
Answers to common Information Security or IT/Technical questions
Brief description of empower express
empower® express is a blend of the world's most used PowerPoint content management system with the Microsoft Office design and technical knowledge of a global Microsoft Office design agency.
empower® GmbH is a Microsoft Partner, who develops the world‘s most popular PowerPoint content management software called “empower®”. empower® enables any user to have access to all of their company PowerPoint content, directly within PowerPoint by utilising the Microsoft's Azure cloud.
Right Aligned Limited, is a design and deployment partner of empower® GmbH. We are responsible for empower® express‘ pre-sales tasks, installation support, system training and library administration. We are the "express" part of empower® express. Right Aligned's consultants customise the empower® platform for businesses who do not require it for their entire enterprise, or who have a license requirement below that of an empower GmbH's enterprise client.
empower express slides cloud data security
In terms of data security, this is initially secured via Microsoft Azure AD protocols. Before any user is allowed library access they must authenticate themselves on the empower® cloud Azure AD. This process involves;
1. The user providing their Microsoft 365 compliant email address
2. an empower® express admin adds this email to the empower® express cloud Azure AD which automatically sends a verification email to the user inviting them to log-on
3. The log-on prompts the user to confirm their email and password (empower® express never has access to the users email password) using the standard Microsoft login dialogue
a) If the users Microsoft email account requires multi-factor authentication (MFA) the user is then prompted to authenticate using Microsoft’s two-step process which includes;
i) downloading the Microsoft Authenticator app to their phone
ii) verifying their account by either push notification to their mobile phone or by entering a code sent to their mobile.
4. Once the user successfully authenticates themselves they are granted read-only access to the empower® express database. At this point they can only access generic content from, and cannot save anything to, the database.
5. Assuming the user is from a new empower® express customer, our admin creates a group in Azure AD for this new company and adds the user(s) to this group. Permissions within the empower® express database are controlled at the folder level via Azure AD groups or individual users. As a best practice we assign users to groups and usually only assign library folder permissions via Azure AD groups.
6. We then set up your company‘s folders where only your users (and our admin team – strictly for the purposes of administration) have read or write access. These folders are;
7. Folders with editing rights
a) A company folder to save presentations, individual slides, or any other PowerPoint content
i) An element folder where users can save individual slide elements
ii) A folder for your company template(s)
b) Our admins allow your users access to a generic, non-confidential, read-only store of PowerPoint content such sample charts, tables, icons, images, maps, flags etc.
In summary;
-
empower® express slides is securely siloed per company account
-
the users of each company can only view the company content they have permission to see and/or use
-
Rights can be revoked or updated at any time via Azure Active Directory by system administrators, who are limited to a small number of admin and tech support members at Right Aligned or empower® GmbH.
Does empower® express require that client's information be accessed and retained?
Only whilst a client maintains an active subscription to the empower® express service. Upon termination of their subscription, no client information will be stored on the system, nor will it be used for any purpose.
During an active subscription a few technical empower GmbH and Right Aligned Limited admins have access to the empower® Cloud to perform important maintenance and support tasks. All accesses by empower® express admins are protected via MFA and are logged.
As part of the empower® express Terms & Conditions, empower GmbH and Right Aligned Limited recognise the client's ownership of all intellectual property rights for their content and agree not to disclose, or use, any of the clients information, for any purpose, without the clients written consent.
Access to the clients information is necessary to perform these empower® express services;
-
assisting the client with loading the client's information into the system. This typically includes saving the clients PowerPoint template(s) into the system to customise the client's empower® instance to their corporate brand
-
providing technical assistance to clients to retrieve client information accidentally deleted or altered by the client. This will only be done where the client has specifically made this request in writing, usually via email.
Does empower® express include software that is created and maintained by you, the service provider?
empower® express is a blend of empower® GmbH's PowerPoint content management software with Right Aligned's Microsoft Office design and technical knowledge. Right Aligned's partner, empower® GmbH, participates in the Microsoft Compatibility Lab, ensuring their software is always compatible with the most recent MS Office updates. Microsoft itself is also empower® GmbH's client.
Does empower® express provide the client with a SaaS solution, residing on infrastructure that is not controlled or maintained by the client, such as a cloud provider or servicer owned data centre?
The empower ® Cloud is based on the Microsoft Azure platform and uses the latest technologies and security standards to keep all customer data secure.
All customer data is isolated from other customers and is processed and stored exclusively in EU based Microsoft Azure data centres which are protected under the European GDPR data regulations. All content in the cloud is only accessible through secure authentication. All data entering and leaving the cloud is transmitted using SSL (Secure Sockets Layer) technology. All data stored in the cloud is encrypted at rest. And all data is backed up within the Azure cloud and region.
Activation questions for empower charts & slides - is activation sent the same way?
Where is the license activation service/server located?
The License activation server is located in the empower® Azure cloud, which is hosted in Microsoft's Western Europe region (The Netherlands).
Is license data encrypted in transit and at rest?
Yes, all data is encrypted during transit and rest
What data is sent to the activation server?
empower products are offered on a per user license basis. Therefore, the following information is stored on our activation server:
-
SID (Active Directory ID),
-
login name,
-
product,
-
version number,
-
activation date of license,
-
expiration date of license.
What is the name of the vendor server?
The application backend infrastructure is hosted in Microsoft Azure. For security reasons, we do not provide additional configuration information
What is the vendor IP address?
The application backend does not use a static IP address. It is reachable under the hostname express.empowersuite.cloud.
Protocol & Port?
HTTPS (Port 443)
Technical information on the empower slides back end can be found by clicking this link;