The security of Vertec on the web

If you can access your Vertec via the Internet, everyone else can. That is why it is particularly important to pay attention to both data security and protection against unauthorized access.  

Vertec Cloud Suite

When running Vertec in a Cloud Suite, Vertec is used directly from the cloud without local server installation. Vertec operates the software in the cloud and is responsible for most of the security measures.

What Vertec Do for Cloud Suite Security

ISO 27001 Certification

Vertec has been ISO 27001 certified, the standard for information security management systems (ISMS) for more than 10 years. Compliance with the strict security requirements is monitored or recertified annually by external auditors. Regular penetration tests with external specialists proactively uncover vulnerabilities. This is an essential measure to detect and correct risks at an early stage.

Separate networks

Furthermore, the separation of the networks between the Cloud Suite and the own IT applications ensures that no security breaches can be transmitted between the two networks.

Installing updates

The regular application of updates at the operating system and application level also minimizes the attack surface of potential threats.

Operation of the infrastructure

Vertec operates the infrastructure required for operation at two ISO 27001 certified hosters, Exoscale and Hosttech in Switzerland, Germany and Austria.

Vertec creates local backups on a daily basis and saves the data for the past seven days to ensure rapid recovery in the event of data loss or disruption. Vertec also saves customer data with two external backup providers. These providers, Infomaniak in Switzerland and IONOS in Germany, are also ISO 27001 certified.

The transmission of the data as well as its storage always takes place in encrypted form. This means that unauthorized access by third parties cannot take place.

The distribution between two countries creates geographical redundancy. This allows for a more flexible response to country-specific crisis situations, such as a power shortage.

In order to ensure the continuity of business operations, the cloud Cloud Suite is monitored infrastructure around the clock and, in the event of a fault, the responsible employees are immediately notified employees about an alerting system. The current availability can be viewed at any time on our Status Page.

Additional protection mechanisms

• After 10 failed login attempts, the account will be blocked for the next 10 minutes.
• Restricted Scripting restricts scripting.  
• Access to the server file system for saving files is not possible.  
• The Vertec session process runs as a low integrity process and may not start any other subprocesses.    

This is your responsibility as a Cloud Suite customer

In addition to all the security measures Vertec provides, Cloud Suite customers should consider these things:

1. Secure passwords must be used for logins. Vertec allows you to Password Policy the password requirements to allow only strong passwords as part of the to be discontinued. To ensure that all users of a Vertec installation use a secure password, you can Force password change a password change the next time you log in.

   What is a strong password?

   The key to a strong password is its length: it is at least ten digits long, upper and lower case, numbers, and special characters. Ideally, it does not appear as a “real” word in the dictionary and does not relate to the user. For each service, a different password should be used, and password generators should be used to create it. Passwords should also never be written down or stored in plain text. Instead, password managers should be used to manage them.

2. Vertec’s internal guidelines also require the use of 2 Factor Authentication. This significantly increases security, since access is only possible after entering a second independent factor.    
3. Regular information security training and awareness-raising of our own employees.

Vertec On-Premises with Internet Access

Customers of a Vertec On-Premises installation have two options to put their Vertec on the Internet. Either they use the Webaccess service from spektra netcom ag, or they put their Vertec Cloud Server even on the Internet.

In both cases, Vertec strongly recommends addressing Password Security and 2 Factor Authentication, activating the additional protections described below, activating always the latest Vertec version.

Additional protection mechanisms

We recommend activating or not deactivating these additional protective measures:

• After 10 failed login attempts by default, the account will be locked for the next 10 minutes. The quantity of possible attempts and the time period can be configured in the [CloudServer] session in the Vertec.ini file. If nothing is specified, the default will be used. This protection can be disabled, but it is strongly discouraged.
• Restricted Scripting restricts scripting when accessing via cloud clients. This stops running Vb scripts and introduces a Sandbox for Python.
• Restricted Filesystem Access restricts access to the server file system when saving documents.
• The Restricted Session Process setting starts the session processes with limited capabilities:
  • The Vertec Session process runs as a Low Integrity process.
  • The Vertec Session process must not start any other subprocesses.

Always use the latest Vertec version

We strongly recommend that you always the current Vertec version use the latest current version, or at least install every major release.

Technology is evolving rapidly, and so is the number of people working to break down existing security hurdles. What was good and secure 2 years ago is now vulnerable. Like the encryption standards used on the Internet for transmitting data, Vertec is constantly evolving. With the latest Vertec version, your installation is always up to date.  

Vertec On-Premises Installation via your own infrastructure

In addition to the measures mentioned above, customers who place their Vertec independently on the Internet must also ensure that:

• That the Cloud Server is operated in encrypted mode with a real certificate.
• That the cypher suites and TLS versions used are current.

Vertec On-Premises Installation without Internet access

a locally operated (On-Premises) installation that is not connected to the Internet is the least common. Only in this case are older Vertec versions acceptable and passwords of less importance.