Mago.io
  • Welcome to Mago Knowledge Base!
  • Prerequisites setup
    • Hardware, OS and Software Requirements
      • Multiple Display supported Scenarios
      • How to enable Bluetooth BLE (proximity) for BYOD Features
    • Network Requirements
    • Wireless Display
      • I am unable to see Miracast (AirServer) as a destination to mirror to
      • Fixing Miracast Issue with some Wifi Chipsets
    • MS Teams best practices
      • (optional) Disabling Chat in Teams accounts
    • Zoom best practices
    • System Hardening Best Practices
    • How to Create a Room Resource for Calendar Events
      • Google Workspace
      • Microsoft 365
        • Setup a room resource
        • Configure a Room resource
    • OS Updates, Drivers & firmware
      • OS Windows update policy
      • Update policy for Drivers and Firmware (Intune)
      • Mago Room Update
  • Installing Mago Room
    • Installation steps overview
      • ✍️Pre-requisites checklist
      • 1️⃣Install and configure Windows 10/11 OS
      • 2️⃣Install and configure Mago Room
        • Getting Mago Room
        • Installing Mago Room
          • Deploy Mago Room with Software Distribution (Silent Install)
        • First Configuration (Wizard)
        • Advanced Settings
      • 3️⃣Post-installation checklist
  • Cloud Management & Analytics Console
    • How to Create an IT Admin User Account and Manage Mago Room and Licenses
    • Adding a Room in the Valarea Management Console
    • Using the Mago Room ADMIN Console
      • Rooms List
      • How to Create Groups and Tags
      • How to create Policies
      • How to Assign Policies
      • Create and Schedule a Task
    • Analytics Console
  • FAQ
    • Frequently Asked Question
      • Mago OAuth scopes and permissions explained
        • Mago Room OAuth scopes
        • Mago Workspace App OAuth scopes
      • Important Configuration Files
      • Antivirus & Firewall exceptions
      • Installing Mago Room on existing Room systems (MTR or Zoom room hardware)
  • Videos for training
    • Videos for training
  • Mago Essential
    • Setup Guide
      • Requirements
      • Hardware installation
      • First configuration
  • TECH DOCS
    • 🛡️Security White Paper
      • Introduction
      • Reliability
      • Application Security
      • Mago Room Security
      • On-Cloud / On-Premise Deployment Security
      • Encryption
      • Vulnerability Management
      • Mago Information Security
      • Physical Security
      • Conclusion
    • ℹ️Dec 14, 2021 | Vulnerability Statement | Log4j
    • 📄Privacy Policy
    • 📱Mago Workspace for Android - Data safety
  • Support
    • Mago Helpdesk and Support
Powered by GitBook
On this page
  • Our Policies
  • Employee Policy and Access
  1. TECH DOCS
  2. Security White Paper

Mago Information Security

Mago has established an information security management framework describing the purpose, direction, principles, and basic rules for how we maintain trust. This is accomplished by assessing risks and continually improving the security, confidentiality, integrity, and availability of the service. We regularly review and update security policies, provide security training, perform application and network security testing, monitor compliance with security policies, and conduct internal and external risk assessments.

Our Policies

We’ve established a thorough set of security policies covering the areas of information security, physical security, incident response, logical access, change management, and support. These policies are reviewed and approved at least annually, and are enforced by the Mago Security team. Employees, interns, and contractors participate in mandatory security training when joining the company and ongoing security awareness education.

Information Security

Policies pertaining to user and Mago information, with key areas; authentication requirements; data and systems security; user data privacy; restrictions on and guidelines for employee use of resources and handling of potential issues

Physical Security

How we maintain a safe and secure environment for people and property at Mago (see Physical security section below)

Incident Response

Our requirements for responding to potential security incidents, including assessment, communication, and investigation procedures

Logical Access

Policies for securing Mago systems, user information, and Mago information, covering access control to corporate and production environments

Change Management

Policies for code review and managing changes that impact security by authorised developers to application source code, system configuration, and production releases

Support

User metadata access policies for our support team regarding viewing, providing support for, or taking action on accounts

Employee Policy and Access

Upon hire, each Mago employee is required to complete a background check and sign a security policy acknowledgement and non-disclosure agreement. Only individuals that have completed these procedures are granted physical and logical access to the corporate and production environments, as required by their job responsibilities.

In addition, all employees take part in mandatory security training for new hires, an annual security education program, and receive regular security awareness training via informational emails, talks/ presentations, and resources available on our corporate knowledge base. Employee access to the Mago environment is authenticated using a combination of strong passwords, passphrase-protected SSH keys and two-factor authentication. Remote access requires the use of VPN protected with two-factor authentication, and any special access is reviewed and vetted by the security team.

Access between networks is strictly limited to the minimum number of employees and services. For example, production network access is SSH key-based and restricted to engineering teams requiring access as part of their duties. Firewall configuration is tightly controlled and limited to a small number of administrators.

In addition, our internal policies require employees accessing production and corporate environments to adhere to best practices for the creation and storage of SSH private keys. Access to other resources, including data centres, server configuration utilities, production servers, and source code development utilities are granted through explicit approval by appropriate management. A record of the access request, justification, and approval are recorded by management, and access is granted by appropriate individuals.

Mago employs technical access controls and internal policies to prohibit employees from arbitrarily accessing user activity, user data and other information about users’ accounts. In order to protect end user privacy and security, only a small number of engineers responsible for developing core Mago services have access to the environment where user data are stored. Accessing users’ data is only performed for troubleshooting needs, and only with users’ explicit consent. All employee access is promptly removed when an employee leaves the company.

PreviousVulnerability ManagementNextPhysical Security

Last updated 1 year ago

🛡️