Skip to main content

Data Security

General

Txture aims at a high security level of its software product. This ambition is reflected in our ISO/IEC 27001:2013 certification, which demand high information security standards.

Among the quality and security efforts in our software engineering process are:

  • Code review by at least two other developers
  • Static code analysis
  • 6000+ unit tests
  • Yearly third-party penetration tests
  • Bi-monthly all-hands testing week

Statistics and Error Reporting

To help the development of Txture, Txture automatically transmits stacktraces of critical errors and usage statistics to Txture. While activated by default, the corresponding settings can be made in txture.properties or via the System Configuration:

txture.reportErrors=true|false
txture.reportUserUsage=true|false
txture.statistics.report.enabled=true|false

The first setting txture.reportErrors sends stacktraces to sentry.io, our application performance monitoring, after scrubbing any sensitive data. We use this information to fix bugs that occur in production.

Additionally, we optionally use mixpanel.com to track usage data such as how many reports of a type have been generated, how many dashboards are used and whether conditional styling is applied.

Statistics reporting (with the setting txture.statistics.report.enabled) reports health properties of the server such as remaining disk space or memory pressure to a service operated by Txture. This allows us to help our customers with their on-premise instance and avoid problems before they occur.

Certain functionality, such as using the Cloud Transformation Cockpit or the interactive documentation search requires the use of our API. Connections to our API always use the same host api.txture.io and are encrypted using HTTPS on port 443. Depending on the local system, typically a HTTPS connection with TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 as TLS settings and ECDH secp256r1 for key exchange is used. These settings will be kept up to modern standards as they see more widespread availability.

Data Security of the Transformation Cockpit

Txture creates Cloud Proposals for application deployments and reports on the Cloud Readiness of application in the Transformation Cockpit. This requires an encrypted connection to the Txture API. This page provides an overview of the transmitted data. One API call is made for Cloud Proposals and Cloud Readiness calculation per application on each update of an application.

Data transferred to the Txture API

The following information in JSON format is transferred to the Txture API:

  • Start, end time, and random ID of the request
  • The assets of the application stack with the following limitations:
    • Only the assets' properties and links that are marked with the blue cloud symbol.
    • Information that allows identification of the customer deployment is excluded, e.g. asset name or description.
  • Target Architecture Preferences
  • Version of the Txture instance

If you need more information about the data transmitted before making a decision, please do not hesitate to contact our support.

Regional Cloud Deployments

If you have specific requirements as to where all data is kept and processed, Txture also offers the possibility to deploy its entire processing microservice infrastructure within a Google Cloud Platform region of your choice. This enables you to, for example, ensure that all data used within Txture is not sent out of a single country. The address of the API gateway that forwards any traffic (as detailed above) is changed in this case as it no longer refers to Txture's default API gateway (api.txture.io), which is hosted in the EU. All data security measures as detailed above are still in place within the chosen region. Should you require this kind of regional deployment, or if you have any further questions regarding data security in this case, please contact our support.