Hii Retail Security FAQ

Built upon Google’s secure-by-design cloud infrastructure, our Hii Retail solutions employ a defense-in-depth architecture to safeguard the confidentiality, integrity, and privacy of your data. We adhere to industry-standard security frameworks, including ISO/IEC 27000:2018, maintaining rigorous security controls in our software development and SaaS operations. To receive updates on security-related matters, sign up here.

FAQs

Are Hii Retail services vulnerable to ransomware attacks?

In a ransomware attack, data is encrypted and rendered unusable. The data can only be decrypted if the data owner is willing to pay a ransom in exchange for a key held by the attacker. Ransomware is only effective if the data has value to the owner. That value is directly proportional to the difficulty the data are to recover.

The majority of Hii Retail services are stateless by design, meaning they do not rely on stored data. Thus, these services hold no ransom value. When we must store data, for example in a file system or database, we perform regular backups and ensure that data can be restored quickly and with minimal loss.

Lastly, all application code and configuration we deploy on the Hii Retail platform is sourced from version control and deployed using automated processes. This is how we achieve operational scale, allowing a single engineer to deploy entire systems in minutes. If a system is compromised, we are able to destroy it and replace it with an unaffected clean version within minutes.

How does Extenda Retail protect its software from security vulnerabilities?

We focus on security throughout the entire development lifecycle, employing controls at each stage of development aimed at detecting and remediating the potential for risks introduced by every change. Controls include, but are not limited to:

  • Automated detection of known vulnerabilities in software dependencies
  • Static analysis of application code for the detection of security defects
  • Automated detection of misconfigurations in infrastructure as code
  • Scanning of container images for known security vulnerabilities
  • Mandatory peer reviews before code changes can be merged and deployed
  • Scanning of deployed web applications for vulnerabilities including OWASP Top 10

How does Extenda Retail protect its development environment from unauthorized access?

As a pure cloud service, Hii Retail has no on-premise development infrastructure. Nor do we maintain test environments, or other physical or virtual test systems within our corporate estate. Instead, all development is performed on the local developer workstation, or within an environment on the Google Cloud Platform. Security control standards implemented within non-production environments are equal to those within the production environment.

We have implemented a zero-trust security model. Access to non-production systems, whether within the Google Cloud or within the perimeter of our corporate estate, cannot be used as means to circumvent security controls to gain access or to deploy changes to production systems.

How is data encryption handled?

All Hii Retail data is encrypted by default when stored on the Google Cloud. Neither Extenda Retail nor its customers are responsible for enabling or configuring this encryption. Encryption cannot be disabled by any means by Google, Extenda Retail, or its customers.

Every accessible Hii Retail service is configured to accept connections using Transport Layer Security (TLSv1.2 or above). This ensures that all data in transit between Hii Retail systems and our customer systems and users is encrypted. Unencrypted data channels are not present or available for use by our customers.

How is Hii Retail data protected from loss or corruption?

We follow all Google design guidelines to achieve the highest possible data resiliency and durability targets. Many of Google Cloud’s services are durable by design, automatically replicating data to multiple redundant locations within a geographic region. To protect the integrity of data, we establish tested backup and restoration processes to ensure that data can be recovered within the stated time and recovery objectives in our published Service Level Agreements.

What responsibility do I have as Extenda Retail's customer?

It is the customers’ own responsibility to protect their own network, hardware and devices.

Security best practices

Explore these best practices for meeting your security and compliance objectives as you deploy workloads on Google Cloud.

Google Cloud security best practices center

Whitepapers

“BeyondProd: A new approach to cloud-native security”

“Google Infrastructure Security Design Overview”

This website uses cookies

Cookies ("cookies") consist of small text files. The text files contain data which is stored on your device. To be able to place some type of cookies we need your consent. We at Extenda Retail AB, corporate identity number 556229-6326 use these types of cookies. To read more about which cookies we use and storage duration, click here to get to our cookiepolicy.

Manage your cookie-settings

Necessary cookies

Necessary cookies are cookies that need to be placed for fundamental functions on the website to work. Fundamental functions are for instance cookies that are needed for you to use menus and navigate the website.

Functional cookies

Functional cookies need to be placed for the website to perform in the way that you expect. For instance to remember which language you prefer, to know if you are logged in, to keep the website secure, remember login credentials or to enable sorting of products on the website in the way that you prefer.

Statistical cookies

To know how you interact with the website we place cookies to collect statistics. These cookies anonymize personal data.

Ad measurement cookies

To be able to provide a better service and experience we place cookies to tailor marketing for you. Another purpose for this placement is to market products or services to you, give tailored offers or market and give recommendations on new concepts based on what you have bought from us previously.

Ad measurement user cookies

In order to show relevant ads we place cookies to tailor ads for you

Personalized ads cookies

To show relevant and personal ads we place cookies to provide unique offers that are tailored to your user data