Introduction
Discover some of Orchestrate's most commonly asked questions.
In this article
Summary
Data Diagram
The diagram shows the data flow and where sensitive data is stored.
Compliance and Notifications
Is Amino compliant with GDPR, CCPA, and PCI?
- Yes. Amino is compliant with GDPR.
Does Amino notify customers about potential future downtime?
- Customers are notified of planned downtime at least two weeks in advance.
Data Handling and Security
Does Orchestrate process or store any data?
- Orchestrate manages Amino H200 devices, handling settings and performance data, but does not process or store Personally Identifiable Information (PII).
Device serial numbers and MAC addresses are used for identification. All data transmission is secured using mTLS and HTTPS.
Can Orchestrate APIs and the User Interface handle data entry?
- Yes.
- The Orchestrate API is secured by mTLS.
- The web UI uses password authentication or Single Sign-On (SSO).
- Amino's Terms and Conditions prohibit entering PII into free text fields. All data transmission is secured via HTTPS.
Access Controls
Does Orchestrate support SSO (SAML 2.0)?
-
Yes, Orchestrate supports SAML 2.0-based SSO.
Which identity providers are compatible?
-
-
Providers include Microsoft ADFS, Microsoft Azure, Okta, and Cisco Duo Security.
-
Is there an extra fee for SSO implementation?
- No. SSO is included in the Orchestrate Premium tier service.
Does the application enforce strong password requirements?
- Yes. Passwords must include uppercase and lowercase letters and at least one digit or non-alphabetic character.
Does Amino follow the principle of least privilege and enforce separation of duties?
- Yes.
Are there high-privilege or administrator accounts?
- Yes.
Does Orchestrate have Role-Based Access Control (RBAC)?
- Yes.
What user roles are available, and how many users are assigned to each?
- Yes, Orchestrate uses RBAC.
- Features include system management, device management, troubleshooting, and analytics.
- User roles include system administrator, administrator, technical user, and regular user.
How are role authorizations managed?
- Permissions are assigned to roles, which administrators can manage through the web UI.
Data Security
What encryption methods are used?
- Data in transit: HTTPS, TLS.
- Data at rest: AES-256.
Is sensitive data encrypted during network transfer within the Amino network?
- Yes.
What integrations and measures ensure secure access to Orchestrate?
- Specific IPs and ports must be allowed through firewalls. Access is restricted to trusted sources. Details are available here.
Does Orchestrate ensure data integrity?
- Yes.
Can Amino administrators access sensitive data?
- Administrators may access accounts for support and troubleshooting, but PII is not stored.
What data loss prevention measures are in place?
- Data replication and daily backups are retained for seven days.
What happens to decommissioned devices and deleted data?
- Devices are securely wiped per NIST 800-88 guidelines. Deleted data is permanently removed except for backup snapshots.
Does Amino use third-party hosting services?
- Yes, Amino uses AWS and Google Cloud.
What types of backups are performed?
- Full backups are performed daily and securely stored in the AWS EU region.
How does Amino ensure system availability?
- High availability is maintained through multi-instance deployment, monitoring, and automatic failover.
Infrastructure
Does Amino operate on a multi-tenant infrastructure?
- Yes, with logical separation of customer data.
How does Amino ensure data isolation?
- Data is tagged with unique identifiers and filtered at the application layer to prevent unauthorized access.
Where is Orchestrate's data stored?
- Data is stored in the AWS EMEA region.
Does Amino use secure configurations and regular system hardening?
- Yes, cloud security settings are regularly reviewed, and monthly security scans are conducted.
Does Amino maintain a software inventory and patch management?
- Yes.
What network security controls are used?
- Web Application Firewall (WAF) features include rate limiting.
Logging and Monitoring
What logs does Orchestrate provide?
- User activity audit logs are accessible to administrators via the UI. System logs are restricted to support and engineering teams.
Is IT staff activity logged when accessing customer accounts?
- Yes, and customers can access these logs via the UI.
Where are logs stored?
- Logs are stored in the AWS EMEA region, secured through RBAC and file permissions.
Incident Response
Does Amino have a dedicated security team?
- Yes, overseen by a Security Committee composed of IT and executive members.
Has Orchestrate experienced any security breaches?
- No.
How does Amino monitor for security incidents?
- Regular reviews of access logs and database activity, along with periodic vulnerability scans.
What is Amino's incident response plan?
- The plan includes containment, investigation, notification, remediation, and post-incident reviews.
How often are vulnerability scans performed?
- Scans are conducted monthly using automated tools.
What is the patching timeframe for vulnerabilities?
- The timeframe varies based on the nature and severity of the vulnerability.