Application Security

Application Security

Application Security

Security Training

CLO-SET requires all engineers to participate in security training operated by the government at least once a year.

QA

CLO-SET's Quality Assurance (QA) department reviews and tests the codebase. Dedicated application security engineers on staff identify, test, and triage security vulnerabilities in code.

Separate Environments

Testing and staging environments are physically separated from the Production environment. No actual Service Data is used in the development or test environments.

Third-Party Penetration Tests

Every year, CLO-SET employs third-party security experts to perform a broad penetration test.

On-site Security

Datacenters managed by Microsoft have extensive layers of protection: access approval at the facility’s perimeter, at the building’s perimeter, inside the building, and on the datacenter floor.

Location

CLO-SET leverages Azure data centers in the United States, Europe, and Asia Pacific. Customers can choose the hosting location of the service data.

Learn more about our regional data hosting options.

Monitoring

All Production Network systems, networked devices, and circuits are constantly monitored and logically administered by CLO-SET staff. Physical security, power, and internet connectivity are monitored by Azure.

Facility

CLO-SET hosts service data in Azure data centers certified by ISO 27001, PCI/DSS Service Provider Level 1, and/ or SOC 2 compliance. Azure data centers use climate control to monitor and maintain optimized conditioned spaces for staff, equipment, and hardware. 

DDoS Mitigation

CLO-SET has architected a multi-layer approach to DDoS mitigation. Its core technology partnership with Cloudflare provides network edge defenses. Also, the use of Azure scaling and protection tools provides deeper protection along with the use of Azure DDoS specific services.

Logical Access

CLO-SET Production Network restricts its access by an explicit need-to-know basis, utilizes least privilege, is frequently audited and monitored, and is controlled by our Security Team. CLO-SET Production Network requires employees to use multiple factors of authentication when accessing the network.

Security Incident

Response

In the case of a system alert, CLO-SET escalates events to its security team that covers operations, network engineering, and security. CLO-SET employees are well-trained with security incident response processes, including communication channels and escalation paths.

Encryption

CLO-SET encrypts all communications on the platform via industry best practices such as HTTPS and Transport Layer Security (TLS) 1.2 over public networks. Customers of CLO-SET benefit from the protections of encryption at rest for their data. Service Data (DB and Files) is encrypted at rest in Azure using AES 256 key encryption.

Protection

CLO-SET network is protected by the uses of key Azure security services, integration with Cloudflare edge protection networks, regular audits, and network intelligence technologies that monitor and/ or block malicious traffic and network attacks. Learn more about Cloudflare CDN security.

Physical

and Network Security

Physical

and Network Security

Physical

and Network Security

Product Security

Product Security

Product Security

SSO (Single Sign-on)

SSO allows clients to authenticate users in their systems without requiring additional login credentials. CLO-SET supports Active Directory, OKTA, and Google O-auth.

API Security & Authentication

CLO-SET API is TLS-only. Clients can authorize against the API using a username and API token.

Role-based Access Control

Role-Based Access Control (RBAC) defines granular access privileges and governs access to data within CLO-SET. CLO-SET has various permission levels for users (Company admin, Brand admin, Company collaborator, Brand collaborator, Editor, Viewer, etc.).

Transmission Security

Transport Layer Security (TLS) encrypts and delivers email securely, mitigating eavesdropping between mail servers where peer services support this protocol. CLO-SET encrypts all communications with its UI and API using industry-standard HTTPS/TLS over public networks, which ensures the security of all traffic in transit between clients and CLO-SET.

Create and alter true-to-life 3D garments with effective communication successful collaboration.

Create and alter true-to-life 3D garments with effective communication successful collaboration.

Create and alter true-to-life 3D garments with effective communication successful collaboration.

Copyright © 2009 - 2024 CLO Virtual Fashion. All Rights Reserved.

Copyright © 2009 - 2024 CLO Virtual Fashion.

All Rights Reserved.

Copyright © 2009 - 2024 CLO Virtual Fashion. All Rights Reserved.

Copyright © 2009 - 2024 CLO Virtual Fashion. All Rights Reserved.