Inside The Security Features Of PublishOne

When a platform like PublishOne is the beating heart of your daily publishing activity, it becomes a business-critical asset that needs ongoing monitoring and protection. For that reason, it’s essential to have assurances around two key things: data security and business continuity – if something goes wrong. 

 

Built on the Microsoft Azure Cloud, PublishOne is a cloud-native publishing application with a ton of security features built in as standard. But the platform also has its own security measures that provide additional layers of protection for both our internal systems and our customers’ documents and data.

 

Cloud Architect, Vien Le, is responsible for the architecture and management of the PublishOne cloud system, so there’s probably no one in the organization better placed to explain its security features.  

Protected by advanced security technologies

PublishOne is 100% cloud-based, and the Microsoft Azure Cloud makes sense for many reasons. One of those is security. We leverage Microsoft Defender for Cloud – a cloud-native application protection platform (CNAPP) – to protect the app from cyber threats and vulnerabilities. 

The dashboard gives us an up-to-date security score and an overview of potential threats, which helps us to identify potential risks, and take mitigating actions to resolve vulnerabilities before they impact services. 

Client data lives in the Microsoft Azure Cloud, so it’s securely hosted in a data center in the same region as the client. Data is always encrypted by Azure technologies. If someone attempts to download data from outside the system – even with a recognized account – it triggers an alert which is recorded in Azure.

Our DevOps monitoring tool also keeps track of service availability, so should a client environment stop working – a notification is issued within minutes. If we’re not able to resolve the issue internally (first level support) we immediately escalate the issue to Microsoft Support. In the meantime, we keep you informed until the issue is resolved. 

We also utilize GitHub Advanced Security (GHAS) – a suite of security features designed to help developers identify and fix vulnerabilities in their code. GHAS provides three key codebase security features: Code Scanning, Dependency Scanning, and Secret Scanning.

 

  • Code Scanning: Automatically scans our code for vulnerabilities and errors, providing real-time feedback to help prevent security breaches early in the development process.
  • Dependency Scanning: Checks the project’s dependencies for known vulnerabilities, ensuring third-party components are up-to-date and secure.
  • Secret Scanning: Detects hard coded secrets like API keys and passwords in our code, alerting us to secure them and prevent unauthorized access.

 

Additional layers of data security

From the client end, Multi-Factor Authentication (MFA) ensures that only the right people can access content. We only apply these security measures to our associates, who are authorized users with access to our Cloud systems and data. 

For some clients, we also support enabling MFA through Single Sign-On (SSO) with OpenID Connect (OIDC). This allows clients to securely authenticate using their existing credentials, simplifying the login process while maintaining high security standards. 

By integrating OIDC, we ensure that our clients can benefit from robust security measures without the complexity of managing multiple authentication systems. This dual approach helps safeguard both our internal operations and our clients’ data, providing comprehensive security across all access points.

Alongside that, we conduct regular permission audits to ensure that account details and permissions are correct. That applies to both PublishOne customers and our implementation partners who also have access to the system. 

An additional layer of network security ensures that access to client data is only possible through the PublishOne web app. With the network security layer, there is no direct access to client data from outside. Outside access is not permitted and data is protected via a firewall. Only authorized PublishOne associates can access this data, and they must do so with Multi-Factor Authentication (MFA) enabled from authorized locations. 

We use advanced threat detection capabilities powered by Microsoft Threat Intelligence, behavioral modeling, and machine learning to identify unusual or potentially harmful activities. When suspicious activity is detected, it generates security alerts in real-time, allowing administrators to quickly review and respond to potential security threats.

Alerts can be triggered for various suspicious activities, including data access from unusual locations or IP addresses. This feature ensures that any unauthorized or suspicious actions are promptly identified, helping to safeguard customer data from potential breaches or malicious threats.

Client data is continuously backed up so should a data center go down, the system transitions seamlessly to an identical replica of the documents and data held in another geographic location. It means documents and data stay seamlessly available to clients.

PublishOne’s internal information security management system (ISMS) complies with ISO 27001 – Information Security Management. This ensures that we have a robust system for managing the risks related to the security of data that we own or handle. We conduct regular penetration tests and weekly security meetings to review any potential vulnerabilities or look into any security questions posed by our clients. 

One of the strengths of PublishOne is its ability to integrate with a wide variety of digital tools needed for different publishing workflows. To that end, we continuously keep track of security updates to third-party components. We monitor and implement changes needed to securely support third-party integrations. That’s why we work closely and collaboratively with third-party apps to ensure we’re aligned in terms of security recommendations and requirements. 

 

Peace of mind from PublishOne

In terms of our own codebase, we continuously perform dependency scanning to ensure our code relating to third-party integrations is up-to-date. This means frequent updates to different components to ensure we’re not running legacy code which could be open to vulnerabilities.

Your organization’s PublishOne environment can handle huge volumes of documents, data, and collaborators. Whilst collaborators need just enough access to create, manage, and publish content, you also need robust security features to ensure unpublished content (or content not intended for publication) is kept safe and secure,

PublishOne comes with a suite of security features to keep your content accessible to those who need it, but safe from security threats. Learn more about the friendly publishing platform.

Discover PublishOne