Skip to main content

Security is not a feature.
It's how we build.

EntraDesk is architected from the ground up with security at every layer — from isolated client environments to encrypted data at rest, audited source code, and SOC 2 compliant infrastructure.

Secure by Architecture

Built on a modern, decoupled stack with security boundaries at every level.

Separated Frontend & Backend

EntraDesk uses a fully decoupled architecture — React and React Native on the frontend, Laravel on the backend. The API layer is the only communication bridge, ensuring the backend is never directly exposed to end users. This separation reduces the attack surface and allows each layer to be secured, scaled, and audited independently.

React SPA React Native Laravel API Stateless Auth

Secure API Layer

Every API endpoint is protected by token-based authentication, request rate limiting, input validation, and CORS policies. Built on Laravel's battle-tested security primitives including CSRF protection, SQL injection prevention via Eloquent ORM, and XSS sanitization. All API traffic is encrypted over HTTPS/TLS 1.3.

HTTPS/TLS 1.3 Rate Limiting CORS CSRF Protection

True Tenant Isolation

Every client operates in their own isolated environment — not a shared database with filters.

Isolated Client Environments

Unlike traditional SaaS platforms that store all customers in a single shared database, EntraDesk provisions isolated environments for each client. Each tenant gets their own database schema, storage namespace, and configuration scope. This means one client's data is never co-mingled with another's — even at the infrastructure level.

This architecture eliminates entire categories of vulnerabilities common in multi-tenant SaaS: cross-tenant data leaks, shared resource exhaustion, and cascading failures. Each environment can be independently backed up, restored, and audited.

Per-Tenant Databases Isolated Storage Independent Backups No Cross-Tenant Access

Access Control & Authentication

Granular permissions, multi-factor authentication, and enterprise identity management.

RBAC & IAM

Role-Based Access Control with unlimited custom roles and granular, field-level permissions. Define exactly who can view, create, edit, or delete any resource across all 14 modules. Supports hierarchical roles, department-scoped access, and permission inheritance.

Two-Factor Authentication

All user accounts support 2FA via authenticator apps (TOTP). Administrators can enforce 2FA organization-wide, require it for specific roles, or allow optional opt-in. Failed login attempts are rate-limited and logged.

SSO & Enterprise Identity

Integrate with your existing identity provider via SAML 2.0 or OAuth 2.0. Supports Azure AD, Okta, Google Workspace, and custom LDAP directories. Centralize user provisioning and de-provisioning through your IdP.

Encryption Everywhere

Your data is encrypted in transit, at rest, and at the row level for sensitive fields.

HTTPS / TLS 1.3

All data in transit is encrypted using TLS 1.3. HSTS headers are enforced, and all HTTP traffic is automatically redirected to HTTPS. Certificate management is handled through AWS Certificate Manager with automatic renewal.

Encryption at Rest

All databases and storage volumes are encrypted at rest using AES-256 via AWS Key Management Service (KMS). Encryption keys are managed by AWS KMS with automatic rotation policies. Backups are also encrypted.

Row-Level Encryption

Sensitive data fields — such as personal identifiers, financial records, and credentials — are encrypted at the application level using Laravel's built-in encryption (AES-256-CBC). Even with database access, these fields remain unreadable without the application key.

Infrastructure & Compliance

Hosted on AWS with industry-standard certifications and continuous monitoring.

AWS Infrastructure

EntraDesk runs on Amazon Web Services — the world's most comprehensive cloud platform. Our infrastructure leverages AWS services including EC2, RDS, S3, CloudFront, ElastiCache, and SQS. AWS data centers maintain SOC 1, SOC 2, and SOC 3 certifications, as well as ISO 27001, ISO 27017, and ISO 27018 compliance.

AWS EC2 RDS S3 CloudFront CDN ElastiCache SQS

Certifications & Compliance

Our hosting infrastructure meets the most rigorous compliance standards. AWS data centers are certified for SOC 2 Type II, ISO 27001, PCI DSS Level 1, and HIPAA. EntraDesk inherits these physical and environmental controls, and adds application-level security measures on top.

SOC 2 Type II ISO 27001 ISO 27017 ISO 27018 PCI DSS GDPR

AWS WAF & Shield

Protected by AWS Web Application Firewall against SQL injection, XSS, and other OWASP Top 10 threats. AWS Shield provides DDoS protection at the network and transport layers.

AWS CloudTrail Audit Logs

Every infrastructure action is logged via AWS CloudTrail, providing a complete audit trail for compliance reviews. Application-level audit logs track user actions, data changes, and access events.

99.9% Uptime SLA

Multi-AZ deployments with automated failover, health checks, and auto-scaling ensure high availability. Infrastructure is monitored 24/7 via AWS CloudWatch with automated alerting and incident response.

Application Security

Security practices baked into our development lifecycle and codebase.

Audited & Certified Source Code

EntraDesk's source code undergoes regular third-party security audits. Independent security firms review our codebase for vulnerabilities, logic flaws, and adherence to OWASP guidelines. Audit results are documented and remediated on a strict timeline.

3rd Party Audits OWASP Compliance Penetration Testing Code Reviews

Secure Development Practices

Our 30+ engineering team follows secure development lifecycle (SDLC) practices including mandatory code reviews, automated static analysis (SAST), dependency vulnerability scanning, and CI/CD pipeline security gates. No code reaches production without passing security checks.

SAST Scanning Dependency Audits CI/CD Security Gates Peer Code Review

Laravel Security

Built on Laravel's proven security framework: Eloquent ORM prevents SQL injection, Blade templating auto-escapes XSS, and built-in CSRF tokens protect form submissions. Session management uses encrypted, httpOnly cookies.

React Frontend Security

React's virtual DOM and JSX auto-escaping prevent XSS by default. Content Security Policy (CSP) headers restrict script sources. All API calls use token-based auth with automatic token refresh and secure storage.

Mobile Security

The React Native mobile app uses certificate pinning, secure keychain storage for tokens, biometric authentication support, and encrypted local data. App binaries are obfuscated and signed for both iOS and Android.

Data Protection & Privacy

Your data belongs to you. We protect it, and we give you control over it.

GDPR Compliance

Full compliance with EU General Data Protection Regulation. Support for data export, right to deletion, consent management, and data processing agreements (DPA).

Automated Backups

Daily automated backups with point-in-time recovery via AWS RDS. Backups are encrypted and stored in a separate AWS region for disaster recovery. 30-day retention by default.

Incident Response

Documented incident response procedures with defined severity levels, escalation paths, and SLA-backed response times. Customers are notified within 24 hours of any confirmed data breach.

Security at a Glance

Separated React frontend & Laravel API backend
Isolated per-client environments (not shared SaaS)
RBAC with unlimited roles & granular permissions
Two-factor authentication (TOTP)
HTTPS/TLS 1.3 for all data in transit
AES-256 encryption at rest via AWS KMS
Row-level encryption for sensitive fields
SOC 2 & ISO 27001 certified data centers
AWS WAF & Shield DDoS protection
Third-party audited & certified source code
React Native mobile app with certificate pinning
GDPR compliant with data export & deletion

Have security questions?

Our team is happy to discuss EntraDesk's security posture in detail, share audit reports, or complete your vendor security questionnaire.