Appendix 7 - Product sheet
Service Eunoia Security Hub
SaaS Essential and Enterprise offers
1. INTRODUCTION AND UPDATES OF THIS DOCUMENT
This document is the product sheet for the Eunoia Security Hub service in SaaS mode. Its purpose is to provide an overview of the service used and describes its features, security measures, compliance, etc.
EUNOIA reserves the right to update and modify the Terms of Use at any time without notice. You can consult the most recent version of the conditions of use on the Eunoia website in the "Conditions of Use" section.
Email notifications will be sent to the accounts referenced by the person who subscribed to the EUNOIA license. These will cover EUNOIA events, documentation, training, product developments and contractual documents (General Terms of Service and its appendixes).
2. DESCRIPTION
In an ever-evolving digital landscape, where businesses deploy their information systems across mixed architectures, the challenge of effectively securing these environments becomes paramount. Eunoia Security Hub SaaS stands out as the strategic solution, designed to meet the growing complexity of cybersecurity requirements, while ensuring full compliance with regulatory standards. Deployed in the GCP region in France, the underlying platform offers a high level of security and resilience. This solution reduces complexity and enhances security, emphasizing its customizability to assist businesses in addressing their security challenges.
3. MAIN USE-CASE TO ADDRESS
-Difficulty in implementing a security organization in practice (implementation of a RACI).
-Difficulty in conducting security controls (multiple supports, lack of updates).
-Lack of consistency between asset management, risk analysis, and control results.
-Lack of automated controls.
-No dynamic consolidation between elements (e.g., a risk analysis on infrastructure is not reflected in the services it supports, similarly with control results).
-Use of multiple platforms for GRC management (numerous Excel files, SharePoint, Jira, email), often leading to outdated information.
-Complex reporting leads to many unnecessary meetings, and decisions are often made based on outdated and partial information.
-The situation is exacerbated by the complexity of the organization (multiple business units, subsidiaries, etc.) and the complexity of deployed services and the ecosystem (mix of on-premises + multiple CSPs + consumption among entities).
-GRC applications are often inflexible (forcing the business model to fit the tool rather than vice versa, difficulty in integrating new standards), lack responsibility management (RACI), asset management, and are complex to use, with few/no automated controls, no consolidated/mutualized controls (which would avoid conducting the same or similar control five times to assess compliance across five different standards).
-No capitalization on previous risk management experience.
-Difficult to have a clear view of the ISMS maturity.
-Lack of communication between different levels from top management to operational staff.
-Lack of quality and consistency in risk analyses.
-Difficult to manage security for hybrid or multicloud platforms.
-Today's CSPM and other tools provide visibility into technical and operational security but lack a business dimension, which does not allow visibility into criticality and priority.
4. MAIN FEATURES OF EUNOIA SECURITY HUB
Eunoia Security Hub SaaS is engineered to provide a comprehensive, customizable, and user-friendly cybersecurity management solution. Here's an overview of its key features designed to streamline security governance, risk management, compliance processes and security postures for businesses:
Eunoia Security Hub emerges as a comprehensive SaaS platform meticulously crafted to tackle the multifaceted challenges of modern cybersecurity landscapes. With its deployment in the GCP France region, it leverages the inherent security and resilience of cloud infrastructure to offer unparalleled data protection and operational continuity for businesses worldwide. Below is a detailed exploration of its core functionalities that collectively aim to simplify, enhance, and revolutionize the way organizations manage their cybersecurity posture.
Streamlined security governance
At the heart of Eunoia Security Hub is a robust framework for Security Process Modeling, designed to empower organizations with the tools to sculpt a security governance structure tailored to their specific needs. This feature facilitates the seamless assignment of roles and delineation of responsibilities, ensuring a clear, strategic alignment of security practices with organizational objectives. It demystifies the complexities of security governance, enabling entities to establish a firm foundation for their cybersecurity strategies.
Advanced risk management
Recognizing the dynamic nature of cyber threats, Eunoia offers an adaptive risk management module equipped with customizable methodologies. This module is bolstered by interactive threat assessment capabilities, including intuitive attack trees and comprehensive risk monitoring dashboards. It empowers businesses to proactively identify, evaluate, and neutralize potential security threats, transforming risk management from a reactive task to a proactive strategy.
Comprehensive compliance management
In the labyrinth of regulatory standards, Eunoia shines as a beacon of compliance simplicity and efficiency. It supports a broad spectrum of customizable compliance frameworks, enabling businesses to navigate the often turbulent waters of regulatory adherence with ease. Coupled with extensive monitoring capabilities, Eunoia ensures that organizations not only achieve but also maintain compliance, staying perpetually one step ahead of regulatory evolution.
Seamless integration and asset management
Eunoia's integration capabilities extend to Cloud Service Providers (CSPs), facilitating a unified asset management experience. This integration is designed to enhance operational security through efficient management of digital assets spread across diverse environments. The platform's granular Role-Based Access Control (RBAC) system further fortifies this feature by providing meticulous access management, thereby safeguarding sensitive data and critical systems against unauthorized access.
Customization and usability
Eunoia Security Hub distinguishes itself with extensive customization options, allowing each organization to tailor the platform to their unique cybersecurity requirements. This flexibility is matched by an intuitive user interface that breaks down the complexities of cybersecurity management into a user-friendly experience, making sophisticated cybersecurity management accessible to all.
5. INFRASTRUCTURE OF SAAS EUNOIA SECURITY HUB
5.1 Hosting infrastructure principles
Eunoia Security Hub is deployed on a highly resilient cloud infrastructure within the GCP region in France, embodying state-of-the-art technologies and practices to ensure the utmost security, performance, and reliability.
GCP France region - high availability
Choosing GCP France as our hosting region offers several strategic advantages, including compliance with European data protection GCP, low-latency network performance for European clients, and access to GCP's extensive portfolio of cloud technologies. GCP's infrastructure is renowned for its high resilience, with multiple availability zones within the region ensuring redundancy and continuous service availability, even in the event of a data center failure.
Containerization technologies
Eunoia Security Hub leverages containerization technologies, such Kubernetes, to enhance deployment flexibility, scalability, and isolation. Containerization allows us to encapsulate the application and its dependencies into compact, portable units, simplifying updates, scaling operations, and ensuring consistent performance across different environments.
Secure storage
Data storage is managed using GCP Google Storage buckets, which offer highly durable and secure storage solutions. Storages are configured for encryption at rest, ensuring that all data stored within the Eunoia Security Hub is protected against unauthorized access and breaches.
Network segmentation and load balancing
Our cloud infrastructure employs strict network segmentation and load balancing techniques to further bolster security and performance. Network segmentation isolates different components of the Eunoia Security Hub, limiting the potential impact of security threats, while load balancing efficiently distributes incoming traffic across multiple servers, ensuring high availability and responsiveness under varying load conditions.
5.2 High level architecture – Enterprise offer
The “Enterprise offer” is based on a dedicated infrastructure per customer, ensuring reinforced logical separation between environments. Each customer benefits from a distinct instance of Eunoia Security Hub, including a dedicated and separate database, guaranteeing information isolation and data confidentiality.
The solution’s administration is carried out through a secure administration infrastructure, separate from production environments, ensuring strict segregation of management and supervision operations for all EUNOIA customers.
This model provides greater flexibility for integration with the customer’s existing systems, as well as enhanced control over configuration and compliance.
Here a quick synoptic of the Eunoia SaaS infrastructure about “Enterprise offer” :
5.3 High level architecture – Essential offer
The “Essential offer” relies on a multi-tenant infrastructure, in which several customers share the same application resources and databases. Information isolation is ensured through logical segregation mechanisms and the advanced RBAC engine integrated into Eunoia Security Hub, guaranteeing strict separation of data and access between customers.
This model enables fast deployment, simplified maintenance, and optimized cost, while benefiting from the resilience and security mechanisms inherent in the underlying cloud infrastructure.
6. DEVELOPMENT AND CHANGEMENT MANAGEMENT
Our approach to the development and deployment of Eunoia Security Hub is anchored in a rigorous Continuous Integration/Continuous Deployment (CI/CD) pipeline. This methodology not only facilitates the rapid evolution of our service but also ensures the reliability and security of every new feature we introduce. Below, we detail the critical components of our development process:
CI/CD Pipeline
At the core of our development practices is a robust CI/CD pipeline, designed to automate the building, testing, and deployment phases of our application lifecycle. This pipeline enables us to integrate small increments of code changes frequently and reliably, promoting a highly agile and responsive development environment.
Functional and security testing
As part of the CI/CD process, we integrate comprehensive functional and security testing to detect and remedy potential issues early. This includes automated unit tests, integration tests, and security scans that rigorously evaluate the safety and functionality of the code. By embedding these tests into our pipeline, we ensure that every release meets our high standards for quality and security.
Internal security autocontrols and pentests are performed.
Segregated environments
To further enhance the integrity and stability of our service, we maintain distinct environments for development, testing, and production. Each environment is meticulously segregated to prevent any cross-contamination of data or configurations:
-
Development Environment: Where new features and updates are initially coded and internally tested by our developers.
-
Testing Environment: A replica of the production environment where comprehensive testing, including user acceptance tests, is conducted without affecting the live service.
-
Production Environment: The live environment where the service is deployed to end-users, having passed through the preceding stages of rigorous validation.
This structured approach to environment management allows us to simulate real-world scenarios accurately, validate updates thoroughly before they reach production, and maintain the highest levels of service quality and security.
Commitment to reliability and security
Our development and update process embodies our commitment to delivering a cybersecurity solution that is not just innovative and feature-rich but also reliable and secure. By leveraging a stringent CI/CD pipeline, incorporating exhaustive testing practices, and maintaining a disciplined approach to environment management, we ensure that Eunoia Security Hub remains at the forefront of cybersecurity management solutions, ready to meet the dynamic challenges faced by modern enterprises.
SECURITY AND GPDR COMPLIANCE OF EUNOIA SECURITY HUB
Our approach to the development and deployment of Eunoia Security Hub is anchored in a rigorous Continuous Integration/Continuous Deployment (CI/CD) pipeline. This methodology not only facilitates the rapid evolution of our service but also ensures the reliability and security of every new feature we introduce. Below, we detail the critical components of our development process:
CI/CD Pipeline
At the core of our development practices is a robust CI/CD pipeline, designed to automate the building, testing, and deployment phases of our application lifecycle. This pipeline enables us to integrate small increments of code changes frequently and reliably, promoting a highly agile and responsive development environment.
Functional and security testing
As part of the CI/CD process, we integrate comprehensive functional and security testing to detect and remedy potential issues early. This includes automated unit tests, integration tests, and security scans that rigorously evaluate the safety and functionality of the code. By embedding these tests into our pipeline, we ensure that every release meets our high standards for quality and security.
Internal security autocontrols and pentests are performed.
Segregated environments
To further enhance the integrity and stability of our service, we maintain distinct environments for development, testing, and production. Each environment is meticulously segregated to prevent any cross-contamination of data or configurations:
-
Development Environment: Where new features and updates are initially coded and internally tested by our developers.
-
Testing Environment: A replica of the production environment where comprehensive testing, including user acceptance tests, is conducted without affecting the live service.
-
Production Environment: The live environment where the service is deployed to end-users, having passed through the preceding stages of rigorous validation.
This structured approach to environment management allows us to simulate real-world scenarios accurately, validate updates thoroughly before they reach production, and maintain the highest levels of service quality and security.
Commitment to reliability and security
Our development and update process embodies our commitment to delivering a cybersecurity solution that is not just innovative and feature-rich but also reliable and secure. By leveraging a stringent CI/CD pipeline, incorporating exhaustive testing practices, and maintaining a disciplined approach to environment management, we ensure that Eunoia Security Hub remains at the forefront of cybersecurity management solutions, ready to meet the dynamic challenges faced by modern enterprises.
7. SECURITY AND GPDR COMPLIANCE OF EUNOIA SECURITY HUB
Combining the essential elements of service security, shared responsibility, and the foundational principle of security and privacy by design, along with the alignment to ISO 27001 standards, offers a comprehensive overview of the security posture and practices employed by Eunoia Security Hub.
Comprehensive security measures
Eunoia Security Hub's security framework is meticulously outlined in our Security Assurance Plan (SAP), incorporating a suite of advanced security measures. It is considered as external Informational Security Policy (ISSP), which can be shared with interested parties. This plan encompasses multi-factor authentication (MFA) to verify user identities, bastion hosts for secure system access, network segmentation to isolate and protect resources, and stringent safeguards for administrative systems. Continuous monitoring and incident management processes are integral to our approach, ensuring rapid detection and resolution of security events, thereby maintaining the integrity and confidentiality of client data. Central to our security strategy is the encryption of data at rest, utilizing industry-standard encryption algorithms to secure stored client data. Furthermore, we ensure the security of data in transit through the implementation of TLS 1.2 and 1.3 protocols, with rigorously managed certificates to maintain encrypted communications.
Assurance Security Plan and Shared Responsibility Model
A clearly defined assurance security plan and shared responsibility model delineates the security obligations of Eunoia and our clients, promoting a mutual understanding and collaborative effort towards data protection. This model is pivotal in establishing clear boundaries for operational and security responsibilities, ensuring that all parties are aware of their roles in safeguarding sensitive information.
Privacy and security by design with ISMS aligned with ISO 27001
At the core of Eunoia Security Hub's development ethos is an unwavering commitment to privacy and security by design. This proactive approach integrates security and privacy considerations into every phase of our platform's lifecycle, from coding to feature deployment. By embedding these measures early, we effectively mitigate vulnerabilities and enhance resilience against evolving cyber threats, ensuring robust protection for user data from the onset.
Our stringent adherence to the ISO 27001 standard highlights our commitment to establishing a comprehensive Information Security Management System (ISMS). This strategic alignment encompasses all aspects of our operations, including people, processes, and IT systems, through a rigorous risk management process. It ensures that the security controls we implement are not only comprehensive but also cohesive, providing our clients with the assurance that their information is safeguarded by a platform that upholds the highest standards of data security and operational integrity.
GCP solutions used for Eunoia Security Hub is certified ISO 27001, HDS and SOC2.
Eunoia aims for ISO 27001 and HDS certification in 2027 on the scope on conception, developpement, integration, support activities.
GDPR Compliance
In addition to our comprehensive security measures and commitment to privacy by design, Eunoia Security Hub places a strong emphasis on compliance with the General Data Protection Regulation (GDPR). This commitment reflects our dedication to protecting the personal data of our European clients and their users, aligning with the stringent requirements set forth by the European Union.
8. OPPERATIONAL SECURITY AND SERVICE LEVEL COMMITMENT
At Eunoia Security Hub, we understand that the reliability of cybersecurity services is paramount for the uninterrupted operations of our clients' businesses. That's why we pledge a robust Service Level Agreement (SLA) that guarantees an impressive 99,5% uptime for our SaaS platform. This commitment underscores our dedication to providing a consistently available and high-performing service, enabling our clients to depend on Eunoia Security Hub for their cybersecurity needs without hesitation.
High availability infrastructure
Leveraging the advanced cloud architecture of GCP in France, Eunoia Security Hub is designed for high availability. Our infrastructure utilizes redundancy and failover techniques across multiple availability zones, minimizing the risk of service interruptions.
Proactive monitoring and incident management
Our dedicated team employs continuous monitoring of system performance and security posture. Coupled with our proactive incident management process, we can swiftly identify, respond to, and resolve issues that might affect service availability.
Regular maintenance and updates
To ensure the ongoing reliability and security of our platform, we update regulary the service. These activities are carefully planned, transparent and if necessary communicated in advance to minimize any potential impact on our clients.
Transparent communication
In the unlikely event of a service disruption, we are committed to providing timely and transparent communication to our clients. Our communication protocol includes immediate alerts and regular updates until full-service restoration.
SLA compliance and remediation
We monitor our SLA performance closely and are committed to maintaining our uptime guarantee. Should we fall short of this commitment, our SLA outlines the remediation measures and compensations available to our clients, ensuring that they are supported even in the face of unexpected challenges.
8. BUSINESS CONTINUITY PLAN
Ensuring the uninterrupted operation of Eunoia Security Hub and safeguarding our clients' interests are at the core of our commitment. Our comprehensive Business Continuity Plan (BCP) is meticulously designed to minimize potential service disruptions and maintain operational resilience under various scenarios, including natural disasters, cyberattacks, and other unforeseen events.
Key Components of Our Business Continuity Plan:
Business Impact Analysis (BIA)
At the foundation of our BCP, the BIA identifies critical functions and processes within Eunoia Security Hub, assessing the potential impact of different disruption scenarios. This analysis is pivotal in prioritizing recovery efforts and resource allocation, ensuring that we can swiftly restore essential services to mitigate the impact on our clients.
Disaster Recovery Plan (DRP)
Integral to our BCP, our DRP outlines specific strategies and procedures for recovering disrupted systems and networks. This plan is tailored to ensure the rapid restoration of data, applications, and services, leveraging our resilient cloud infrastructure to minimize downtime.
Annual testing
To guarantee the effectiveness of our BCP and DRP, comprehensive tests are conducted at least annually. These exercises simulate various disruption scenarios to evaluate our response strategies, identify potential areas for improvement, and ensure that our team is well-prepared to manage real-life incidents.
Compliance with our Information Security Management System (ISMS)
Our BCP, including the BIA and DRP, is developed in accordance with the controls and guidelines defined in our ISMS. This alignment ensures that our business continuity strategies are fully integrated with our broader security policies and objectives, maintaining consistency across all operational and security practices. Feedback from testing, along with insights from actual incidents, if any, are systematically analyzed to refine and enhance our BCP. This process of continuous improvement ensures that our business continuity measures evolve in line with emerging threats, technological advancements, and changing business requirements.
10. CUSTOMERS SUPPORT
Our dedication to excellence extends beyond our software solution to include comprehensive support for all Eunoia Security Hub users. We are committed to providing responsive, effective, and personalized assistance to ensure that every interaction with our platform is seamless and productive. Below are the key aspects of the Eunoia Security Hub support system designed to assist our clients at every step of their cybersecurity journey.