are at core of ORKO’s architecture and infrastructure
ORKO takes a very proactive approach towards protecting your data by building top level physical security of 4 tier data centers spread across multiple geographical locations and end to end data encryption that keeps the privacy of your data at the highest levels.
Try it. It is free. No strings attached.
Your data is totally end-to-end encrypted.
Encryption at rest.
All data that is stored by ORKO is encrypted at the storage layer with a 256-bit Advanced Encryption Standard (AES) algorithm. The AES 256 key has the highest mathematical equivalent of 2256 combinations, which ensures your data is completely secure at rest.
Encryption in transit.
The data that you create and share on ORKO moves between devices, ORKO services, and our data center partners. This data in transit is always protected, encrypted, and authenticated by Hypertext Transfer Protocol Secure (HTTPS) and Transport Layer Security (TLS). ORKO ensures that your data is not tampered with and is always authenticated.
ORKO adheres to the
ORKO’s network architecture is built according to the Secure Access Service Edge (SASE) framework. ORKO adheres to all the core capabilities and components required for a SASE framework.
Secure Web Gateways (SWG):
Ideal for remote worksforces, SWG prevents and shields users from cyber threats and data breaches by filtering unwanted content from web traffic, blocking unauthorized user behavior and enforcing company security policies.
Cloud Access Security Broker (CASB):
CASB prevents data leaks and performs several security functions, including revealing shadow IT - unauthorized corporate systems, securing confidential data through access control and data loss prevention (DLP), and ensuring compliance with data privacy regulations.
Fire Wall As A Service (FWaaS):
FWaaS eradicates the requirement of physical firewall devices with cloud firewall that delivers next generation firewall capabilities that enables - URL filtering, advanced threat prevention, intrusion prevention systems (IPS) and DNS security.
Zero Trust Network Access (ZTNA)
ZTNA enables a svery secure access to remote users. It locks down internal resources from public view and helps defend against potential data breaches by requiring real-time verification of every user and device to every protected application. ORKO uses real time OTP verification of email ids and mobile numbers to grant access to its users.
ORKO® comes packed with features that caters to all types of organizations.
For maintenance and support services related to the services, we may process our customers’ personnel names, email addresses, account names, and a list of their privileges (being the basic information we need to validate that that person is who they say they are when raising a support ticket.
To provide customer support, we may also need to access logs. By default, we do not access any personal data other than the above.
Suppose, if we are required to access any additional customer data, for example, to provide support services. In that case, a controlled process is in place to obtain temporary access, which includes obtaining approval from the customer's service admin on a case-by-case basis. We would not access privileged session recordings or customer passwords (for example) without first going through this approval process.
In addition, ORKO acts as a Data Controller for data that it processes for its own purposes, such as data about our own internal employees, and marketing data related to our prospective customers. This is outside the scope of purchases made by customers and is processed independently of any data processed as part of the provision of our services.
In a scenario where the customer requires integration with cloud services for use by remote vendors, some information (vendor's username, first and last name, phone number, email, company and ORKO’s Remote Access vendor group) is briefly transferred to a management system in the Indian datacenter solely in order to provision the user in the customer's ORKO Cloud tenant in the datacenter where the tenant is stored. Once the user has been provisioned, the management system deletes this data.
The service is hosted in premier Tier IV data center facilities that are highly secure, fully redundant, and certified for SOC-2 and ISO 27001 compliance.
In order to provide a global service, we do share data required to provide 24x7 Maintenance and Support with our regional offices and some of our sub-processors. This data will not include privileged session recordings and passwords.
With regard to the additional data (passwords and/ or recordings, where in exceptional circumstances access to these is required), the process for gaining access to these is as described below. This “breakglass” procedure is only triggered when necessary in order to assist the customer, and with the customer’s approval:
In order to initiate the process, the ORKO engineer will need to extract a key from a centralized, encrypted location. The key is stored in a safe on ORKO’s corporate Vault. The key retrieval process can only be performed by the engineering team that owns ORKO’s cloud production. They are the only ORKO team members who are able to request approval to access the key. The extraction attempt automatically triggers a request for manager approval. Manager approval will only be given with explicit approval from the customer on a case-by-case basis. Once this approval has been given, the key extraction will automatically send a notification to all the team members. This creates high visibility for the activity. The key can then be used to grant access to the relevant customer data. Once the activity is done, the engineer immediately removes the ORKO user’s access to the data.