Security and Compliance
Trillo provides enterprise class security and compliance. As described earlier, the server and model support security policies and Role-based Access Control (RBAC). The other key features are highlighted below.
- Security policies created based on the role, group, and other rules (time of the day).
- The policies can be applied to any granularity level.
- Audit log creation for each activity such API, database access, login, log out.
- Security analysis reports such as a) what all a user can access, b) who all have access to a resource.
- Audit reports.
- Data encryption.
- Credential rotation.
- Network level security using SSL/TLS.
- OAuth2 for external service access.
- Trillo services are exposed using OAuth2.
- Separation of responsibility for production and integration environment.
- SAML, LDAP, external services support for authentication /single sign-on, MFA.
- All data changes are recorded with timestamp and id of the client (user or automated).
- Code versioning (all changes are recorded in Git).