Privacy safety concept visualized by a virtual screen with many lines of letters and numbers on it and a lightened golden and open lock.

Data Security at Engity

Your Customers' Data is Secure with Engity

Engity's security team carefully and regularly considers our security strategy to best protect your and your customers' data. As part of this exercise, our security specialists monitor current security vulnerabilities and if any formerly considered secure protocols and encryption mechanisms are compromised.

Consequently, Engity personnel acts on the before mentioned findings when protocols and mechanisms are selected. This can mean that support for older devices and software is deprecated from time to time and can no longer be guaranteed. Engity emphasizes the highest possible level of security for everyone. Accordingly, it is necessary to abandon outdated software like the Internet Explorer. The steadily decreasing number of users and the discontinued support by its vendor Microsoft justifies this decision. Finally, it dramatically increases the security for the majority of users.

Honeycomb showing different security symbols, e.g. locked computer, camera, protected smartphone, fingerprint and security keywords, e.g. penetration tests, audits, automated tests, encryption, protocols.
For a GDPR-compliant and secure IT landscape: Use Engity's Identity and Access Management.

  1. We are your data security specialists; you don't need your own ones.
  2. We keep everything continuously updated. You don't have to be afraid to miss out on relevant updates or act too late.
  3. Operations on our system are continuously monitored. As a result, suspicious actions are detected and averted quickly.
  4. We regularly hire external security consultants to question our approaches and challenge our security architecture.
Used protocols

The Security of your Data Starts with the Right Protocols


Our systems understand and use the industry standards in authorization and authentication.

    OpenID Connect

    OpenID Connect is the de facto standard of modern applications nowadays in the field of user identity management. The user and sessions get authenticated by an authorization server and the client receives the needed end-user profile and session information using this basic identity layer. The OpenID Connect protocol is very well supported by all currently used languages and frameworks no matter if mobile, web-based, or JavaScript clients. It will enable you:

    1. To easily enable your application with just minimal efforts. Working with Engity reduces the risk of security issues while implementing.
    2. Connect your applications transparently to many other services globally, such as Google, Apple, Facebook, and any other OpenID supporting provider.
    Authentication and Authorization standard for Engity's IAM solution is represented by icons on an electronic circuit board.

    Security Assertion Markup Language (SAML)

    SAML is the way to connect your application to enterprise applications if they do not speak OpenID Connect already. SAML is an extra security layer that offers more seamless authentication. With single-sign-on, you can get access to all your applications in a simpler way and with a much more secure login. Just one of the many benefits of using SAML.
    Several icons with locks are connected in a network can be interpreted as a security layer for authentication and authorization within an IAM platform.

    JSON Web Tokens (JSON)

    Sometimes trust is simple. In the case of Engity, we're using JWT to provide that trust to you. JSON Web Tokens are an open standard to share security information with a server and client. They include encoded JSON, which has information like your e-mail and password. The tokens are digitally signed using cryptography to make sure no one can read them without permission.

    While authenticating a user to your application, the server validates if signed Engity tokens were used instead of asking our APIs.

    Shared information are symbolized by a planet element distributing over a global communication network.
    Our Security Mechanisms

    State-of-the-Art Encryption Mechanisms to Protect your Data


    To ensure that our platform is always up to date, we are an active part of the open-source community and best practice groups for engineering and security. Our engagement helps us be aware of the latest industry standards in data security. Ultimately, our software is written with the latest software-development techniques, adapts to the latest standards, and allows us continuously keep our system up to date.

    Regular (Automated) Penetration Testing & Audits

    We aim to build great and secure software. Even though we invest a great amount of time in challenging ourselves, peer-review our written code, and using automatic test routines, we believe that external testing and audits of our platform are essential to safeguard the security of Engity's Identity and Access Management solution.

    Penetration tests of external partners are the first importing security layer to check our software from an outside (hacker) perspective. Our outside partners try to initiate external attacks against our infrastructure and try breaking into our systems like mean hackers would do it. They aim to simulate hackers who manipulate or steal data after obtaining unauthorized access to other persons' accounts.

    Other attack vectors try to take down our systems using Denial-of-service at-tacks (DDoS). Finally, our external partners consult us with their findings and help us improve and harden our system. As part of that, we automate common approaches wherever possible.

    Summarized, our internal security specialists constantly work together with external security experts to ensure the best possible and most secure solution for our customers. It is a continuous process, restarting with every new product release and feature planning.

    Questions about Data Security at Engity?

    We want to make sure that no question stays unanswered before you start using our Platform as a Service.
    Contact Us Call Us