Security & Trust

CYBERWHITE protects your data with robust security practices

Our Security Commitments

Encryption

TLS 1.3 in transit, AES-256 at rest

Access Control

Role-based access control with secure authentication

Infrastructure

AWS Sydney (Australia) enterprise cloud hosting

Audit Logging

Comprehensive activity logging and audit trails

Data Privacy

Your data stays yours, never shared

Compliance

Built with SOC 2 Type II controls in mind

Microsoft 365 Integration Security

We understand M365 integration security is critical. Here's how we protect your Microsoft environment:

Microsoft OAuth 2.0

Authentication happens directly with Microsoft - we never see or store your Microsoft credentials. You control access through your Azure AD tenant.

Read-Only Permissions

CYBERWHITE only requests read-only access. We cannot modify your M365 settings, policies, or configurations - only read security scores and policy status.

Least Privilege Access

We request only the minimum permissions needed: SecurityEvents.Read.All and Policy.Read.All. No access to emails, documents, or user data.

Revocable Anytime

You maintain full control. Revoke CYBERWHITE's access at any time through your Azure AD portal - no data loss, just disconnection.

Secure Token Storage

OAuth tokens are encrypted at rest and in transit. Tokens auto-expire and are never logged or exposed in application code.

Admin Consent Required

Only Global Administrators can authorize the M365 connection, ensuring proper oversight and approval workflows in your organization.

Security Features

Encryption at Rest and Transit: AES-256 encryption at rest, TLS 1.3 for all data in transit

Comprehensive Audit Logging: Activity logs for authentication, data access, and system changes with compliance tagging (ISO27001, SOC2, GDPR)

Multi-Tenant Data Isolation: Tenant data isolation ensures your data never mixes with other organizations

Daily Automated Backups: Daily encrypted backups with 7-day retention and point-in-time recovery

OAuth Security: Microsoft 365 integration uses OAuth 2.0 with read-only, least privilege access

Security-First Development: Secure development practices with code reviews and testing

Data Retention Control: Configure how long your assessment data is retained

Australian Data Sovereignty: All data hosted in AWS Sydney with compliance to Australian privacy laws

Common Security Questions

Can CYBERWHITE modify my Microsoft 365 environment?

No. We only request read-only permissions. CYBERWHITE cannot make any changes to your M365 policies, settings, or configurations.

Who can see my assessment data?

Only authorized users in your organization. For MSPs, only assigned consultants can access client data. Data is never shared with third parties.

Where is my data stored?

Data is hosted in AWS Sydney, Australia (ap-southeast-2 region) with enterprise-grade security and encryption at rest. This ensures low latency for APAC customers and compliance with Australian data sovereignty requirements.

How do I disconnect M365 integration?

Revoke access anytime through Azure AD Enterprise Applications or within CYBERWHITE settings. Historical assessment data remains until you delete it.

Is CYBERWHITE SOC 2 compliant?

CYBERWHITE is built with SOC 2 Type II controls in mind. Contact us for our current compliance status and documentation.

Questions About Security?

Contact our security team for detailed documentation, compliance reports, or custom security requirements