Security At iiko

Security is one of the top priorities at iiko.

Security Practices

We follow industry standard practices to track and protect your information through a comprehensive controls framework. Learn why thousands of companies have chosen iiko to be their trusted provider that keep their most valuable data safe.

Read more

Compliance Certifications

Read more

Strong Data Encryption

Our Cloud services data is encrypted using Transport Layer Security (TLS). iiko's implementation of TLS uses strong ciphers and key-lengths by default.

Rigorous Security Testing

Our security testing program includes threat modeling, manual code review, automated scanning, and third-party assessments. This program is the cornerstone of security testing for each and every iiko product.

Breach Detection and Monitoring

We have a security monitoring team dedicated to detecting signs of a data breach. Our security practices are constantly evolving in order to address new types of security threats and further strengthen our detection capabilities.

View all security practices

White paper: Why security is a shared responsibility

When it comes to keeping your data secure, we are on the same side. Read what you can do to help.

Download the white paper 

Frequently Asked Questions

Is our data encrypted? How are passwords stored? Find answers to our top security questions.

Read the FAQ

Security News and Advisories

We issue advisories when security bugs are discovered so that you can take action. Learn more about when we publish security advisories and how we determine severity levels.

View all advisories 

Keep Your Server Secure

Learn how to configure security options on your own server.

This section gives guidelines on configuring security of your iiko site:

  • iikoOffice Security Overview and Advisories
  • Proxy and HTTPS setup for iikoOffice
  • Configuring Secure Administrator Sessions
  • Using Fail2Ban to limit login attempts
  • Trackback and External Referrers
  • Best Practices for Configuring iikoOffice Security
  • ...

Latest Security News

Update on Discovered Vulnerabilities

02-02-2018. In the first week of January 2018, a number of computer chip manufacturers confirmed critical vulnerabilities in their processors. Under certain circumstances, these vulnerabilities can allow an attacker to steal sensitive information, bypass security restrictions, and gain elevated privileges in client and server software.

If you are running iiko Server or Data Center products, we recommend assessing your own IT environment for risks associated with these vulnerabilities. This includes browsers, operating systems and virtual computing infrastructure. For the patches themselves, we’re aware that Intel, AWS (Amazon), and others have publicly reported mixed results surrounding performance. Due to the variety of deployment options, we cannot make predictions about the performance impact to Data Center or Server instances, but recommend you work closely with your IT staff and vendors to monitor.

We will continue to work on these issues and expect this effort to continue during the coming weeks as we learn more about the risks, and as software vendors publish their own patches and advice.

Continue Reading

iikoCloud Security Notice

24-10-2018. Our security intelligence team detected a security incident affecting a server in the iikoCloud web tier. The incident involved a vulnerability in a popular third-party library used by iikoCloud. We have found no evidence of other iiko systems or products being affected.

This incident has been resolved on 25-10-2018.

Continue Reading

Security Questions?

We are ready to answer all your questions about iiko Security.

Contact us