Mio Security White Paper

Mio security whitepaper

Our approach

Mio is making cross-platform communication between teams a reality. In doing so, protecting the integrity and security of your data is of paramount importance to us. This post presents our approach to security so your company has a high degree of confidence when communicating over our systems.

How Mio syncs Slack and Webex Teams
Keep your teams in sync

Security by design

It is our philosophy that security should be incorporated into our product design from day one. Mio has received SOC 2 Type II certification and is always improving the product with security in mind.

All projects undertaken are subject to a risk assessment to ensure we don’t compromise our underlying security policies.

Organizational security

We educate our team to understand the importance of keeping your user data secure. This includes industry-standard authentication and authorization methods and maintaining the privacy of the personal information you transmit over our network.

Protecting your data

Classifying and prioritizing data

We classify and prioritize data to ensure we can provide the highest tier of security to your online messaging transactions. If we can avoid storage of your data we will do so. If we need to retain sensitive or critical data, we will encrypt it and ensure it can be destroyed.

Data encryption in transit and at rest

All data that is transmitted via Mio systems uses the TLS 1.2 protocol. It’ssensitive payloads are encrypted using AES-256 or equivalent ciphers. We connect to external messaging partners using the highest supported encryption protocols they support. We always proactively upgrade when new standards become available. Data at rest is encrypted to a minimum AES-256 standard at the vendor layer with additional controls applied at the application level for sensitive data.

Authorizing access

We will never store end-user plain text passwords or similar sensitive credentials on our system. Whenever possible we require users to use our platform partners authentication systems and as a result, only process and store encrypted tokenized access credentials for each of our users.

Network security

For customers relying on our dedicated managed hosting, Mio isolates each tenant within its own personal private network and provides a set of dedicated and isolated services for maximum privacy, security, and compliance. Public access to Mio is restricted to a limited number of front-end servers with a minimal number of open ports required to operate our service. Internal access by Mio’s employees is tiered and restricted by IP and VPN credentials and we work on a principle of least privilege.

Example of how the Mio technology syncs  Slack and Microsoft Teams
Slack and Microsoft Teams

Software security

Our servers and systems are actively monitored and are regularly updated with the latest security updates as needed. Any errors or omissions found in our own applications are proactively patched and retested at the earliest opportunity. All new servers are hardened before deployment to minimize accidental exposure to potentially insecure default services or credentials. Mio periodically invites external auditors to test and report on our system in its entirety and any feedback is prioritized and acted upon accordingly.

Change control

All application software built and deployed by Mio is subject to version control as part of our secure software development lifecycle. Prior to each production release software is extensively tested and versioned before being made available to the public.

System monitoring and logging

To continuously improve its level of service, Mio may log and inspect traffic passing over its systems. Administrative access by senior members of the team is required to access this information. Log retention is typically for 72 hours and is automatically destroyed after this timeframe.

Legal compliance

Mio has its own internal guidelines towards data privacy and security to help ensure it meets its legal, ethical and socially responsible obligations. Additionally, Mio commissions dedicated legal professionals when needed to help meet legal and regulatory requirements.

Data requests

By default, Mio tries to minimize personal data retention and typically only stores highly anonymized or obfuscated data on its systems. If Mio receives requests from users or government agencies to disclose or delete data outside of its regular day to day operations, we will meet all legal obligations deemed necessary by our legal counsel.

For more information on the Mio and to keep up to date with the latest messaging trends, visit our blog.

--

--

--

Chat better, together. Mio powers cross-platform messaging across Microsoft Teams, Slack, Webex, and Zoom. Learn more at https://m.io

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

10 Cybersecurity Best Practices for Your Commercial Real Estate Business

The Mysterious Requirements of the SBA Restaurant Revitalization Fund (SBA RRF)

Cyber Risk and Changing Corporate Structure

{UPDATE} DressUp RagazzA13DX Hack Free Resources Generator

Texas Power Grid & Supply Chain Risk

Wi-Fi doesn’t have valid IP configuration [FIXED]

Physical Anonymity on the Web: A Monumental Challenge

How GitHub Successfully Mitigated a DDoS Attack

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Mio

Mio

Chat better, together. Mio powers cross-platform messaging across Microsoft Teams, Slack, Webex, and Zoom. Learn more at https://m.io

More from Medium

Take Out the Digital Trash

No Case for Security Budget? Demand Participation Instead

Security Culture Rough Notes

Keep Your Free T-shirts, Make Mine Virtual

Cloud and Cyber Expo 2022