Performance Logs and CICD
Performance and activities are logged for all the components in WEM platform. Detailed user & access logging can be modelled for specific applications. WEM platform maintains a CI/CD setup. All updates go through QA. We run automated regression tests before each release. DTAP environment is maintained.
WEM stores full backups of all databases up to 28 days. Backups older than 28 days are automatically deleted.
WEM platform uses a firewall and a reverse proxy that handles the web requests before they are sent to the application servers. We have rules and restrictions that every web request must meet before they are forwarded to the application servers. Using this ‘gatekeeper’ functionality WEM team can detect and prevent attacks to services. For individual applications it is also possible to set of extensive access control, basis on IP addresses or ranges of IP addresses. This can be used to implement whitelist or blacklist approach to restrict/allow access to individual applications/portals.
WEM team periodically runs automated pentests on monthly basis. It is also possible to run pentests for applications that are built with WEM. These pentests are run based on customer requests on a case to case basis.
The X509 server certificates are generated and stored on the NGINX webservers that serve as both a reverse proxy and a TLS termination proxy. A CSR is sent to a CA, the private keys do not leave the NGINX servers (we run multiple NGINX servers in a HA cluster). The certificates are renewed every three months. WEM has been designed keeping in line with the need for security for the enterprise. Users have a number of security features to incorporate in their applications to make it as secure as per their requirements.