Privia Security

Ensuring Secure Proposal Development

High-performing proposal development teams require a solution that provides real-time collaboration across organizations with many contributors. Administering appropriate access and authorization of a system's users is only one aspect of managing the integrity and security of sensitive proposal content. Web-based platforms that enable teams to work together online are vulnerable to cyber attacks and other security breaches. 

Privia has been designed around a core security architecture from the ground up. Throughout the functionality development process, careful consideration is made to ensure secure data. And, every modification to the product goes through a security review before it is put into production. Elements of Privia's secure architecture include:

Two-factor Authentication

Online solutions that are accessed by multiple users from multiple devices are susceptible to attacks by theft of a user's login and password. Privia has built in two-factor authentication to make sure that user accounts cannot be compromised by brute force password guesses. With two-factor authentication, users verify their login with a second confirmation, particularly when logging in from new locations or machines.


SOX-compliant Authentication Controls

The Sarbanes-Oxley Act requires internal controls to protect the integrity of and access to financial data. Access to Privia accounts is controlled with three systems that can be separated to three different groups of control. For a user to log onto a Privia server, the user must:

  • have a valid account on the server or domain – which can be controlled by IS
  • be a member of a unique group for the Privia application – which can be controlled external to the Privia server
  • be assigned a license through the Privia application

Non-reversible Password Encryption

All passwords for end users are stored in non-reversible encryption and are not stored in the primary Privia database. This cryptographic technique uses the user’s password to encrypt two keys that are unique to each system and the encrypted keys are then used to encrypt two strings that are unique to each system.


TLS 1.2 Encryption

Privia servers use TLS 1.2 by default and disable the older, and vulnerable, SSL technology. All communications between the server and both the web and installed windows client are encrypted at all times. The only port that is ever needed on a Privia server is 443, making it easy to lock down a Privia server with a basic firewall.

Man-in-the-middle Attack Prevention

From the start Privia has incorporated a handshake protocol for both the web client and the installed windows client to prevent man-in-the-middle attacks. When a client connects to a server, the server responds to redirect the client to the server’s public interface and will not accept connections if it doesn’t come directly from the client to the server.


Cross Site Scripting (XSS) and SQL Injection Prevention

Every release of Privia is put through a rigorous test to verify that Cross-Site Scripting and SQL Injection vulnerabilities are blocked by the application. The tests conform to OWASP best practices and ensure that a Privia server can safely be exposed to the internet without opening up vectors for attack.

Want to Learn More?

Schedule a Demo