.svg)
Security & Compliance at Onna
Customer trust and data security are central to everything we do at Onna
In-Platform Security
Onna delivers in-platform security with built-in controls that protect sensitive data, enforce access permissions, and maintain compliance across connected sources.
Role-based access control
Onna has role-based user types to ensure different levels of access for administrators and standard users.
Encryption
Onna encrypts data while in transit and at rest. The Transport Layer Security (TLS) v1.2 protocol is used to secure all communication between the desktop and web client to the backend servers. At storage, Onna encrypts via AES256. Nothing is ever sent across the internet in clear text.
Permissions
Not only do each user type have specific rights within Onna, but special permissions can also be granted for access to additional features or the ability to perform tasks.
Network and Application Security
Web application firewall
All HTTPS traffic in and out of Onna is protected against DDoS attacks, zero-day exploits, and hacking attempts. This prevents unauthorized data from leaving the application.
Data hosting and storage
Onna is deployed on the Google Cloud Platform for scalability, business continuity, and reliability. The platform leverages state-of-the-art Kubernetes clusters for managing containerized workloads.
Secure development
Onna leverages technologies such as SCA, SAST, and build/runtime vulnerability scanning to ensure quality code and reduce vulnerabilities. We also run a ‘bug bounty' program to improve application security.
Encryption and key security
Platform data is encrypted in transit using TLS1.2 or higher and is continuously monitored. We also encrypt data at rest using an industry-standard AES-256 encryption algorithm. Keys are managed and stored using Google KMS and are regularly rotated.
Pentests and vulnerability scanning
Onna uses third-party security tools to continuously scan for vulnerabilities. Additionally, we conduct regular internal scans on our infrastructure, containers, and systems. Discovered issues are tracked until remediated.
User & endpoint security
Onna’s endpoints are protected with next-generation EDR and MDM technologies to protect against cyber threats and to ensure systems are controlled and secured. All employees complete Security and Awareness training at hire and annually.
We are committed to maintaining the highest security and compliance standards
To access a copy of the SOC 2 report, please click here:
Policies
Onna adheres to Reveal's SaaS Terms of Service. Click here to review.
Our Privacy Policy discloses the ways that Onna uses, discloses, and manages individual’s data when they interact with our website or use the Onna Service. To learn more, click here.
For a full comprehensive review of all security and compliance measures, visit the Reveal Trust Center.
All Your Collaboration Data on One Secure Platform
Onna gives you complete visibility and control of your data while protecting your most sensitive information and eliminating the risk of spoliation