Security and Compliance

Trillo provides enterprise class security and compliance. As described earlier, the server and model support security policies and Role-based Access Control (RBAC). The other key features are highlighted below.

  • Security policies created based on the role, group, and other rules (time of the day).
  • The policies can be applied to any granularity level.
  • Audit log creation for each activity such API, database access, login, log out.
  • Security analysis reports such as a) what all a user can access, b) who all have access to a resource.
  • Audit reports.
  • Data encryption.
  • Credential rotation.
  • Network level security using SSL/TLS.
  • OAuth2 for external service access.
  • Trillo services are exposed using OAuth2.
  • Separation of responsibility for production and integration environment.
  • SAML, LDAP, external services support for authentication /single sign-on, MFA.
  • All data changes are recorded with timestamp and id of the client (user or automated).
  • Code versioning (all changes are recorded in Git).