Skip to main content

Security Overview

Advanced security hardening features and single tenant options are available upon request.

Please contact your account manager or [email protected] if you have any questions.

Introduction

Braided Meetings is an innovative new meeting tool. It is the world’s first ever meeting tool that provides a real-time, synchronous, neuro-inclusive environment allowing everybody in a team to contribute equally. 

Braided Meetings was invented and designed by the team at Braided Communications Ltd. It evolved from a tool they had previously developed called Space Braiding. That tool was designed to help astronauts on future deep space missions to the Moon and Mars retain effective communication with Earth. 

Technical Development

Having designed the product, Braided Communications appointed specialist software development house Bad Dinosaur Ltd to build the product. Based in Edinburgh the company has earned an excellent reputation in its 10 year history. Bad Dinosaur created and maintains the Braided Meetings tool on behalf of Braided Communications Ltd.

Microsoft Azure

Braided is hosted at ‘UK South’ within the Microsoft Azure cloud environment, which provides comprehensive, multi-layered security. Additional locations are available upon request.
The security environment of Azure is described here.

With an eBook containing more detail available here.

Key features of the Azure security environment include:

  • All VM instances and runtime software are regularly updated to address newly discovered vulnerabilities
  • Communication of secrets (such as connection strings) between the application and other resources (such as SQL Database) remain within Azure and do not cross any network boundaries
  • All secrets are encrypted when stored
  • All communication over the App Service connectivity features, such as hybrid connection, is encrypted.
  • All connections with remote management tools (for example Azure PowerShell, Azure CLI, Azure SDKs, REST APIs) are all encrypted
  • 24-hour threat management protects the infrastructure and platform against malware, distributed denial-of-service (DDoS), man-in-the-middle (MITM), and other threats.

Within the Azure cloud environment Braided Meetings uses the following resources: 

  • App Service
  • SQL Server
  • SQL Database

Azure App Service

This is where the web application itself is hosted. The App Service is a fully managed Platform as a Service (PaaS) environment. This means that the cloud provider, Microsoft, is responsible for all physical security and for maintaining and upgrading relevant software and hardware. This is described in detail here.

Encryption in transit: The App Service is configured to use SSL/TLS v1.2 encryption, the current industry standard. This means that all requests to and responses from the web app are encrypted.

Azure SQL Server and Database

The SQL services are also managed PaaS environments, which means that Microsoft is responsible for database management functions such as upgrading, patching, monitoring and backups. 

Encryption at rest: The database, database backups and logs are encrypted at rest with Transparent Data Encryption (TDE) using a service-managed key.

The database backup policy applied is:

  • Full backups every week
  • Differential backups every 24 hours
  • Transaction log backups approximately every 10 minutes
  • Storage redundancy
    • Configured to use geo-redundant storage (GRS), which copies backups synchronously three times within a single physical location in the primary region by using LRS. Furthermore, the data is then copied asynchronously three times to a secondary region, which is paired to the primary region. In the event of an outage, the backups can be restored from the secondary region.

Infrastructure Access

Access to the database server is controlled by network access rules. Public internet access is disabled and access is restricted to specific IP addresses. In addition SQL authentication, which requires a username and password, is activated.

Web Application

The web application is written in C# and the tech stack is available upon request.

User Access

End user passwords have a minimum length policy enforced of 10 characters. The maximum failed login attempts before lockout is 5 and the lockout time is 5 minutes.

User passwords are stored as a hash in the database. The .NET Framework uses PBKDF2 with HMAC-SHA1 to create the hash.

At customer request, we are able to support single sign on (SSO) via Microsoft Active Directory.

Additional Security

Over and above the security solutions inherent within the Azure cloud and process design Bad Dinosaur deploys additional security measures:

Cloudflare

Cloudflare is deployed primarily for DNS management and to speed up content delivery. It does also provide another layer of protection, especially regarding DDoS. More information is available here.

Cyber Essentials Plus

Bad Dinosaur is a Cyber Essentials Plus accredited company.