Security Measures

To safeguard the data entrusted to us, Brilliance, Inc. implements multiple layers of administrative, technical, and physical security controls across our organization. The following sections address some of the most frequently asked questions about our security measures.

Infrastructure Information

Cloud Hosting Provider Information

Brilliance, Inc. does not host any product systems or data within its physical offices or remote locations. Instead, we outsource the hosting of our product infrastructure to leading cloud infrastructure provider Microsoft Azure. Our product infrastructure resides in the United States, and we rely on Azure’s audited security and compliance programs to ensure the efficacy of their physical, environmental, and infrastructure security controls.

Microsoft Azure guarantees a monthly uptime percentage of at least 99.95%, ensuring high availability and reliability of our services. Azure provides comprehensive compliance documentation and audit reports, which are publicly available. Azure’s security measures include extensive physical security controls, robust environmental safeguards, and a strong infrastructure security framework, validated by numerous industry certifications, including SOC 2 Type 2, ISO 27001, and more.

You can find more information about the controls, processes, and compliance measures implemented by Microsoft Azure on their publicly available Microsoft Trust Center.

Network and Perimeter

Microsoft Azure employs a comprehensive and multi-layered approach to network and perimeter security to protect its infrastructure and ensure the safety of its users' data and applications. Here are some of the key components and strategies involved:

• Virtual Network Security
  • Azure Virtual Network (VNet): VNets enable the creation of isolated network environments in the cloud. They allow for secure communication between Azure resources and can be segmented into subnets for better management and security.
  • Network Security Groups (NSGs): NSGs control inbound and outbound traffic to Azure resources by defining security rules at the subnet or network interface level. These rules allow or deny traffic based on source and destination IP addresses, ports, and protocols. NSGs can provide both perimeter and host-level security by being associated with individual VMs or subnets.
  • Virtual Network Peering: This feature allows the direct connectivity between two VNets, either within the same Azure region or across different regions, through the Microsoft backbone network. It ensures secure communication without routing traffic over the internet, thus reducing exposure to external threats.
• Perimeter Security
  • Azure Firewall: Azure Firewall is a managed, cloud-based network security service that protects Azure Virtual Network resources. It is a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability. It provides centralized logging, policy management, and threat intelligence-based filtering to protect against cyberattacks.
  • Web Application Firewall (WAF): Deployed on Azure Application Gateway or Azure Front Door, WAF protects web applications from common threats and vulnerabilities like SQL injection and cross-site scripting. It adheres to the OWASP core rule sets and provides centralized protection for your web applications.
  • Azure DDoS Protection: Azure offers DDoS Protection Standard, which provides advanced mitigation capabilities to protect applications from Distributed Denial of Service (DDoS) attacks. It leverages Azure's global network to absorb and mitigate DDoS attacks, ensuring the availability and performance of applications.
• Zero Trust Security Model
  • Zero Trust Network Architecture:
    • Azure adopts a Zero Trust security model that assumes breaches and verifies each request as though it originates from an open network. This model involves continuous verification of identities, devices, and access controls. Key principles include:
      • Verify Explicitly: Always authenticate and authorize based on all available data points.
      • Use Least Privileged Access: Limit user and application access with just-in-time and just-enough-access (JIT and JEA).
      • Assume Breach: Minimize the blast radius of potential breaches and employ network segmentation.
    • Connectivity and Performance
      • ExpressRoute: Azure ExpressRoute provides private connections between Azure data centers and on-premises infrastructure or colocation facilities. This private connectivity ensures higher security, lower latency, and greater reliability compared to typical internet connections.
      • Load Balancing: Azure employs various load balancing techniques to distribute traffic across multiple servers and ensure high availability and performance. This includes Azure Load Balancer for network layer traffic and Azure Application Gateway for application layer traffic.

Microsoft's documentation on network security concepts and best practices and the Azure network security page.

Microsoft Azure Configuration Management

Microsoft Azure offers comprehensive configuration management solutions to help businesses manage, monitor, and secure their cloud resources effectively. These solutions ensure that all Azure resources are consistently configured and maintained in alignment with organizational policies and compliance requirements.

Key Components and Tools

• Azure Automation:
  • Runbooks: Azure Automation provides runbooks for automating frequent, time-consuming, and error-prone cloud management tasks. These runbooks can be executed manually, on a schedule, or triggered by events.
  • State Configuration: Azure Automation State Configuration (built on PowerShell Desired State Configuration) helps ensure that your environment is configured correctly and stays that way, automatically correcting any configuration drift.
• Azure Policy:
  • Policy Definitions: Azure Policy allows you to create, assign, and manage policies that enforce rules and effects over your resources. Policies can audit and enforce configurations such as naming conventions, resource types, and tagging standards.
  • Compliance Dashboard: The compliance dashboard provides a unified view to assess the compliance state of resources, helping identify and remediate non-compliant resources.
• Azure Blueprints:
  • Blueprints: Azure Blueprints enable the creation of a repeatable set of Azure resources that adhere to organizational standards, patterns, and requirements. These blueprints include artifacts such as role assignments, policy assignments, ARM templates, and resource groups.
  • Versioning and Change Tracking: Blueprints support versioning and change tracking, allowing you to apply updates and track changes over time.
• Azure Resource Manager (ARM):
  • Templates: ARM templates provide infrastructure as code, enabling you to define and deploy Azure resources in a consistent, repeatable manner. Templates can be version-controlled and shared among teams.
  • Deployment Automation: ARM templates can be integrated with CI/CD pipelines for automated deployments, ensuring consistent and reliable resource configurations.
• Azure Monitor:
  • Insights and Alerts: Azure Monitor provides full-stack monitoring, advanced analytics, and intelligent insights into your Azure environment. It helps you detect and diagnose issues, monitor resource performance, and receive alerts on potential problems.
  • Log Analytics: Log Analytics collects and analyzes data from Azure resources to provide insights into their operation and configuration status, helping to maintain compliance and security.
• Azure Security Center:
  • Security Recommendations: Azure Security Center provides security recommendations and advanced threat protection for your Azure resources. It assesses your environment for vulnerabilities and misconfigurations, offering actionable recommendations to improve security.
  • Compliance Reports: Security Center generates compliance reports aligned with industry standards such as ISO 27001, SOC 2, and GDPR, helping ensure your resources meet regulatory requirements.

Benefits of Azure Configuration Management

• Consistency and Reliability: Automated configuration management ensures that resources are consistently deployed and maintained according to organizational standards, reducing human error and improving reliability.
• Compliance and Security: Continuous monitoring and policy enforcement help maintain compliance with internal policies and regulatory requirements, enhancing the security of your Azure environment.
• Scalability and Flexibility: Azure’s configuration management tools support the dynamic scaling of resources and adapt to changing business needs, allowing for flexible and scalable cloud operations.
• Efficiency and Automation: Automation of routine tasks and configuration management reduces operational overhead, allowing IT teams to focus on strategic initiatives and innovation.

For more detailed information on Azure Configuration Management, please refer to the Microsoft Azure Documentation and the Azure Policy Overview.

Logging Information

Brilliance CRM offers a robust and flexible logging system tailored to meet the diverse needs of businesses, from minimal logging requirements to comprehensive HIPAA-level compliance. Depending on the settings chosen by the business, Brilliance CRM can adjust its logging protocols to ensure data integrity, security, and compliance with industry standards. Whether your organization needs basic operational logs or detailed audit trails to meet stringent regulatory requirements, Brilliance CRM provides a customizable logging solution to fit your specific compliance needs.

Brilliance CRM ensures optimal performance and security by providing a dedicated physical database and software environment for each tenant. This architecture guarantees that each client's data is isolated, enhancing data protection and compliance with industry-specific regulations. By using separate databases for each tenant, Brilliance CRM not only simplifies data management but also allows for tailored configurations and optimizations based on individual business needs. This approach provides businesses with the assurance that their sensitive information is securely managed in a dedicated environment, promoting peace of mind and trust in the system’s reliability and integrity.

Alerting and Monitoring

Brilliance CRM leverages the power and reliability of Microsoft Azure to provide continuous, around-the-clock monitoring of each customer's CRM instance. Utilizing Azure’s advanced monitoring tools and services, Brilliance CRM ensures that all customer environments are constantly observed for performance, availability, and security. This proactive approach allows for immediate detection and response to any issues, minimizing downtime and ensuring that the CRM system remains robust and reliable.

Azure's comprehensive suite of monitoring services, including Azure Monitor, Log Analytics, and Application Insights, enables Brilliance CRM to collect and analyze telemetry data in real-time. This data-driven approach provides deep insights into the health and performance of each CRM instance, allowing Brilliance CRM to optimize resources, anticipate potential problems, and implement solutions swiftly. By maintaining 24x7 vigilance, Brilliance CRM not only enhances operational efficiency but also ensures that customer data is protected and compliant with industry standards.

Application Security

Web Application Firewall

Brilliance CRM provides comprehensive security measures, including a built-in web application firewall (WAF) and a physical firewall through Microsoft Azure, to protect customer data. Our robust security framework includes protection against denial of service (DoS) attacks, brute force attacks, IP address blocking, unauthorized page modification detection, and country blocking. The integrated WAF shields against common web exploits and vulnerabilities, while Azure’s physical firewall infrastructure adds an additional layer of defense. These multi-layered security measures ensure that Brilliance CRM offers a safe and reliable solution, safeguarding your business from various cyber threats and unauthorized access.

PCI Compliance and Storage

Brilliance CRM is dedicated to maintaining the highest standards of security and compliance, particularly concerning the storage and handling of privileged information. To achieve this, Brilliance CRM adheres to the Payment Card Industry Data Security Standard (PCI DSS), a set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment. Compliance with PCI DSS involves implementing rigorous security measures across several areas, including network security, data protection, access control, and continuous monitoring.

• Network Security: Brilliance CRM employs multiple layers of network security to protect sensitive data. This includes the use of a built-in web application firewall (WAF) and a physical firewall through Microsoft Azure, providing robust defense mechanisms against various cyber threats. Our security framework includes protection against denial of service (DoS) attacks, brute force attacks, IP address blocking, and country blocking. These measures ensure that network traffic is monitored and filtered, preventing unauthorized access and ensuring data integrity.
• Data Protection and Encryption: To protect stored privileged information, Brilliance CRM utilizes advanced encryption protocols. All sensitive data, including credit card information, is encrypted using industry-standard AES-256 encryption both at rest and in transit. This encryption ensures that even if data is intercepted, it remains unreadable and secure. Additionally, Brilliance CRM implements tokenization to further protect credit card data, replacing sensitive information with unique tokens that can only be mapped back to the original data within our secure systems.
• Access Control and Monitoring: Brilliance CRM enforces strict access control measures to ensure that only authorized personnel have access to sensitive information. This includes multi-factor authentication (MFA), role-based access controls (RBAC), and regular access reviews. Continuous monitoring and logging of all access and transactions provide an additional layer of security, ensuring that any suspicious activity is quickly detected and addressed. Our compliance with PCI DSS requirements is regularly validated through external audits and assessments, ensuring that our security practices remain up-to-date and effective.

By adhering to these stringent standards and continuously enhancing our security measures, Brilliance CRM not only meets but exceeds the requirements for PCI DSS compliance. This commitment to security ensures that our customers can trust us with their most sensitive information, knowing that we prioritize their data protection and privacy at all times.

Monthly Penetration Testing

Brilliance CRM enhances its security posture by performing monthly penetration tests. These tests simulate real-world cyberattacks to uncover and rectify vulnerabilities within our system. This rigorous, ongoing testing ensures that we adhere to the best development practices and maintain a secure environment for all our customers' data.

Honey Pot Use

Brilliance CRM employs advanced security measures to protect its customers, including the strategic use of honeypots. Honeypots are decoy systems designed to lure and identify malicious actors attempting to breach security defenses. By setting up these traps, Brilliance CRM can monitor and analyze the behavior of attackers in real-time. This proactive approach enables the identification of new attack patterns and tactics used by automated attackers.

Once an attacker interacts with a honeypot, their activities are logged and analyzed to understand their methods and targets. This valuable information is then used to update Brilliance CRM's Web Application Firewall (WAF) rules dynamically. Known automated attackers, including their IP addresses and behavior signatures, are added to the WAF's blocklist. This real-time updating process ensures that all customers benefit from enhanced security measures as soon as new threats are identified.

Moreover, the integration of honeypot data into the WAF allows Brilliance CRM to maintain a robust defense against emerging threats. The continuous feedback loop between the honeypots and the WAF ensures that the system remains adaptive and resilient. By leveraging this intelligent security mechanism, Brilliance CRM not only mitigates potential attacks before they can impact customers but also contributes to the overall improvement of global cybersecurity efforts by sharing threat intelligence.

Through this innovative use of honeypots and real-time WAF updates, Brilliance CRM demonstrates its commitment to providing a secure and reliable service. Customers can trust that their data is protected by state-of-the-art security measures designed to stay ahead of evolving cyber threats. This proactive stance on security underscores Brilliance CRM's dedication to safeguarding customer information and maintaining the integrity of its services.

Data Encryption

Brilliance CRM is committed to ensuring the highest levels of security for its users by implementing the most advanced technologies available. Here are the key measures employed to protect our users' data:

• TLS 1.3: Brilliance CRM uses Transport Layer Security (TLS) 1.3 to protect all HTTPS traffic. TLS 1.3 provides improved security and performance over previous versions, ensuring that data transmitted between users and our servers is encrypted and secure. This latest version of TLS offers enhanced privacy and security features, including the reduction of handshake latency and the elimination of outdated cryptographic algorithms.
  • Test: https://www.ssllabs.com/ssltest/analyze.html?d=www.brilliancecrm.com).
  • Code Signing Store
• Argon2: For password hashing, Brilliance CRM utilizes Argon2, the winner of the Password Hashing Competition (PHC). Argon2 is specifically designed to resist both GPU and ASIC attacks, providing a high level of security for user passwords. By using Argon2, Brilliance CRM ensures that passwords are hashed with a memory-hard algorithm, making it difficult for attackers to perform brute-force attacks.
  • Free Online Tools for Everyone
• AES Encryption: To protect data at rest, Brilliance CRM employs Advanced Encryption Standard (AES) encryption with 256-bit keys. This encryption is applied to all data stored within our Microsoft SQL Server databases. AES-256 is widely recognized for its strong security and is used by government and financial institutions to protect sensitive information. By using AES-256, Brilliance CRM ensures that stored data is secure and protected from unauthorized access.
  • Code Signing Store
  • Free Online Tools for Everyone
• ECDSA: For digital signatures, Brilliance CRM uses the Elliptic Curve Digital Signature Algorithm (ECDSA) with the largest key lengths allowed. ECDSA provides high security with smaller key sizes compared to traditional algorithms like RSA. This makes it both efficient and secure, ensuring that all digitally signed documents maintain the highest level of integrity and authenticity in the industry.
  • Code Signing Store
  • Free Online Tools for Everyone

By integrating these advanced security measures, Brilliance CRM demonstrates its commitment to protecting user data and maintaining the highest standards of security. These technologies work together to provide a secure environment for our users, ensuring that their information remains confidential and protected from cyber threats.

Backup, Restore, and Disaster Recovery

Brilliance CRM prioritizes data integrity and availability by performing daily backups of all customer data. These backups ensure that in the event of data loss or corruption, customer data can be quickly and accurately restored. To enhance data security, Brilliance CRM stores an encrypted copy of these backups off-site, adhering to industry best practices. This off-site storage protects the backups from potential physical threats such as fire, theft, or natural disasters, ensuring that data is safeguarded even in the most adverse conditions.

In addition to daily backups, Brilliance CRM follows rigorous industry best practices to maintain the highest standards of data protection and reliability. These practices include regular testing of backup integrity, encryption of backup data both in transit and at rest, and the use of advanced encryption algorithms to protect data from unauthorized access. By continuously monitoring and improving our backup processes, Brilliance CRM ensures that customer data is always protected and can be reliably restored when needed.

For certain subscription plans, Brilliance CRM offers customers the ability to restore their data independently. This feature is particularly valuable for businesses that require immediate access to historical data or need to recover from user errors quickly. Given that each Brilliance CRM customer has their own physical database, the restoration process is straightforward and efficient, minimizing downtime and disruption to business operations. This dedicated database architecture not only enhances security and performance but also simplifies the management and recovery of customer data.

By providing robust backup and restoration capabilities, Brilliance CRM demonstrates its commitment to data protection and customer satisfaction. These measures ensure that businesses can trust Brilliance CRM with their critical data, knowing that it is secure, regularly backed up, and easily recoverable in the event of any issues.

Data Retention and Data Deletion

At Brilliance, Inc., we retain customer data for as long as you remain an active customer. This ensures that your data is available and accessible whenever you need it. If you are a current or former customer and wish to have certain data deleted, you can make a written request. We will fulfill these requests as required by privacy rules and regulations to ensure your data privacy is maintained.

However, there are certain types of data, such as logs and related metadata, that we must retain to address security, compliance, or statutory needs. These records are crucial for monitoring system integrity, investigating security incidents, and meeting legal requirements. Retaining this information helps us maintain a secure and compliant environment for all our users.

Being each database is a physical database you are able to set the data retention policy to their business needs.

Contact Us

If you have any questions about these Security Policies, You can contact us:

• By visiting this page on our website: https://www.brilliancecrm.com/contact/