Data Security

Security of data is a core design requirement of the useMango™ system. The two key aspects of data security that are planned for in the design of useMango™ are

  • security from unauthorized access or theft
  • security from loss - either accidentally or through system failure

The main features of useMango™ that provide data security are:

User identity control

Users of the useMango™ system must be authenticated before any access is granted. Authentication is achieved by providing a secure password along with a user email address. An email address and password together form the basis of establishing the identity of a user. Authentication requests are required to be made over the TLS protocol 1.0 or later, and all identity information is encrypted whilst stored in the identity service.

Authorization control

All access to useMango™ services must be made through HTTPS network end points. All requests to system end points must be made over the TLS protocol 1.0 or later. Every request is inspected using the industry standard OAuth 2.0 authorization protocol and requests are granted or denied accordingly.

Data Encryption

All network traffic between client machines and useMango™ services is encrypted using HTTPS TLS security.

All system data that is written to disk for storage is written in an encrypted format using the 256-bit Advanced Encryption Standard (AES-256).

Multi-site storage

All system data is replicated six ways across three data centres in separate locations that are isolated from failures in the others.

Data Backup

All primary system data stored by useMango™ services is continuously backed up to a separate storage area. In addition, full snapshots of the data are created on a daily basis and are retained for 31 days.

Secret Data

Secret Data Variables are a specialized type of variables within the useMango™ application that store sensitive text data while concealing the display of that data from users. One of the use cases of Secret Data Variables is to securely hold passwords that are necessary for testing purposes but should remain hidden from useMango™ users. Secret Data Variables are designed to provide a secure method of storing sensitive information, such as passwords, without exposing them to end-users.

All Secret Data Variables are encrypted using 256-bit Advanced Encryption Standard (AES) encryption, ensuring an additional layer of security for the stored data. When utilizing Secret Data Variables within standard components of useMango™, the actual values of these variables are not revealed in the user interface. This ensures that sensitive information remains hidden from users, maintaining data confidentiality.

Although the data in the Secret Data variable is secure in useMango™, some websites have the functionality to reveal the password from a password field. If a Secret Data variable’s value is used in such a password field, the secret value can be revealed.