I personally have been using Adalo since October 2020, and I am very satisfied with the product. I am now thinking of using Adalo for my company’s projects as well. In order to use Adalo internally, we need to report that the security measures in Adalo’s data center meet the requirements we have set.
I would like to know about the following 20 questions regarding security measures.
I really like Adalo’s products and would like to use them for larger projects in the future. Please help us to use Adalo in our company.
(1) In order to prevent intrusion into the data center, we are using cameras to monitor, biometric authentication and other advanced authentication methods, and obtaining and managing access logs.
(2) To prevent intrusion into server rooms, cameras are used for monitoring, biometrics and other advanced authentication is used, and entry/exit logs are obtained and managed according to the security level of each section.
(3) To prevent theft of devices such as storage devices and external media such as backup media, personal belongings are checked as part of access control for the data center and each compartment.
(4) To prevent unauthorized removal of data, external media such as USB memory sticks and portable HDDs, as well as cameras, are checked as part of the access control for the data center and each compartment.
(5) the system operator is assigned to be a regular employee or other reliable person.
(6) only the minimum number of operators are assigned, and each operator is given the minimum authority for each task.
(7) all operations are recorded, the status of operations is monitored by cameras, and multiple operators work together, etc., in order to monitor and detect unauthorized operations by operators
(8) training personnel with a high level of expertise by providing them with security education and having them acquire security-related qualifications such as CISSP.
(9) provide functions to protect transmitted and received data from leakage and falsification through encrypted communications using SSL/TLS, IPsec protocol, etc.
(10) fortifying the server by stopping unnecessary daemons and disabling service accounts in the host OS and guest OS
(11) When storing important data, appropriate and strong encryption is implemented for transmission paths, storage, and databases. In addition, appropriate security measures are implemented for encryption keys used to encrypt data.
(12) implement a mechanism to prevent the easy recovery of important data, such as overwriting or de-criticalization, in the event of termination, disposal of backup media, or data migration.
(13) Logs of host OS, guest OS, servers, network devices, web applications, etc. are collected and stored in a secure environment (at least six months is recommended).
(14) Please describe the log storage period. 15.
(15) The collected logs are regularly monitored to quickly detect unauthorized access or processing.
(16) all devices and servers in the data center are synchronized with the correct time in order to accurately grasp the events stored in the logs.
(17) regularly conduct vulnerability assessments of host OS, guest OS, servers, network devices, and web applications
(18) establish a system to quickly obtain the latest vulnerability information, and take prompt action when new vulnerabilities are discovered When vulnerability correction programs are applied, the criteria for determining whether or not to apply the programs and the application procedures are clarified.
(19) Appropriate anti-virus measures are taken.
(20) In the event of an incident such as information leakage, destruction, or falsification, procedures and systems for promptly informing users are established. In addition, the system is capable of responding 24 hours a day, 365 days a year in case of emergency.
(21) In the event of an incident, the relevant logs are provided to users.