7. Network security
OutSystems applies best practices and manages security to allow customers to focus primarily on their business. Our platform inherently protects customers from threats by making sure security controls are applied at every layer, while ensuring that customer applications and data are isolated.
OutSystems employs advanced intrusion prevention and network monitoring technology to protect customers from a wide range of threats, both known and emerging.
Additionally, with certain editions of the OutSystems platform, an organization can access the cloud through VPN* (O11) or Secure Gateway*(ODC). OutSystems documentation has more details on how such mechanisms can be configured through LifeTime as well as on how you can configure a private gateway to your network.
The file integrity monitoring automatically scans critical files, folders, processes, settings, and ports to detect any unauthorized activity or changes. In addition, OutSystems conducts malware scans to monitor uploads of malware and block their execution using real-time updates without any downtime to protect against malware threats.
Table of contents
Network architecture and segmentation
In OutSystems 11 Cloud, each customer has a dedicated set of virtual machines and database instances protected inside the customer’s dedicated Virtual Private Cloud (VPC), which is logically isolated from the internet and any other networks.
The virtual private network (VPN) also provides a secure and seamless bridge between an existing IT infrastructure and OutSystems Cloud environments. With this technology, cloud environments can communicate with on-premises systems through VPN tunnels and vice versa, enabling teams to integrate and expose core system data securely.
Edge security
To ensure that applications are secure and protected against various types of attacks, OutSystems uses several security measures. One is the use of AWS Shield, a distributed denial of service (DDoS) protection mechanism that is automatically enabled by default. This provides automatic protection against network and transport layer DDoS attacks.
OutSystems also provides end-to-end encryption using Transport Layer Security (TLS) and data encryption at rest with a per-tenant encryption key. Additionally, sensitive information such as application settings, passwords, or API keys are stored securely in a secrets manager service.*(ODC)
To strengthen the security of OutSystems applications and user trust, SSL/TLS certificates are set up by default. These certificates provide end-to-end encryption between browsers and applications, which is crucial when transmitting sensitive data.
To further strengthen user trust and brand recognition, users can define their preferred domain name and upload their SSL certificate in the OutSystems management console.
Secure remote access
Certain editions of OutSystems 11 support the addition of VPN connections that you can request and configure through Lifetime.
In terms of our cloud-native offering, OutSystems provides the Secure Gateway, a solution that is quick and easy to set up and doesn't require complex configuration. It also ensures tenants remain isolated, and provides fine-grained control over what data applications can access. This cloud-native solution consists of two different parts.
- The OutSystems Developer Cloud Private Gateway: A lightweight service that runs in your OutSystems tenant and it is managed by OutSystems.
- The OutSystems Developer Cloud Connector: A lightweight Linux client that connects to the Private Gateway Service and establishes a fast TCP tunnel, secured via SSH. This tunnel can then transport requests and data between the Outsystems Developer Cloud and your self-managed servers.
This connector only requires outbound access to the internet. No endpoints are exposed to the public internet, ensuring your data and infrastructure is kept private.