Application Security

Convene grants its users full system ownership, from managing user roles and devices to setting system and security preferences. Whether used on a mobile device, tablet, or desktop, Convene and all meeting processes are secure from any threats or vulnerabilities.


User Accounts and System Security Preferences

Account Management
Account Management

System Administrators can easily add and/or remove users from their system, and assign them as General Users or fellow System Administrators. Users can also be divided into groups for easier Meeting set-up and granting of access controls.

Role Based Access Control
Role Based Access Control
  • User Roles
    Users can be granted access rights depending on their User Role (General User or System Administrator). System Administrators are able to configure system settings and manage user accounts on top of basic Convene portal features.
  • Meeting Roles
    Organizers can assign Meeting Roles to meeting participants. These Meeting Roles define and limit what participants can do during Live Meetings and with the board material
User Logs and Activities
User Logs and Activities

Administrators can track all activity at any level within the application and admin portal: login attempts, file uploads and downloads, file permissions, meeting updates, and changes in user profiles. Reports can also be generated for easier presentation and analysis of data.

Password Policies
Password Policies

Convene supports customised password policies and password expiration periods to ensure that accounts are protected.

Session Timeout and Sign-in Retries
Session Timeout and Sign-in Retries

Users are also automatically signed out following the set Session Timeout and have limited Sign-in Retries.


Document Security and Digital Rights Management (DRM)

Copy Restrictions
Copy Restrictions

To minimize exposure of customer data, Convene prevents the copying of document content to other applications. There is no facility available in Convene application context menus or other options to copy the document content via the system clipboard.

Password Protection
Password Protection

Folders or specific documents on the Document Library can be locked with passwords to further restrict access.

Document Access
Document Access
  • Document Library
    Folder owners can allow users or groups to view, download, or edit individual files or folders on the Document Library.
  • Meetings
    Meeting organisers have the option to limit who can view, download, forward, export, and print documents from Meetings by assigning Meeting Roles. Organisers can opt to restrict access to specific meeting agenda items and/or documents using advanced permission settings.
Scheduled Archival and Disposal
Scheduled Archival and Disposal

Administrators can schedule the archival and/or disposal of documents after a certain time has lapsed to avoid unauthorised access of files. Temporary files are also never backed up to iTunes and/or iCloud. This can also be configured in specific Meetings, Review Rooms, or Resolutions only.

Watermarks
Watermarks

An additional layer of security can be added to Meetings, Review Rooms, and Resolutions documents with a customisable watermark. Watermarks discourage people from misusing file contents, and helps identify the owners or authors of the content, when it was created or reproduced, and may signify if it is an original or draft copy only.

Multi-Level Encryption
Multi-Level Encryption
  • Data at Rest
    Documents are protected with federal government standard AES 256-bit encryption when stored in Convene’s local storage and web portal.
  • Data in Transit
    Wireless network transmissions to and from Convene are protected with RSA 2048-bit Transport Layer Security (TLS) encryption, providing privacy and data integrity for file transfers, VPN connections, instant messaging, and the like.
Key Management
Key Management

Documents are secured with the use of three-tier key management with random document key, user key, and system key. The cryptographic keys are protected by the use of HSM and other methods, preventing other devices from using them if the application is restored on an unregistered device.


Device Security

For a more secure mobile experience, Convene has features that protect user data from any vulnerabilities and threats.

On-the-fly Decryption Model
On-the-fly Decryption Model

When a user needs to access encrypted files on storage, only the needed parts are decrypted into memory.

Remote Data Wipe and Automatic Purge
Remote Data Wipe and Automatic Purge

Administrators can delete stored, offline data downloaded to a device. They may also opt to set automatic purging when users sign out of Convene, or when password guessing is detected. [Temporary files are never backed up to iTunes and/or iCloud.]

 

Lost Device Re-authentication
Lost Device Re-authentication

In the case of lost or stolen devices, session timeouts render data inaccessible unless the device is re-authenticated.


Secure User Authentication

Convene is widely compatible with several authentication methods to suit clients’ specific security needs.

User ID and Password
User ID and Password

Only members with registered user accounts may access Convene. They must also input their own, unique password before logging in to the system.

Touch ID
Touch ID

Users can easily log-in to Convene via Touch ID or fingerprint scanning for iOS mobile devices, eliminating the inconvenience of having to type login information every time.

Active Directory Integration
Active Directory Integration

Convene supports the integration of an organisation’s Active Directory (AD) to the app, either through Lightweight Access Directory Protocol (LDAP) or Active Directory Federation Services (ADFS). This ensures that only registered and authorised users within the organisation’s Active Directory can access Convene while eliminating the need for administrators and executives to remember another set of usernames and passwords.

SAML Single Sign-On
SAML Single Sign-On

Convene supports single sign-on using SAML 2.0. to eliminate the need to repeatedly type in passwords per login.

Multi-Factor Authentication
Multi-Factor Authentication
  • One-time Pin (OTP)
    Before a user can log-in to Convene, a verification code—which is securely and instantly delivered to the user’s registered mobile number—must be entered. The verification code is a unique, secondary password and is valid for one log-in session only.
  • Device Registration
    Access to Convene can be restricted to registered devices and browsers.
Return to Security Features

Experience Azeus Convene