We provide a comprehensive range of security tools and services, keeping your data safe on all fronts. Host solutions on-premises, encrypt documents and data, customize access settings, and connect authentication services and manage access rights to protect yourself from unauthorized access, data leaks, and insider actions.
Compliance with data protection regulations
GDPR compliance
General Data Protection Regulation (GDPR) was adopted in order to protect end-users of software, regulating the way companies handle their information when working with EU residents. We respect our users’ right to own and control their personal data, and we created products which are fully compliant with European laws.
Therefore, ONLYOFFICE sticks to data minimalism and we let users know how data is collected, stored, and processed. ONLYOFFICE gives freedom to access, copy, delete, restrict, or move any personal data. If your organization acts as a data controller and provides ONLYOFFICE to end-customers, you get complete access to the procedures through which they can execute their legal rights related to their personal data.
HIPAA compliance
Health Insurance Portability and Accountability Act (HIPAA) requires any organization providing treatment, payment, and operations in healthcare, as well as their business associates and subcontractors who have access to any of their data assets, to protect sensitive patient data according to a set of recognized standards. ONLYOFFICE protects structured and unstructured data both at rest and in transfer, data audits, provides data integrity controls, etc., to provide the mandatory attributes defined by HIPAA and ensure that the customer organization stays fully compliant with the Act.
Self-hosting
ONLYOFFICE was designed for businesses carrying out sensitive communication and records that, if compromised, may to various extent endanger customers and internal operations. Our range of solutions keeps your services and all assigned data completely within your physical perimeter. We put hardware protection in your hands, allowing you to manually maintain stability and connectivity as your business standards demand.
We provide complete technical support for on-premise deployment and release regular software updates.
Data encryption
Encryption at rest
Breach of data at rest is one of the top digital security risks for organizations working with sensitive data within their infrastructures. To protect the data of your company and your users, you can perform Encrypt-then-MAC type of encryption (AES-256-CBC + HMAC-SHA256) of the entire body of data within the ONLYOFFICE instance. AES-256 encryption type with CipherMode.CBC symmetric algorithm is used for enciphering data on the portal, while SHA256 hashing function paired with HMAC message authentication code screening verify the integrity and authenticity of the encrypted data.
Private rooms
ONLYOFFICE Enterprise offers additional protection of confidential files with Private Rooms. It is a space where you can store, edit, and share documents in always-encrypted form. Each document is automatically encrypted with randomly generated AES-256 keys that are shared with authorized users by means of asymmetric encryption. Files that are created, stored and shared within a Private Room never leave the directory and cannot be copied, re-distributed, or decrypted. Document encryption and decryption is performed strictly on the user’s machine end-to-end.
Data protection
JWT
JSON Web Token (or JWT) protects documents from unauthorized access. This technology secures portal traffic and ensures that users cannot access more data than permitted to them, which is critical in case of external user invitation.
ONLYOFFICE editors request an encrypted signature that is contained in the token. The token is added in the configuration when Document Editor is initialized and during the exchange of commands between inner services (storage service, editing service, command service, and conversion service), therefore validating the right to perform a certain operation with the data.
HTTPS
ONLYOFFICE allows you to encrypt your traffic using HTTPS protocol, whether you already possess an SSL certificate or not. Upload the existing public keys generated on your server or on its base, or issue the new CA-signed certificate on letsencrypt.org.
Document permission management
ONLYOFFICE editors work on the client, moving most of the data load to the individual user’s browser. This approach allows you to create a flexible range of document permission types that include both full access and view-only permissions, and also permissions for exclusively commenting, reviewing or filling forms. Additionally, it is possible to restrict the downloading and printing of documents to block further distribution of content.
Authentication and portal access control
Two-factor authentication
In the age of electronic fraud and social engineering, we are all vulnerable. Protect the log-in procedure on your portal with dynamic passcodes sent via mobile text messages. The classified data stored in your cloud or server facilities can be easily accessed if your users mishandle their personal passwords. Do not risk it.
We integrated Clickatell, SMSC, and Twilio services to allow the selection of an appropriate SMS package for any team and budget.
Additionally, it is possible to enable two-factor authentication via code generation app (Google Authenticator, Authy, etc.).
Single Sign-On (SSO)
By choosing Single Sign-On over the classic authentication, you do not let us store any of your log-in data, ensuring it, instead, to one of the trusted global authentication services. ONLYOFFICE is the service provider (SP), while the third-party application acts as the Identity Provider (IdP). Providers verify user's authentication and discreetly keep credentials on their side minimizing the risk of unauthorized acquisition of this data.
Currently, we have three IdPs integrated with ONLYOFFICE to perform Single Sign-On feature: Shibboleth, OneLogin, and AD FS.
Access rights management
The threat of malicious internal action scales with business size and data classification variety, thus necessitating the differentiation of rights.
Users of your private portal can be easily grouped and hierarchized. Set access rights to portal modules and data for each user or group to protect specific data from unwanted attention and insider actions.
Authentication filtering and monitoring
A customized set-up for log-in criteria allows you to manage specific frameworks for authentication based on your knowledge and concerns. Moreover, all activities can be manually monitored and reported to reveal the potentially fraudulent or harmful behavior.
Trusted mail domains. This option allows you to manually select the mail servers that sign-up emails should belong to. Customized mail domains are also supported.
Password creation criteria. Here you can set the minimum password length and determine whether it must contain certain types of characters - capital characters, digits, or special symbols.
Cookie lifetime. An automatic log-out will be performed after a chosen period of time if this option is enabled.
IP restriction. This setting permits portal access only to chosen IPs.
Login History. With Login History you can view the whole history of successful and failed login attempts and log-offs.
Audit Trail reports track which actions were performed by each user of the portal and when.
Backup
The remote backup dislocation cuts maintenance costs and saves time by automating security procedures. Your data can be backed up both manually and automatically to the ONLYOFFICE Documents module, a storage of your choice (DropBox, Box, Google Drive, OneDrive, etc.) or a third-party service (AWS S3, Google Cloud Storage, Rackspace Cloud Storage, or Selectel Cloud Storage). Own local drive is offered as an option for temporary manual backup, if necessary.
© Copyright 2000-2023 COGITO SOFTWARE CO.,LTD. All rights reserved
