RPA software to end repetitive tasks and transform business.
Extract information and data from documents and images
Use technology to quickly find and qualify candidates
Converse with automated solutions in real-time
Build seamless workflows to handle more complex processes
Increase automation scope to unleash new insights
Architect an operating model so your program can scale
Benchmark your performance and identify improvements
Intelligent Process Automation strategies for Success
Build capabilities and become self-sufficient
Establish environments to meet your needs now and in the future
Ensure your infrastructure is secure, resilient and can scale
Work with our team to deploy your platform to the cloud with ease
Take the hassle out of setting up a platform by using our environment
Get licenses at the best available price from a trusted reseller
Identify and prioritize the best places to look for opportunities
Scope processes thoroughly and leave no rock unturned
Standardize and simplify your processes to optimize results
Leverage our highly skilled developers to deliver solutions
Adopt the best habits as your team is guided through delivery
Rest easy knowing your team is being guided by experts
Allow us to monitor, schedule and maintain your solutions
Rely on our team when it’s time to go-live with your solutions
Stop bad code in its tracks
70% faster automation deployment cycles
Instantly create best practice automation components
End-to-end, real-time visibility of your RPA program
Operational Intelligence to simplify your Ops Management
Apps that help you Automate Better
Your intelligent automation services company.
Reveal Group partners with leading technology, implementation and consulting companies.
We are proud of the unique culture we have built and love the inspiring team we work with.
Learn how we make big teams successful
Innovative solutions for your growing business
Build self-sufficiency from the ground up
You're in great company. Learn from our customers.
Latest media articles and press releases.
Get up close and personal with our people and products
Read our in-depth original research
Watch our latest video content.
Stay up to date with the company
View our latest visual content
Reveal Group takes security very seriously and our enterprise-class security features ensure that your data is always protected. The following security information covers all the services provided by Reveal Group – Reveal OpsIQ, Reveal RoboReview, Reveal RoboDesigner, Reveal RoboManager, Professional Services & Managed Services.
Note: Reveal RoboManager is provided in collaboration with our partner Shibumi and information specific to this product has been highlighted.
Reveal Group hosts the following services (Reveal OpsIQ, Reveal RoboReview, Reveal RoboDesigner, Managed Services, Corporate Services) in Microsoft Azure. Reveal RoboManager is hosted by Shibumi in AWS. All our Azure and AWS data centers have been certified as ISO 27001 and SOC 2 compliant. Learn more about Compliance at Azure and AWS.
Infrastructure services include backup power, HVAC systems, and fire suppression equipment to help protect servers and ultimately your data. Learn more about Data Center Controls at Azure and AWS.
On-site security includes a number of features such as security guards, fencing, security feeds, intrusion detection technology, and other security measures. Learn more about physical security at Azure and AWS.
Reveal Group leverages Azure and AWS data centers in the United States and Australia.
Our globally distributed Security Team is on call 24×365 to respond to security alerts and events.
Our network is protected at the edge by Cloudflare, a global leader in cloud network security, performance and reliability. Our network intelligence technologies continuously monitor our systems, blocking known malicious traffic and attacks, identifying and flagging anomalous usage patterns across both our public and internal networks.
Our network security architecture consists of multiple security zones. More sensitive systems, like database servers, are protected in our most trusted zones. Other systems are housed in zones commensurate with their sensitivity, depending on function, information classification, and risk. Depending on the zone, additional security monitoring and access controls will apply. DMZs are utilized between the Internet, and internally between the different zones of trust.
Network security scanning gives us deep insight for quick identification of out-of-compliance or potentially vulnerable systems.
In addition to our extensive internal scanning and testing program, Reveal Group employs third-party security experts to perform annual penetration testing of our network and services.
Our Security Incident Event Management (SIEM) system gathers extensive logs from important network devices and host systems. The SIEM alerts on triggers that notify the Security team based on correlated events for investigation and response.
Service ingress and egress points are instrumented and monitored to detect anomalous behavior. These systems are configured to generate alerts when incidents and values exceed predetermined thresholds and use regularly updated signatures based on new threats. This includes 24×365 system monitoring.
Reveal Group has a multi-layer approach to DDoS mitigation, combining core technology from Cloudflare with additional tools provided by our infrastructure hosts.
Access to the Reveal Group production network is restricted on a need-to-know basis, utilizes least privilege and requires multi-factor authentication (MFA). All access attempts are logged and access control management is integrated into the security incident event management (SIEM) system. For more details aboiut our Unified Cloud-Native Security Management, please refer to Organizational Security.
In case of a system alert, events are escalated to our 24×365 team who follow predefined Incident Response Procedures.
All communications with Reveal Group systems (UI’s and API’s) are encrypted via industry-standard HTTPS/TLS (TLS 1.2 or higher) over public networks. This ensures that all traffic between you and Reveal Group is secure during transit. Transactional emails leverage opportunistic TLS to encrypt and deliver email securely.
Data is encrypted at rest using AES-256 key encryption.
Reveal Group targets at least 99.5% uptime for all our online services, excluding scheduled maintenance windows. A summary of our uptime statistics is publicly available via our system status webpage, which includes system availability details, scheduled maintenance, service incident history, and relevant security events.
All Reveal Group systems are architected with multiple redundant components at each tier, to avoid any single points of failure and maintain high availability (HA).
Full database backups are taken at least daily and incremental backups are taken every 15 minutes. Data is replicated in real-time, both within and across data centers within a region, to guarantee durability in the event of a site loss. Other systems, such as email and file storage, are backed up daily.
Our Disaster Recovery (DR) planning ensures that our services remain available and are easily recoverable in the case of a disaster. This is achieved by architecting a robust technical environment and testing to validate that everything works as anticipated.
Our engineers receive secure code training covering OWASP Top 10 security risks, common attack vectors, and Reveal Group security controls.
Reveal Group leverages modern and secure open-source frameworks with security controls to limit exposure to OWASP Top 10 security risks. These inherent controls reduce our exposure to SQL Injection (SQLi), Cross Site Scripting (XSS), and Cross Site Request Forgery (CSRF), among others.
Our code base undergoes regular QA and review, to identify, test, and triage security vulnerabilities in code.
Testing and staging environments are logically and physically separated from the Production environment. Production data is not used in our development and testing environments. Occasionally, we may need to push production data to a staging environment to investigate a support issue that may only be reproduced with specific data. Upon completion of the investigation, these data are purged from the environment.
Third-party security tools continuously and dynamically scan our core applications against the OWASP Top 10 security risks. Our security and engineering teams collaborate to test and remediate any discovered issues.
Our source code repositories are scanned for security issues via our integrated static analysis tooling.
Native authentication is used for Reveal OpsIQ, Reveal RoboDesigner and Reveal RoboReview. Single sign-on (SSO) (SAML) is available for Reveal RoboManager enterprise customers.
Native authentication features strong password policies. Compliant passwords must be a minimum 8 characters, including numbers, special characters, lower and uppercase characters. We also check passwords against a database of all publicly disclosed data breaches and these values are disallowed. Users may request an account password reset via a secure, self-service workflow.
Reveal Group follows secure credential storage best practices by never storing passwords in human-readable format, and only as the result of a secure, salted, one-way hash.
Access to data within Reveal Group applications is governed by role-based access control (RBAC), with detailed object permissions and row-level security access filters for reporting data.
Reveal RoboReview checks files for potentially sensitive data and masks it before being uploaded from the user’s browser. This ensures that the sensitive data never leaves your network and prevents it from being stored by Reveal Group. Where sensitive data is not explicitly labeled, the UI searches using standard regular expressions (regex) for the most common sensitive data types. The list of supported items is continuously under review, with a specific focus on localizations to support clients in Australia, Europe and North America. For further details on DLP, please visit our Support Center.
Due to the inherently complex nature of release files and the methods employed to detect sensitive data types, DLP is provided on a best endeavors basis.
All Reveal Group machines are fully hardened to meet acknowledged security best practices. For example, remote management protocols are managed by just-in-time access policies. Privileged access requires additional authentication and is fully audited. To reduce the potential attack surface, unused ports and services are disabled. Internet-facing components sit behind load balancers and operate on a private software-defined network, so they have no public IP addresses.
Our automated cloud-based threat protection and deployment systems enforce a comprehensive set of policies across all Reveal Group managed machines. Access to our internal systems is tied to conditional access policies, to guarantee that authenticated users must use compliant devices to access company resources.
As a cloud-native organization, Reveal Group has architected our systems to operate without a physical infrastructure footprint. We leverage state-of-the-art tools to integrate audit and logging information across our entire cloud tenancy. Azure Sentinel allows us to manage our security via a single pane of glass. It intelligently aggregates and correlates auditing, logging, alerts and incidents, while also hunting for breaches, patterns and anomalies using machine learning algorithms. Data sources include logs from networks, servers, devices and applications, plus feeds from Office 365, Active Directory, Azure, Advanced Threat Protection, Cloud App Security and other systems.
Reveal Group has developed a comprehensive set of security policies covering a range of topics. These policies are shared with and made available to all employees and contractors with access to Reveal Group information assets.
Reveal Group employees receive Security Awareness Training during their onboarding. Periodic refresher sessions are scheduled for all employees thereafter. The Security team provides additional security awareness updates via email and internal events.
Reveal Group performs background checks on all new employees in accordance with local laws. These checks are also required to be completed for contractors. The background check includes criminal, education, and employment verification.
Non-Disclosure and Confidentiality clauses are included within the standard agreements signed by all Reveal Group employees and contractors.
We use best practices and industry standards to achieve compliance with industry-accepted general security and privacy frameworks, which in turn helps our customers meet their own compliance standards. Our infrastructure partners, Microsoft Azure and AWS, undergo regular SOC 2 Type II audits. These reports are available upon request and under NDA. The latest SOC 2 Type II report can be requested here.
Reveal Group is broadly compliant with ISO 27001 and is currently working towards formal accreditation.
Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing. Reveal Group has completed a publicly available Consensus Assessment Initiative Questionnaire (CAIQ), based on the results of our due diligence self-assessment.
Learn more about privacy at Reveal Group here.
We have a number of resources that we can provide upon request.
The following resources may require an NDA on file.
– Certificate of Insurance
– SOC 2 Type II Reports
– Reveal SaaS Technology FAQ
– Reveal RoboManager Data Dictionary
– Reveal RoboDesigner Data Dictionary
– Reveal RoboRoboReview Data Dictionary
– Reveal OpsIQ Data Dictionary
– CSA CAIQ (Reveal Group)
– CSA CAIQ (Shibumi)
– Annual Penetration Test Summary
Imagine a different kind of workforce – one that learns countless skills in the blink of an eye, that becomes more efficient every day, that doesn’t sleep or take holidays, that expands and retracts with your business needs. It boosts customer service and satisfaction, increases revenues and profits and empowers your employees.
We would like to hear from you. Please send us a message by filling out the form below and we will get back with you shortly.