Skip to main content

Information Security & Cloud Security Overview

Helvi
Updated

The purpose of this document is to outline the security methods and processes followed at Eido Software Ltd for applications hosted on Microsoft Azure.
We take security very seriously and apply industry best practices to ensure customer data confidentiality, integrity, and availability.

Platform

Cloud Provider

The Eido application platform is hosted on Microsoft Azure.

Datacentre Location

Production environments are deployed in the following Azure regions (EU: Germany West Central and United States: East US 2). The EU and US environments operate as independent production deployments. There is no automatic cross-region failover.

Security Patching

Eido relies on Azure platform-managed patching for production systems.

  • Azure App Services, Azure SQL Database, and other managed services are patched and maintained by Microsoft
  • Operating system and infrastructure patching is handled by Azure
  • Critical security updates are applied automatically without customer intervention

This approach ensures timely application of security fixes while minimising operational risk.

Data Encryption

Data in Transit

  • All external and internal communications use TLS 1.2 or higher.
  • Insecure or legacy protocols are disabled.
  • HTTPS is enforced for application endpoints.

Data at Rest

All production data is encrypted at rest using AES-256. Encryption is provided natively by Azure services, including:

  • Azure SQL Database
  • Azure App Services

Azure Key Vault is used for secure storage of secrets, keys, and certificates. Access to Key Vault is controlled via Azure role-based access control (RBAC).

Identity & Access Management

Access to Azure subscriptions and production resources is restricted to authorised Eido personnel. Azure Active Directory (Entra ID) is used for identity management. Multi-Factor Authentication (MFA) is enforced for administrative access. Role-based access control (RBAC) ensures least-privilege access.

Access to the Eido application is authenticated exclusively using Microsoft Azure Single Sign-On (SSO).

Customers authenticate using their own Azure Active Directory (Microsoft Entra ID) accounts, and no separate local application credentials are maintained by Eido.

Authentication and access enforcement are handled by Azure identity services, including secure token-based authentication and Azure-managed identity controls.

Platform Security & Monitoring

Eido uses Microsoft Defender for Cloud to provide continuous security posture management, centralised security recommendations and alerts and Policy-based compliance monitoring. Microsoft Defender for Cloud also has threat detection for Azure App Services, Azure Key Vault and Platform services. Microsoft Defender for Cloud is enabled at the subscription level and scoped appropriately to production workloads.

Eido uses Azure-native monitoring services, including Azure Monitor, Log Analytics and Application Insights. Production App Services are configured to send security-relevant logs and metrics to Log Analytics, supporting operational monitoring, security investigations and audit requirements.

The Eido availability and security is monitored 24/7/365 with on-call ensures we can immediately respond to any critical platform or security issues.

Application Security

Inbound traffic to production applications is secured using Azure platform controls, including TLS encryption, network isolation, and platform-level protections.

Public-facing application endpoints are protected by Cloudflare, which provides edge security controls including Web Application Firewall (WAF) capabilities, traffic filtering, and protection against common web-based attacks. Cloudflare helps mitigate threats such as malicious requests, abuse, and denial-of-service attacks before traffic reaches the application platform.

Production applications are hosted on Azure App Services and are monitored using Microsoft Defender for Cloud and Azure-native monitoring services. Application-layer security is further supported through secure development practices, and platform security controls are reviewed regularly as part of ongoing security governance.

Network Security

Production services use Azure-native networking and platform security controls. Access to sensitive services, such as databases and Key Vaults, is restricted using Azure security configurations and service-level access policies.

Azure provides baseline network security and distributed denial-of-service (DDoS) protection. Public access is enabled only where required for application functionality, and network configurations are reviewed periodically to align with security best practices.

Backups & Data Protection

Azure-managed services used by the Eido platform provide automated backup capabilities.

  • Azure SQL Database uses automated, platform-managed backups
  • Backup data is encrypted at rest using industry-standard encryption
  • Backup availability and integrity are managed by Microsoft Azure

These controls support data protection and recovery requirements.

Incident Response

Security alerts generated by Microsoft Defender for Cloud and Azure monitoring services are reviewed by authorised Eido team.

Incidents are assessed, investigated, and remediated in accordance with internal security procedures. Logging and audit trails support investigation and root-cause analysis where required.

Vulnerability Management

Microsoft Defender for Cloud provides continuous assessment of security configuration and potential vulnerabilities across supported Azure services.

Security recommendations and findings are reviewed and addressed as part of ongoing security operations.

Compliance & Governance

Eido uses Azure-native governance tools to maintain a secure and compliant environment. Azure Policy is used to enforce security configuration standards; Microsoft Defender for Cloud provides continuous compliance monitoring and policy exemptions are explicitly documented where services are not applicable.

Security controls are reviewed periodically to ensure continued alignment with best practices.

Threat Intelligence

Eido monitors security advisories and threat intelligence from trusted sources, including:

  • Microsoft Security Response Center (MSRC)
  • National Cyber Security Centre (NCSC)
  • Cybersecurity and Infrastructure Security Agency (CISA)

Relevant advisories are reviewed and acted upon where applicable

Company

VPN

Access to Eido Infrastructure and data is only available to employees who are connected to the VPN. The VPN also requires multi-factor authentication.

Multi-Factor Authentication

Eido Software Ltd uses MFA for all cloud-based applications, where possible. We guarantee that no customer data is accessible without multi-factor authentication.

Company Device Security

Eido enforces security controls on company-managed devices.

  • Devices are managed using Microsoft Intune
  • Security policies enforce encryption, operating system updates, and endpoint protection
  • Non-compliant devices are restricted from accessing company systems

Information Security & Certifications

Eido Software Ltd operates a formal information security and quality management framework and takes the protection of customer data seriously.

Eido is certified to ISO/IEC 27001 for information security management and ISO 9001 for quality management. These certifications demonstrate our commitment to maintaining effective security controls, risk management processes, and continual improvement across the organisation.

Eido Software Ltd is also Cyber Essentials certified, confirming that baseline technical controls are in place to protect against common cyber threats.

Information security policies, procedures, and controls are reviewed regularly to ensure continued effectiveness and alignment with industry best practices.

Certifications

Cyber Essentials Certification

IMS ISO 9001:2015/ISO27001:2022 Certification

Related articles

Comments

0 comments

Article is closed for comments.