At Formotus we take your data security seriously.
As secure as you need it to be
In enterprise mobile apps there is often a trade-off between security and convenience. The more securely you lock down your sensitive data, it seems, the less convenient it is for your users to work with that data.
At Formotus we don’t think it’s our role to define your security needs or dictate your balance between security and convenience. That’s your decision. Our goal is to give you the tools and options you need to achieve whatever level of security you want to achieve.
Nowhere is this principle more clear than in our underlying data architecture.
Store and secure your own data
A core design feature of Formotus is that we do not store your sensitive company data. Simply put, you use Formotus to design and control the blank forms your workers will use, but the filled forms never come back to us.
More precisely, you use the Formotus creator to define the custom user interface, business logic, and data connection elements and deploy those as forms to your workers’ devices. You can also monitor the use of those forms with metadata about when those forms have been installed, opened and submitted by whom.
But when it’s time for your workers to submit or query data on their devices, you are in full control and Formotus is not in the loop. You can design a form that simply submits as an email attachment if that’s convenient and meets your needs. Or you can make a secure data connection to your SharePoint or other data system and require the user to enter system credentials. Alternatively, you can use a secure connection but embed the encrypted credentials right in the form so the user does not need (or get) to know the credentials.
You have many options for data connections in your forms, but they all have one thing in common: Your data travels directly between your devices and your data systems, not to Formotus.
Other security and compliance features
Mobile user authentication. In order to use the mobile app, your users need to sign in and authenticate as members of your organization. Note that the credentials used to authenticate access to the Formotus service is entirely separate from any credentials used to access your company data on, say, a SharePoint site.
Cloud console authentication. Your administrators must sign in on the Formotus cloud console, which is hosted on Microsoft Azure. As an option, you can require strong passwords for this login.
Control over form design. It’s important to understand the degree to which you are in control of the design of your own forms and how that controls security. Users can only query for sensitive data and pull it onto the mobile device, for example, if their form is specifically designed to do so. Thus you can design forms in accordance with your own security requirements and policies.
Control over form deployments & remote disable. You have complete real-time control over exactly who has access to which forms. If you undeploy a form from a person it will disappear from their device. If you remove a user from your organization they will be unable to sign into the app. Such disablement will happen immediately if the user is online, or when they next connect.
To request our white paper (Formotus Architecture, Data Security and Compliance) or if you have questions, don’t hesitate to contact us.Contact Formotus