At Inspirometer, we place the highest value on the security of your data. We are trusted by large organisations such as Microsoft and Siemens to handle data on their behalf. Our data is hosted on Microsoft Azure and protected by their excellent security arrangements. All data transfers use secure socket layer technology. Our data security policy is available for inspection on request.
One specific area of popular concern is the inclusion of firstname.lastname@example.org in meeting invitations, and the security of those invitations (and the data they contain) within the Inspirometer system. There are two aspects in regard to this:
- Privacy in respect of those people within your own organisation whom you have granted rights to view data within the Inspirometer system
- Security from unauthorised access to your data from outside of your organisation
In respect of item 1 there are a number of means by which you can exclude private data from the Inspirometer system. These are outlined within the section on ‘in-meeting feedback’, and are covered in greater depth within our guide on privacy and confidentiality.
In respect of item 2, the following example illustrates the level of security that we put in place around these things.
The Meetings@Inspirometer.com calendar is an Exchange account held within the Microsoft Office365 environment. Office365 implements the oAuth2.0 protocol for access, the specification for which can be found here: https://tools.ietf.org/html/rfc6749.
Login via username and password has been disabled, and the account can only be accessed via an oAuth.2.0 Access token. The Access token expires every 24 hours, and can only be renewed using a “Refresh Token”. The Refresh Token is also renewed every 24 hours each time it is used to get a new Access token. These tokens a cryptographically generated and look like these examples.
When the Inspirometer system retrieves the Calendar information, it is stored in our database within the Microsoft Azure Cloud platform. The database server itself is only accessible via SSL Certificate authentication, using AES256 symmetrical public/private key encryption. Without these keys it is impossible to access the server. The MySQL Database itself also requires an SSL certificate to access the data.
Our Inspirometer servers are running within a virtual environment within the Azure Cloud platform. Please see here for the security in place for their cloud network. Governments and large multinationals trust Azure with their data, here a few of their customers:
In other words, your meeting data is more secure on our system than it is on the system and devices of any other invitee to that meeting, including yourself.