Emely AI is a SaaS platform which extends AI capabilities to end clients. Emely is built entirely in Microsoft’s Azure cloud, which means that all the end user data that the SaaS users interact with is contained 100% within Azure. In this white paper, we outline the security architecture of Emely AI and how it can benefit a secure organization through internal use. Please note that content in this document is also generated in part by Microsoft AI with reference links to ensure accuracy and compliance with current technologies and standards.
Emely AI leverages the security features and compliance standards that Azure offers to protect its user data and meet the expectations of its customers and regulators. It follows a security-by-design approach, which means that security is embedded into every stage of the development and deployment process. Since the security architecture is driven by 100% Microsoft Azure RBAC design, administrators can easily control, adjust and monitor permission levels and activities within their, and their clients’, tenants.
Emely AI follows a security-by-design approach, which means that security is embedded into every stage of the development and deployment process. Emely AI leverages the security features and compliance standards that Azure offers to protect its user data and meet the expectations of its customers and regulators. Some of the key aspects of Emely AI security architecture are:
· Identity and Access Management: Emely AI uses Microsoft Entra ID (formerly known as Azure Active Directory) exclusively to authenticate users and applications. Entra ID provides features such as multi-factor authentication, conditional access, single sign-on, and role-based access control (RBAC) to ensure that only authorized users can access Emely AI resources and data.
· Data Protection: Emely AI uses Azure Encryption to encrypt user data at rest and in transit, using cryptographically secure, Azure Managed Keys. Azure Encryption also supports customer-managed keys, which allow Emely AI to use its own keys or keys from a third-party key management service to protect its user data. Emely AI also uses Azure Backup to back up its user data and restore it in case of any disaster or accidental deletion.
· Network Security: All Azure resources for Emely AI are hosted within private Azure Virtual Networks, ensuring that internal application traffic never travels across the public internet. It uses Azure Firewall to protect its Virtual Network resources from malicious traffic. Azure Firewall allows Emely AI to define and enforce network access rules, filter traffic based on source, destination, protocol, and port, and integrate with other Azure services such as Azure Monitor and Azure Sentinel. Emely AI also uses Azure Application Gateway to provide secure and scalable web application delivery. Azure Application Gateway supports features such as web application firewall (WAF), SSL termination, URL routing, cookie-based session affinity, and health monitoring.
· Threat Detection and Response: Emely AI uses Azure Security Center to monitor and audit the security posture of its Azure resources and RBAC assignments. Azure Security Center helps Emely AI detect and respond to potential threats and vulnerabilities, as well as comply with security policies and best practices. Emely AI also uses Azure Sentinel to collect, analyze, and respond to security events from various sources such as Azure services, devices, applications, and third-party tools. Azure Sentinel provides features such as security analytics, threat intelligence, incident management, and automation.
· Emely AI leverages the security features and compliance standards that Azure offers: Emely AI is built entirely in Microsoft’s Azure cloud, which means that it benefits from the security features and compliance standards that Azure offers. As mentioned above, Emely AI uses various Azure services such as Entra ID, Encryption, Firewall, Backup, Security Center, Application Gateway, and Sentinel to protect its user data and resources from unauthorized access, malicious attacks, and data loss. Moreover, Emely AI meets various compliance standards such as ISO/IEC 27001, ISO/IEC 27018, FedRAMP, SOC 1/2/3 by using Azure. These standards demonstrate that Emely AI handles user data in accordance with the legal and regulatory requirements of different regions and industries.
· Emely AI is built by an MSP that understands the industry and the pain of the end users: Emely AI was created by an MSP that has firsthand experience in providing IT services and solutions to various customers. The creators of Emely AI know the challenges and opportunities that MSPs face in terms of security, compliance, efficiency, and customer satisfaction. Therefore, they designed Emely AI with these aspects in mind, aiming to provide a platform that can help MSPs create and share personalized digital content with their customers in a secure and reliable way.
· Emely AI follows a security-by-design approach: Emely AI follows a security-by-design approach, which means that security is embedded into every stage of the development and deployment process. This ensures that security is not an afterthought or a bolt-on feature, but rather a core component of Emely AI. Emely AI also follows the principle of least privilege, which means that it grants the minimum level of access that users need to perform their tasks. This reduces the risk of unauthorized or malicious actions. Furthermore, Emely AI conducts regular security audits and reviews to ensure that its security architecture is up to date and aligned with the best practices and standards.
Emely is built entirely in Microsoft’s Azure cloud, which means that all the end user data that the SaaS users interact with is contained 100% within Azure. This gives Emely several advantages in terms of security and compliance, as Azure offers a broad set of features and capabilities to help protect user data and meet various legal and regulatory standards.
Azure security features help Emely safeguard its user data from unauthorized access, malicious attacks, and data loss. Some of the key security features that Emely benefits from are:
· Azure Security Center: This is a unified security management and threat protection service that provides Emely with visibility and control over the security posture of its Azure resources. Azure Security Center helps Emely detect and respond to potential threats, as well as comply with security policies and best practices.
· Azure Encryption: This is a process that transforms user data into an unreadable form using cryptographic keys, making it difficult for anyone to access it without authorization. Azure encrypts user data at rest (when stored in Azure storage services) and in transit (when moving between Azure services or to/from the internet). Azure also supports customer-managed keys, which allow Emely to control the encryption keys used to protect its user data.
· Azure Firewall: This is a cloud-native network security service that protects Emely’s Azure virtual network resources from unwanted network traffic. Azure Firewall allows Emely to define and enforce network access rules, filter traffic based on source, destination, protocol, and port, and integrate with other Azure services such as Azure Monitor and Azure Sentinel.
· Azure Backup: This is a service that enables Emely to back up its user data and restore it in case of any disaster or accidental deletion. Azure Backup supports various backup scenarios, such as backing up files, folders, virtual machines, SQL databases, and more. Azure Backup also provides encryption, compression, retention, and recovery options for Emely’s backup data.
Emely uses RBAC and Microsoft Entra ID (formerly known as Azure Active Directory) Accounts to provide the best possible security for Azure resources and services by allowing you to control who can access what and how. RBAC stands for role-based access control, which is a system that assigns permissions to users based on their roles. Microsoft Entra ID is a cloud-based identity and access management service that authenticates and authorizes users and applications.
This design allows you to use Microsoft Entra ID Accounts in this fashion:
· You can grant the minimum level of access that users need to perform their tasks, following the principle of least privilege. This reduces the risk of unauthorized or malicious actions.
· You can use Azure built-in roles or create your own custom roles to define the actions that users can perform on specific resources or scopes. This gives you flexibility and granularity in managing access.
· You can use Microsoft Entra ID users, groups, or service principals as subjects in RBAC assignments. This simplifies the management of user identities and credentials, and enables features such as multi-factor authentication, conditional access, and single sign-on.
· You can use Azure Security Center to monitor and audit the security posture of your Azure resources and RBAC assignments. This helps you detect and respond to potential threats and vulnerabilities.
· You can use Azure Policy to enforce compliance and governance rules on your Azure resources and RBAC assignments. This helps you adhere to the legal and regulatory standards of your organization or industry.
For more information about RBAC and Microsoft Entra ID Accounts, you can refer to the following sources:
· Overview of Microsoft Entra role-based access control (RBAC)
· Azure built-in roles - Azure RBAC
· General availability: Azure RBAC for Kubernetes Authorization in AKS
· Role-based access control (RBAC) with Microsoft Entra ID on Azure Cosmos DB in public preview
· Secure your data in Azure Storage Accounts using RBAC (Role-Based Access Control)
Azure compliance standards help Emely demonstrate that its user data is handled in accordance with the legal and regulatory requirements of different regions and industries. Some of the key compliance standards that Emely meets by using Azure are:
· ISO/IEC 27001: This is an international standard that specifies the requirements for establishing, implementing, maintaining, and improving an information security management system. ISO/IEC 27001 helps Emely protect its user data from security risks and ensure its confidentiality, integrity, and availability.
· ISO/IEC 27018: This is an international standard that provides a code of practice for protecting personal data in the cloud. ISO/IEC 27018 helps Emely comply with the privacy principles of the EU General Data Protection Regulation (GDPR) and other data protection laws. ISO/IEC 27018 also requires Emely to inform its users about how their personal data is processed, stored, transferred, and disclosed.
· FedRAMP: This is a US government program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud services. FedRAMP helps Emely meet the security requirements of federal agencies and other public sector customers who use its SaaS platform.
· SOC 1, 2, and 3: These are reports that provide independent assurance on the design and operation of internal controls related to financial reporting (SOC 1), security, availability, processing integrity, confidentiality, or privacy (SOC 2), or trust services principles (SOC 3). SOC reports help Emely demonstrate to its customers and auditors that its user data is secure and reliable.
Emely AI is deployed as a SaaS application in the Azure cloud and is configured to connect to organization data sources via HTTP. Client data stored within the core application is limited to account information (subscriptions, client names, etc.) & client-specific configurations (Document store URLs, automation URLs, Q&A entries, etc.). Enterprise clients can opt to deploy their own instance of Emely AI entirely within their tenant to include their own natural language Q&A processing, though this will require in part that enterprise client obtain their own Open AI licensing directly from Microsoft, which Emely AI, Inc. can assist with. All SharePoint data, documents and other data reside in the client’s Microsoft tenant. Emely AI does not share data cross-tenant and Emely AI does not use data from one tenant to train another tenant’s instance of Emely.
Copyright © 2024 Emely AI, Inc. All Rights Reserved.
We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.