Micromine Nexus Application and Operational Security

Micromine Nexus (Nexus) is a cloud-based Software as a Service (SaaS) solution developed by Micromine Australia Pty Ltd. Micromine hosts the software solution for its customers on the Microsoft® Azure cloud computing platform.

Nexus has been designed and developed following standard industry cybersecurity practices for cloud-hosted software systems; elevating the application and operational security of the solution to be the main priority for the Nexus product development team.

In addition to internal focus on cybersecurity for Nexus, Micromine commissions an annual independent third-party cybersecurity audit of the whole Nexus platform - including security architecture review, application penetration test and secure code review. For each annual cybersecurity audit, Micromine commissions a different auditor to get a fresh point of view. The auditors refer to the ISO 27001 Information Systems Acquisition and CIS Microsoft Azure Foundations Benchmark v1.4 standards as baselines for best practices.

Password Policies

Nexus password policy can be configured to meet desired complexity requirements such as minimum length and expiration policies. In addition, Nexus implements password leak tests and warns users if a password was found in the Pwned Password list.

The Pwned Passwords database is an Internet-based shared resource containing hundreds of millions of real-world passwords previously exposed in data breaches. This exposure makes them unsuitable for ongoing use, as they're at much greater risk of being used to take over other accounts.

Multi-Factor Authentication

User access to Nexus can be secured through Microsoft® Azure AD-facilitated multi-factor authentication (MFA). MFA requires that, in addition to a username and password, the user’s account can be configured with an additional protection where the user must provide a verification code. The verification code can be obtained from an authenticator application, or a message sent to a mobile phone.

Role-Level Access

Nexus users can be assigned roles with specific permissions and restrictions. Nexus provides three user roles: Admin, User and Guest that can be assigned a combination of these permissions: READ, WRITE, DELETE and MANAGE. See Permissions.

User permissions can be applied at any Nexus entity level, with the following Nexus entities available: Workspaces, Projects, Folders and Files.

Nexus maintains a complete audit trail, tracking transactions by user login.

Secure Storage

Nexus is a multi-tenant SaaS platform. In the Nexus context, Tenant corresponds to a company (Micromine client) using the Nexus SaaS platform.

Multiple Nexus tenants share Microsoft® Azure infrastructure for storage and computational services. The Nexus design ensures that Nexus tenants do not share database nor Azure storage service. Every tenant’s data is isolated in a separate one-tenant-only Azure Blob storage and a separate one-tenant-only Azure-hosted relational database. Nexus never stores tenants’ data in a shared database or shared Azure Blob storage. In addition, a separate per-tenant instance of Nexus is available for Enterprise Nexus subscription level.

Data Transport and Storage Encryption

Nexus utilises a technique known as server-side encryption (SSE) provided by the Microsoft® Azure host platform. Azure Blob Storage SSE service encrypts data before storing it. The encryption keys are managed by the Azure platform, supporting AES256 and AES128 algorithms.

Since each tenant’s data is held under a separate storage account, the encryption keys are unique, on a per-tenant basis.

Nexus data transported between the user’s computer and Nexus on Azure is encrypted using a technique referred to as transport-level encryption. The transport-level encryption uses Secure Sockets Layer (SSL) or Transport Layer Security (TLS) to encrypt data in transit between the client application and the Nexus data storage service.

Continuous Monitoring

Micromine utilises Microsoft® Azure platform services for continuous monitoring of the Nexus SaaS platform.

Several continuous Nexus health, performance, and security monitoring services are utilised by Micromine on the Azure platform:

  • Azure Monitor: Azure Monitor provides a centralised location to monitor and analyse metrics and logs from Azure Blob Storage. Azure Monitor is used to track performance metrics such as request latency and throughput, and to monitor for security threats and anomalies in your blob storage environment.

  • Azure Blob Storage Analytics: Azure Blob Storage Analytics provides a set of metrics and logs that you can use to monitor the usage and performance of your blob storage resources. Blob Storage Analytics is used to track metrics such as the number of requests, the amount of data transferred, and the availability of your blob storage resources.

  • Azure Storage Service Health: Azure Storage Service Health provides real-time status updates for Azure Blob Storage, including information about service disruptions, planned maintenance, and other issues that may affect the availability of your blob storage resources.

  • Azure Security Center: Azure Security Center provides continuous monitoring and threat detection for Azure Blob Storage. Azure Security Center is used to detect and respond to security threats, such as unauthorised access or data exfiltration, in your blob storage environment.

Dedicated Service and Security Monitoring Team

Micromine Australia Pty Ltd is a Microsoft® Gold Partner company. Micromine teams with another Microsoft® Gold Partner company, Satalyst (a Canon Business Services company), for extended monitoring of the Nexus Azure platform. The monitoring service includes continuous Nexus cybersecurity monitoring and threat protection. In addition to the continuous monitoring, Micromine commissions Satalyst to perform an annual audit and test of Nexus' disaster recovery procedure.