NavigatorCRE is a multi-tenant SaaS product, built for Commercial Real Estate (CRE) industry professionals to store, filter and report on their data. NavigatorCRE is built using modern web technologies and is hosted on Microsoft’s Azure infrastructure. This web application and database are stored in discrete locations and secured using industry best practices.
This overview explains the multiple security measures taken to protect your critical data:
We know that data is mission critical to the success of your business, the NavigatorCRE platform is designed to make your data simultaneously accessible and secure.
Rich Permission Model
Administrators control access to their portfolio information via the NavigatorCRE's administration interface, which allows them to add and remove users, and set individual user permissions and access rights on a per-asset basis.
Admins set one of three different permission levels for each user on a given asset: Administrator, Read-Write, Read-Only
NavigatorCRE’s underlying data schema allows for the creation of employee groups that can be used to restrict access to certain data types inside the application. Data sets are restricted to the specific teams within each corporate account.
NavigatorCRE implements many security features to protect against unauthorized access to your account:
- Navigator is build using industry standard 256 bit SSL and HTTPS encryption to ensure the security of data in transit as well as all authentication information.
- User access to the application is governed by an OAuth2 authentication scheme to encrypt each users credentials when accessing the application.
- Token based authentication is utilized to enable easy access via the “stay logged in” option from a browse. Tokens are set to expire expire every 7 days and then require the user to enter their full credentials
NavigatorCRE utilizes a range of technology safeguards to protect your data:
- Access to data storage is restricted by the firewall and only allows traffic originating from the IP address of the web application server.
- All customer datasets are stored in separate MongoDB collections.
- Azure SQL Database is also used to store data and utilizes data at rest encryption.
- Connections from the application to the database are encrypted using SSL data transit protocols.
- Any administrator or user with access to Navigator’s Azure Subscription is required to utilize Multi-Factor authentication for additional data and application security.
- The MongoDB database is hosted via mLabs Azure hosting services in a dedicated cluster environment for high security, data redundancy and high availability. Read more about mLab’s security.
If your organization requires a more detailed presentation of NavigatorCRE's security framework please contact your account manager.