Security is at the core of Appendium Portfolio.
The security login is handled by standard libraries and all communications between the client and server can be encrypted at 256 bits. The passwords are stored encrypted in the database ensuring that even a theft of such data would be useless.
For extra security, Appendium Portfolio is also able to use a dual-authentication mechanism whereby the combination of the password and a changing PIN number supplied by a secure token, is required to login. A compromised password, even with the user id, would therefore not be a security risk.
Appendium Portfolio stores the user information and roles in its database, it is also able to use an LDAP server (such as Active Directory from Microsoft) in order to facilitate single-logon in a large organization.
Appendium Portfolio uses a role-based security model for authorization; this is checked at both the client via dynamic menus for better UI experience and the server, to enforce security.
On top of the role-based security, Appendium Portfolio enforces a state-driven security model, ensuring that certain fields on trades are not modified when they should not be. This check is performed at both the GUI by disabling such fields but also on the server to properly enforce it.
Appendium provides a field-by-field audit log of all changes to reference and transaction data.
Appendium also records and monitors the actions by users providing an audit sufficient for the highest level of Compliance. This audit is visible via the GUI. Finally, each changed entity is automatically assigned a version number in order to detect and reject any problematic concurrent modification.
Depolyment of the graphical user interface (GUI) across the Internet is possible and the application is both obfusacted and signed to improve security. Furthermore, some code analysis tools are used as part of our automated build process to detect security issues in the code.
The data is segregated by Client at the lowest level (Hibernate and database) ensuring that Clients can only see their data.