Vurke Inc. Security

At Vurke, we’ve been on a journey to strengthen our commitment to information security. We understand that safeguarding our customers’ data is paramount to delivering high-quality, reliable services. That’s why we’ve implemented robust Information Security Management Systems across our entire organization.

From our sales teams to our engineers and infrastructure experts, everyone plays a part in protecting sensitive information. We’ve carefully designed our systems to monitor critical security aspects continuously. And as a testament to our dedication, we’re proud to be ISO 27001:2013 certified.

GPA-Logo
cpp-logo-rb
ISO 27001

ERPNEXTNEXT Security

Vurke, relies on ERPNext to manage most aspects of our business, including security. We’ve chosen to host this powerful system on the robust Microsoft Azure platform, significantly enhancing our overall security posture.

While we’re confident in our system’s strength, we understand that no software is perfect. That’s why we’re committed to continuous improvement. Our team is actively searching for potential vulnerabilities within ERPNext and taking swift action to address them. We also encourage anyone who discovers a security issue to report it by emailing security@frappe.io and security@vurke.com.

At Vurke, we place the highest importance on safeguarding our users’ security. To underscore this commitment, ERPNext has a range of built-in security features that empower users to protect their accounts.

Authentication Measures

Password protection and security measures are built within the application, and users can update these from either the System Settings or User Profile pages:

  • Security measures for login:

    • OTP/2FA support.
    • Enforcing strong passwords via password policy.
    • Option to lock user login after X failed attempts.
    • Force users to reset password after X days.
    • All passwords stored in the database are encrypted and not stored in plaintext.
EPRNEXT Security
server side security

Server-Side Security

AZURE is used to host ERPNext in a closed environment which provides additional goods which allows for added security measures on the server side such as:

  • Fail2ban to automatically block to ban IPs that show malicious signs/continuous requests.
  • Additionally, WAF is used which helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web applications from attacks such as cross-site forgery, cross-site-scripting (XSS), file inclusion, and SQL injection, among others.
  • Sites/instances are encrypted with HTTPS.
  • Port access are enabled only after workflow approval.
  • Disabled RDP/SSH Access to virtual machines.
  • Microsoft Defender for Cloud helps protect Azure resources. It provides integrated security monitoring and policy management across our Azure subscriptions. Within the service, we are able to define polices not only against our Azure subscriptions, but also against Resource Groups.

  • You can visit https://azure.microsoft.com/en-us/explore/security for more.

  • You can also visit the Microsoft Security Response Center (MSRC) to report a security specific issue.

Audit Trails

Vurke implements Audit logs through a versioning feature where prior changes/versions of a document are stored. With the Track Seen option enabled, admin can see the list of users who have accessed/viewed a particular record in ERPNext.

Maintaining Backups

Data protection is paramount. That’s why we’ve established comprehensive SharePoint backup policies in alignment with our ISO 27001:2013 certification. Our default policy includes daily full backups with weekly incremental backups retained for one month. These backups are securely stored in an off-site Azure location.
SharePoint itself is a highly secure platform with robust features such as access controls, encryption, and regular security updates. When combined with our backup policies and the security measures within ERPNext, we ensure that your data is protected at multiple layers. Backups are meticulously scheduled to minimize disruptions.

To streamline our operations, we leverage ERPNext’s built-in backup features, securely storing data in Azure Storage. This integration ensures that all our files residing on SharePoint are backed up and protected, providing an additional layer of security and redundancy.

Security Vulnerabilities

We understand that no system is ever completely invulnerable. That’s why we take a layered approach to security, leveraging the strengths of ERPNext, Microsoft Azure, and Microsoft 365 Business Premium accounts. This includes utilizing robust tools like Microsoft Defender for advanced threat protection and Entra for multi-factor authentication.

While vulnerabilities can emerge, we’re committed to staying ahead of the curve. Vurke actively monitors security updates for ERPNext, Azure, and Microsoft. We closely follow ERPNext’s published list of Common Vulnerabilities and Exposures (CVEs) available on their website (https://ERPNEXTNextnext.com/security/references). As a standard practice, we perform necessary upgrades to ensure their continued security.

Similarly, Microsoft is relentless in its pursuit of security. They constantly release updates for their products, patching vulnerabilities and enhancing protection. Vurke remains vigilant in applying these updates to our systems, ensuring they are always running on the latest and most secure versions.

Through this multi-layered approach and constant vigilance, Vurke strives to provide the highest level of security for your data.

Secure by design

ERPNext incorporates several security measures to protect user data and prevent common vulnerabilities:

  • Strict User Permissions: Granular control over user access to different parts of the system.

  • Session Management:

    • Session expiry to limit unauthorized access.
    • Allow only one active session per user to prevent unauthorized logins.

  • Enhanced Authentication:

    • Disable username/password login for added security.
    • Implement brute force protection to deter unauthorized access attempts.
    • Enable two-factor authentication for stronger account protection.
    • Force logout of all sessions upon password reset to protect user accounts.

  • Data Protection:

    • Remove EXIF data from uploaded images to safeguard sensitive information.
    • Encrypted backups to protect data integrity and confidentiality.

These security measures, along with other system settings, contribute to a fortified environment.

VURKE. Your global, Business Services Solutions partner.

https://www.vurke.com/