About PathPresenter’s robust and secure enterprise platform

PathPresenter is an enterprise workflow platform that runs on Microsoft Azure Cloud, ensuring the very best in imaging performance and data integrity, with ability to operate in a hybrid data environment. With 100,000+ hours of real world use, our platform is monitored 24/7 by industry-leading security and compliance vendor, Vanta, for HIPAA compliance. PathPresenter security is routinely assessed and validated by our partners, where our security model builds upon many proven technologies to ensure the protection of your data.

Application/Infrastructure Security: 
PathPresenter application portal is deployed and hosted in an Azure Virtual Scale-Set with a load balancer defining inbound NAT rules where core-services are running within the Application Gateway with centralized SSL offload and SSL Policies. Network Security Groups then enable PathPresenter to filter traffic to and from Azure resources in an Azure virtual network using security rules. 

Authentication/Authorization:
PathPresenter supports both Bearer Token-based authentication, a HTTPs Basic authentication mechanism that makes use of cryptic strings that are generated by the server during a login request as well as single-sign on  SSO (Tenant-specific SSO integration) through SAML to centralize User Management related activities at the Tenant level. Authorization is then provided Role Based Access Control (RBAC) to authorize access to platform services & resources through a list of predefined roles and permission.

Encryption/Decryption:
PathPresenter utilizes a multitude of different encryption methods to ensure the security of your data both in transmission as well as at rest. At rest, our disks are encrypted ‘Windows BitLocker’ technology and Linux ‘DM-Crypt’, Blob Storage uses 256-bit Advanced Encryption Standard (AES) encryption and our MySQL data FIPS 140-2 validated cryptographic module. In transit all the HTTPS communications are secured through TLS1.2/TLS1.3 encryption in conjunction with  short life SAS (Shared Access Signature) tokens to access certain services.