Security At iiko
Security is one of the top priorities at iiko.
We follow industry standard practices to track and protect your information through a comprehensive controls framework. Learn why thousands of companies have chosen iiko to be their trusted provider that keep their most valuable data safe.
Strong Data Encryption
Our Cloud services data is encrypted using Transport Layer Security (TLS). iiko's implementation of TLS uses strong ciphers and key-lengths by default.
Rigorous Security Testing
Our security testing program includes threat modeling, manual code review, automated scanning, and third-party assessments. This program is the cornerstone of security testing for each and every iiko product.
Breach Detection and Monitoring
We have a security monitoring team dedicated to detecting signs of a data breach. Our security practices are constantly evolving in order to address new types of security threats and further strengthen our detection capabilities.
View all security practices
White paper: Why security is a shared responsibility
When it comes to keeping your data secure, we are on the same side. Read what you can do to help.
Download the white paper
Frequently Asked Questions
Is our data encrypted? How are passwords stored? Find answers to our top security questions.
Read the FAQ
Security News and Advisories
We issue advisories when security bugs are discovered so that you can take action. Learn more about when we publish security advisories and how we determine severity levels.
View all advisories
Keep Your Server Secure
Learn how to configure security options on your own server.
This section gives guidelines on configuring security of your iiko site:
- iikoOffice Security Overview and Advisories
- Proxy and HTTPS setup for iikoOffice
- Configuring Secure Administrator Sessions
- Using Fail2Ban to limit login attempts
- Trackback and External Referrers
- Best Practices for Configuring iikoOffice Security
Latest Security News
Update on Discovered Vulnerabilities
02-02-2018. In the first week of January 2018, a number of computer chip manufacturers confirmed critical vulnerabilities in their processors. Under certain circumstances, these vulnerabilities can allow an attacker to steal sensitive information, bypass security restrictions, and gain elevated privileges in client and server software.
If you are running iiko Server or Data Center products, we recommend assessing your own IT environment for risks associated with these vulnerabilities. This includes browsers, operating systems and virtual computing infrastructure. For the patches themselves, we’re aware that Intel, AWS (Amazon), and others have publicly reported mixed results surrounding performance. Due to the variety of deployment options, we cannot make predictions about the performance impact to Data Center or Server instances, but recommend you work closely with your IT staff and vendors to monitor.
We will continue to work on these issues and expect this effort to continue during the coming weeks as we learn more about the risks, and as software vendors publish their own patches and advice.
iikoCloud Security Notice
24-10-2018. Our security intelligence team detected a security incident affecting a server in the iikoCloud web tier. The incident involved a vulnerability in a popular third-party library used by iikoCloud. We have found no evidence of other iiko systems or products being affected.
This incident has been resolved on 25-10-2018.
We are ready to answer all your questions about iiko Security.