Skip to content

SecuritySecurity

The Thinkwise Platform takes care of many of the technical security considerations when dealing with enterprise software development. The platform is designed with security in mind, following Security-by-Design principles. Besides handling authentication and applying model-driven access control, the high-quality runtime components also provide additional protection against abuse. 

Read more about our model-driven security by design approach, download our latest penetration test summaries, or review our ISO 27001 and ISO 9001 certification, and more below. 

Security
Challenges

Our commitment to security

As our platform is used for developing busines-criticial enterprise applications, data privacy and Security-by-Design have been the driving principles from the start. To validate the security of our platform, the Thinkwise Platform is regularly tested for security leaks by independent ethical hackers

Besides securing the platform itself, Thinkwise has also put processes and controls in place to manage or eliminate security risks in its in-house operations. This way our customers can rely on their confidential data being actively protected and having access to a consistent, high-quality level of service.

OUR APPROACH

Secure and future proof software

Authentication

The process of authentication is fully managed by the Thinkwise Platform

Administrators configure user accounts in the Intelligent Application Manager, the management tool for production environments built using the Thinkwise Platform. There are various supported authentication types. Most types rely on external user stores to verify the user:

  • Windows Active Directory
  • Azure Active Directory
  • Accounts managed by the database.

Mechanisms such as SSPI, Kerberos and OpenID are used by the runtime components to ensure this is done securely. Logging in through Single sign-on is supported out-of-the-box. The Thinkwise Platform can also act as an OpenID provider itself, allowing users to identify themselves to 3rd party applications using the account in the Intelligent Application Manager.

Authorization

Role-Based Access Control grant users access to different features of the developed application

Roles are a part of the application model. They are coarse-grained bundles of rights on certain model objects. A single role is designed to fully support a certain business activity within the system that can be granted or revoked without side effects.

Furthermore, data filters can be configured for a role that limits the data available to the user. This can be in a static manner (for example, limit Sales invoices to only those with status draft) or in a dynamic manner (limit Sales invoices to only those assigned to the current user).

The Software Factory ensures each individual role is a consistent bundle of model objects. For example, the menu item Approve sales invoices may not be granted to the role while the Sales invoice entity has not been authorized to the role. To achieve this, roles are not limited to CRUD rights on data entities but include rights on UI model objects and process model objects as well. Built-in validations assist the developer in configuring a consistent, secure, and powerful set of roles.

Runtime interpretation

Role-Based Access Control grant users access to different features of the developed application

Roles are a part of the application model. They are coarse-grained bundles of rights on certain model objects. A single role is designed to fully support a certain business activity within the system that can be granted or revoked without side effects.

Furthermore, data filters can be configured for a role that limits the data available to the user. This can be in a static manner (for example, limit Sales invoices to only those with status draft) or in a dynamic manner (limit Sales invoices to only those assigned to the current user).

The Software Factory ensures each individual role is a consistent bundle of model objects. For example, the menu item Approve sales invoices may not be granted to the role while the Sales invoice entity has not been authorized to the role. To achieve this, roles are not limited to CRUD rights on data entities but include rights on UI model objects and process model objects as well. Built-in validations assist the developer in configuring a consistent, secure, and powerful set of roles.

Infrastructure

The Thinkwise Platform allows customers to deploy their applications as they prefer

The platform is not exclusive to a certain cloud provider or operating system. You can choose to deploy on-premise on Linux servers, in AWS, Azure or Google cloud using their PaaS services or IaaS services. Or simply install the full Thinkwise Platform on your own Windows desktop.

This freedom allows providers of large enterprise systems to satisfy very specific SLA demands of their users. On the flip side, this comes with significant ramifications for the security of your environment. The infrastructure is not the responsibility of the Thinkwise Platform as it is not provided as an aPaas environment.

Security and compliance resources