Based on an innovative architecture and on the highest standard of security, Memority delivers its services trustworthy to its customers.
Based on an innovative architecture and on the highest standard of security, Memority delivers its services trustworthy to its customers.
A unique platform
Memority is a single platform with three offerings: My-Identity, My-Access and My-Keys. These three offerings share several services: data backend, cross-functional services, administration portal, functional portal, and so on.
Read more
Thereby, should a customer already use one of the offer, subscribing to another one does not require any real implementation project, but simply activates the functionalities, as the identities are already managed in the platform.
Micro-service and cloud native
Memority has been developed on microservices approach, enabling each rendered function to be specialized. This architecture facilitates maintenance, operation, version update and security.
Read more
The Memority platform relies on our Cloud providers’ own services, to take advantage of their performance. All micro-services are deployed on a container-based architecture.
Multi-tenant at application level
The Memority platform is a multi-tenant architecture. Multi-tenancy is managed at the micro-service level, not at the container level. Each micro-service works for all the client tenants deployed on the platform. Consequently, segregation between application tenants is carried out at application and data backend level.
Read more
Each customer has two tenants: a production tenant and a non-production tenant. They are located on two separate Memority platforms, with the same SLA levels. This innovative architecture enables Memority to adapt to both large accounts and middle-market companies, ensuring the best cost/value ratio.
Blue/green version update
Our development teams work in agile mode and are organized into feature teams. The platform is updated every three weeks. These updates are carried out by redeploying the microservices on a second architecture and switching between the old and new architectures.
Read more
This process ensures risk-free, transparent version upgrades for our customers. Thanks to our multi-tenant architecture, each update is carried out simultaneously for all customers.
Resilience
The Memority platform is systematically deployed on a region of one of our Cloud providers, which means that Memority is deployed on three datacenters all operating in active mode to offer maximum availability. As an option, we offer a DRP (Disaster Recovery Plan) to another region of the same Cloud provider.
Read more
In a nearby future, the DRP option will be offered to a different Cloud provider, to cover any failure of one of them.
Non-intrusive architecture
All Memority components are deployed in the Cloud. We do not deploy any components on our customers’ information systems. We are fully responsible for the availability and operation of the platform, thus avoiding a complicated RACI between supplier and customer.
Read more
Access to the customer’s information system for on-premise application provisioning is via IPSec tunnels and secure interface contracts. Exchanges with the rest of the ecosystem are made via REST APIs and standard identity federation protocols: SAML2, WS-Federation, OAuth, OpenID Connect.
Performances & SLAs
Thanks to its innovative architecture, Memority has been tested for up to 100 million identities within a single tenant, while providing service to other tenants on the same platform. The architecture is highly scalable, thanks to the dynamic addition of micro-services instances.
Read more
Memority is committed to a monthly availability SLA of 99.95%. Availability on our current cloud providers is 100%.
Hosting
Memority currently propose two Cloud providers:
• AWS for deployment in the Paris or Dublin regions
• S3NS for the Paris region. S3NS is the JV between Thales and Google. It provides a trusted cloud that will be SecNumCloud certified by 2025.
Custom architecture
Our customers are able to choose different architecture options:
• choice of Cloud provider: AWS or S3NS, or possibly GCP
• choice of region: Dublin, Paris, or possibly another region
• choice of shared or dedicated platform architecture
• choice of DRP or not
• choice of escalation to customer SOC.
Dedicated security team
Memority has a dedicated security team made of a CISO and security experts.
Risk analysis
Memority has a dedicated risk analysis for its services. It is updated annually and whenever new technical or functional components are defined (and generally whenever the risk profile requires it).
Security by design
Memority is designed for end-to-end security, in line with DevSecOps best practices. From risk analysis to the implementation of mitigation actions, source code is subject to peer code review as well as automatic static (SAST) and dynamic (DAST) code review using tools included in our development software factory.
Read more
Our senior developers are CSSLP (Certified Secure Software Lifecycle Professional) certified by ISC2.
Security architecture
The Memority architecture is divided into specialized zones based on the principle of in depth defense. All the services required for such an architecture are in place: anti-DDOS system, firewall, web application firewall, etc. All operating systems are state-of-the-art hardened.
Encryption
All our servers are surface encrypted (data encrypted at rest). All data flows, both internal and external, are encrypted (data encrypted in transit).
SOC
Memority is supervised by the Thales SOC in real time to detect intrusion attempts and counter them if necessary. An automatic vulnerability scan is performed on a daily basis to compare the software versions used with known vulnerability databases.
Vulnerability management
Based on the vulnerabilities detected and the associated criticality, Memority carries out software updates (patches or version upgrades) within a constrained timeframe, while respecting the service provided to our customers.
Read more
If necessary, while waiting for a patch to be applied, compensatory risk management measures, defined by our security team, can be implemented.
Inventory and change management
All our assets are inventoried in our Configuration Management Database (CMDB). Each change is subject to impact measurement, and internal and external communication if necessary. All changes are tracked.
Identity and authorization management
Memority has implemented the principle of least privilege and the principle of segregation of duties. Account and clearance reviews are carried out quarterly. All accesses benefit from MFA authentication.
Managing privileged accounts
Privileged accounts are nominative. Access after MFA authentication is via a VPN and through a bastion. The bastion records all administrator actions (both online commands and graphics).
Secret management
All Memority secrets linked to the platforms are stored in secure enclaves (HSM) to which access is strictly regulated.
Anti-DDOS
To avoid any risk of downtime, Memority is protected by specific anti-DDOS measures.
Crisis management
Memority has defined a crisis management plan, including in particular the specifics of cyber incidents, in order to keep customers and the relevant authorities informed and to implement remediation actions as efficiently as possible.
Audit
Two external audits are carried out each year to ensure continuous improvement.
Certifications and qualifications
Memority is in the process of obtaining ISO27001 / ISO 27701 certification (target date: second half of 2024). At the same time, the Memority security team is discussing with ANSSI the road to SecNumCloud SaaS qualification by 2025.
GDPR
Memority complies with the RGPD (General Data Protection Regulation) as a subcontractor. All processing is carried out by Memority solely at the request of customers.
Read more
We set up processes for accessing (and deleting) personal data according to our customers’ wishes.
Transparency
Our customers are authorized to audit their instances in accordance with Memority audit rules. We discuss with our customers and prospects the security measures in place and the improvements that could be made.
Would you like to find out
about our offers?