250483_Icons_10_070318

Technical Specifications

Learn more in-depth knowledge about GreyMAR

Infrastructure Security

GreyMAR’s datacenters maintain certifications with many industry standard certifications and regulatory requirements. We ensure the confidentiality and integrity of your data with industry best practices. And just like our customer support, our Security Team is on call 24/7 to respond to security alerts and events.

Physical Security & System Monitoring

Our data center facilities feature a secured perimeter with multi-level security zones, 24/7 manned security, CCTV video surveillance, multifactor identification with biometric access control, physical locks, and security breach alarms.

All Production Network systems, networked devices, and circuits are constantly monitored and logically administered by GreyMAR staff.

Application Access Security

Secure Development (SDLC)

Security Training

Engineers participate in secure code training covering OWASP Top 10 security flaws, common attack vectors, and GreyMAR security controls & protocols.

QA

Our QA department reviews and tests our code base. Several dedicated application security engineers on staff identify, test, and triage security vulnerabilities in code.

Seperate Environments

Testing and staging environments are separated physically and logically from the Production environment. No actual Service Data is used in the development or test environments.

Application Vulnerability

Dynamic Vulnerability Scanning

We employ a number of third-party, qualified security tools to continuously dynamically scan our Support and Chat applications against the OWASP Top 10 security flaws. We maintain a dedicated in-house product security team to test and work with engineering teams to remediate any discovered issues.

Static Code Analysis

The source code repositories for GreyMAR, for both our platform and mobile applications, are continuously scanned for security issues via our integrated static analysis tooling.

Product Security Features

Authentication Security

Secure Credential Storage

GreyMAR follows secure credential storage best practices by never storing passwords in human readable format, and only as the result of a secure, salted, one-way hash.

API

The GreyMAR API is SSL-only and you must be a verified user to make API requests. You can authorize against the API using either basic authentication with your username and password, or with a username and API token. OAuth authentication is also supported.

Storage Security

Methodology

GreyMAR stores all documents securely using a multitude of encryption methods. We utilize encryption-at-rest methodology that ensures documents stored on the physical file system is encrypted unless it is called by an authorized user on the application.

Double Encryption Protection

GreyMAR utilized Google Cloud Storage (GCS) for primary protection of GreyMAR services yet takes encryption to another level. All data is first encrypted by GCS handlers, then is encrypted by GreyMAR’s application. This means customer data is secured using a multitude of encryption methods and systems.

Additional product security features

Access Privileges & Roles

Access to data within GreyMAR and GreyMAR Server is governed by access rights, and can be configured to define granular access privileges. GreyMAR has various permission levels for users (Customer Administator, Facility Administrator, Nurse, etc.).

Transmission Security

All communications with GreyMAR servers are encrypted using industry standard HTTPS over public networks. This ensures that all traffic between you and GreyMAR is secure during transit. Additionally for email, our product supports Transport Layer Security (TLS), a protocol that encrypts and delivers email securely, mitigating eavesdropping and spoofing between mail servers.

Login Tracking

For added security, your GreyMAR instance tracks the users signing into GreyMAR. When someone signs into an account, it is added to the audit log in that Audit Log module.

Transmission Security

GreyMAR is built to uphold HIPAA compliance requirements and ensure the security of data traveling between computing systems. Our software was written with industry best practices in mind, along with additional safeguards to ensure there is no compromise at any point traveling between GreyMAR’s web services to your facility.

EHR Provider to GreyMAR

GreyMAR connects via secure channels to EHR providers, using a plethora of secure methods. GreyMAR uses the highest security protocol available by the EHR provider.

GreyMAR Cloud to You

The local GreyMAR Server reaches out securely over GreyMAR API to the GreyMAR Cloud, requesting file transfer securely using a limited tokenized download system. Files are first packaged, encrypted using a non-relative key, then sent over a secured channel to the local device.

HTTP Strict Transport Security

HTTP Strict Transport Security (HSTS, RFC 6797) is a header which allows GreyMAR to specify and enforce security policy in client web browsers. This policy enforcement protects secure websites from downgrade attacks, SSL stripping, and cookie hijacking. GreyMAR fully supports HSTS protocols.

Transport Layer Security + 0-RTT

We employ the latest version of transport layer security (TLS) 1.3 and 0-RTT. It allows the client’s first request to be sent before the TLS connection is fully established, resulting in faster connection times.

Transport Layer Security Requirement

We enforce strong cryptographic standards where we require strong cryptography by requiring visitors browsers to employ the latest Transport Layer Security (TLS) protocol version.

Threat Mitigation

GreyMAR employs a multi-layered hybrid firewall system that protects GreyMAR’s core services from Distributed Denial of Service attacks, Denial of Service attacks, and many other threats.

Edge + Origin Protection

GreyMAR utilizes Edge and Original certificate techniques to prevent man-in-the-middle (MIM) attacks between nodes and customer browsers. This enhances security between GreyMAR and the customer.

Origin Ghosting

The GreyMAR Origin servers are employ Ghosting mechanisms to ensure attackers cannot see server locations, IPs, or information related to the GreyMAR service. This is handled by a multitude of the commercials vendors and firewall technologies in-place.

Learn about our infrastructure