Vendor Security
Proximia employs a risk-based approach to vendor security assessment. Factors that influence the inherent risk rating of a vendor include access to customer and corporate data, integration with production environments, and potential for damage.
Following the determination of the inherent risk rating, the security of the vendor is evaluated to determine a residual risk rating and facilitate a vendor approval decision.
