Security

KMD A/S complies with the ISO 27001 security standards in its cloud solutions, including WorkZone Cloud Edition, and requires all sub-contractors and vendors to also comply to these security standards.

Security and privacy in WorkZone Cloud Edition is based on the security and privacy features of external cloud vendors and the correct configuration of security and privacy features in WorkZone.

KMD ensures that any cloud partners prioritize security and privacy highly and invest extensively in systems, processes, and personnel to reduce the likelihood of security breaches and personal data loss. This helps provide a high level of security to WorkZone Cloud users and their data.

All basic platform and database security is managed by KMD using inherent features for security and integrity of the physical data centers and hardware as well as managing all internet-based security and security features for database security and integrity.

WorkZone Cloud Edition

Security and privacy management within WorkZone Cloud Edition mirrors on-premises WorkZone installations and conforms to all current security best practices, with whitelisting access (access is limited to predefined users only) and using least privileged access (granting access rights at the lowest possible level required to perform the action) as an integral part of the core WorkZone security policies.

An on-premises WorkZone installation utilizes Microsoft Active Directory as the basis for user creation and rights management and likewise the WorkZone Cloud uses Microsoft Entra ID to manage users and groups in an Azure environment. In fact, when migrating from an on-premises WorkZone installation to a WorkZone cloud installation, users are mapped from the on-premises Microsoft Active Directory to the Microsoft Entra ID, ensuring already established WorkZone users, organizational units, and user groups are migrated with correctly defined rights and privileges to the cloud.

Data at rest and data at transit

WorkZone data at rest is encrypted using Oracle Transparent Data Encryption (TDE). WorkZone uses Oracle Autonomous Transaction Processing (ATP). For more information, please see the Security and Authentication in Oracle Autonomous Database in the Oracle documentation.

WorkZone data at transit is encrypted using Transport Layer Security (TLS). See WorkZone Cloud Edition support matrix.

Security audits and testing

KMD performs regular security tests to detect and resolve potential risks and security breaches. Both automated and manual security tests are part of KMD WorkZone's delivery pipeline. Regular pen tests are done on WorkZone. Automated scanning is performed on WorkZone’s Cloud infrastructure and relevant actions are taken.

Customer data

KMD cloud vendors do not have access to customer data during normal operations or maintenance of the WorkZone Cloud Edition installations. Only KMD cloud personnel that have been granted access rights to the customer environment can have access to customer data, for example in the capacity of consultancy work or ordinary maintenance for the customer.
Operator actions

Actions performed on the WorkZone Cloud environment by cloud operators (KMD operations staff and others) are monitored and logged. Actions can include operator access requests and grants, operator-submitted reasons for the access request, and all actions performed or attempted by the operator. The log can be extracted upon customer request for test, control, and auditing purposes.

Actions performed on the WorkZone Cloud Edition database are logged in the WorkZone uselog and can be viewed, filtered, and displayed using standard uselog operations contained in a standard installation of WorkZone.

In addition to standard data security features and policies inherent in any WorkZone installation, WorkZone Cloud Edition can utilize many of the built-in data security features and policies of the cloud environment and database architecture.