Concerned about the security of your E/CTRM application? We have got something for you!

Security for any solution has always been a key concern of the top management. They remain concerned not just about the customer’s data but also about the robustness of the used applications. As per Veracode, on average 76% of the applications have at least one security flaw. The applications carry a large amount of sensitive data and can be accessed from almost any device by a mass of users, thus posing a risk to privacy and sensitive information. E/CTRM applications are no exception.

The C-level becomes jittery about the security of E/CTRM applications since they contain very vital trade information about commodities purchased, quantity, contract price, vendor information, etc.  Also moving from legacy on-premises systems to the cloud has raised further concerns on network security, data encryption, and data ownership. In the current pandemic scenario where most of the employees are working from home, enterprises are wary about the applications that are used.

Enterprises look for vendors who maintain rigorous security practices to comply with the application security and cloud security practices of the industry. Application security practices involve the measures taken to improve the security of an application often by finding, fixing, and preventing security vulnerabilities. These can be related to the data encryption, role-based access control, authentication, and authorization of the applications. Cloud security covers the various aspects related to the security of the cloud along with the performance and uptime of the applications. Protection of consumers’ data, application, infrastructure management and firewall configurations are also considered under cloud security.

Eka is a leader in providing enterprise-grade E/CTRM solution which comply with the best security practices in the industry. Eka platform is equipped to manage both soft and hard commodities and adhere to the required application and cloud guidelines.

Authentication and Authorization

Eka supports industry-standard federated authentication providers like Azure AD, ADFS, and Okta. This federated identity management system enables single access to several applications across various enterprises.  Thus web-based single sign-on, cross-domain user account provisioning, cross-domain entitlement management, and cross-domain user attribute exchange get simplified in E/CTRM applications.

The native authentication mechanism of the Eka Platform uses OAuth 2 Token-based authentication. Tokens offer a second layer of security, and administrators have detailed control over each action and transaction. The token-based authentication facilitates the registration process for the users thereby preventing them to create/enter the credentials multiple times. Eka supports SAML 2.0 and Open ID Connect for Single Sign-on (SSO) with Active Directory for authentication.

Role-Based Security

The platform also provides access to application entities at the role level. The permissions are controlled at module level, entity level, action level, and data level. Module-level security enables the users to control utilities, menu structure, data views, etc. The entity instance-level security control access at individual data instance level. For example, the users can be provided a view, edit, delete permissions for a particular data.  Action level security provides access to perform CRUD operations. Data level security controls access to data based on one parameter for an application. For example, access can be defined at the profit center level such that only certain roles can see data for certain profit centers.

Data Encryption

The PII (Personally Identifiable Information) of the user is encrypted using the AES-256 encryption within the application before it is stored in the database. The data at rest is thus protected in unique non-readable binary format.

Eka uses Veracode static and dynamic analyzers to ensure code security. This analysis tests the code inside-out and outside-in. Static analysis tests the structure of the code where dynamic analysis tests the application when it is in operation. Third-party penetration testing is also performed on the E/CTRM applications periodically. Both black-box and grey-box testing are performed for Eka applications.

Cloud Security

Eka is SOC2 (Type 1 & 2 complaint), adheres to the ISO 27001 bases ISMS policies and the GDPR policies.  Eka has adopted a cloud-only based platform-led strategy and its product suite is multi-tenant deployed on AWS. The product suite is a true SaaS model. The E/CTRM applications are provisioned for each tenant and all the infrastructure is shared. This allows Eka to offer new applications, new features, and patches much faster.

Eka has pioneered in implementing E/CTRM solutions in more than 50 countries across different domains. Enterprises across mining, manufacturing, agriculture and energy sectors have trusted the security measures of Eka and have been benefited from Eka E/CTRM solution.

Be the next to experience the power of Eka and accelerate your digital journey of commodity management. Try your hands on our platform for free or contact us for a solution demo.