OneConnect is a cloud-based platform.  It allows for connecting a variety of systems together to reduce the need to manually enter data in multiple systems.  We have many pre-built integration solutions to resolve common issues when using a variety of applications.  Since the platform is flexible, additional customer-specific use cases can be developed using the core platform capabilities.  OneConnect has an admin site to add and manage the integrations.  This allows for the setup and management of integrations without the need to update code.  Updates are made through the admin site user interface.  Based on business needs, data can move either directions (or both) between systems.  Data syncing can be time-based on schedules, on demand (button click), or real time triggered by events.  

OneAnalytics is powered by OneConnect and therefore works the same as described in this article.  It is essentially an integration that collects project site data form Project Online project sites, and syncs it into a SQL database for easy reporting.  This includes custom lists and fields that are not able to be reported on with the out of box Project Online Odata feed.  This SQL database can be hosted by us or by you.  Azure SQL as a service is defined.

• Brings Improved Portfolio Alignment to Organizational Goals and Objectives
• Robust Project Portfolio Management (PPM) Software Can Integrate All Work & Resources Into a Single View
• OneConnect Quickly & Reliably Brings Together Disparate Business Systems
• Provides Holistic View of Resource Availability and Efficiency
• Allows for Better Forecasting and More Realistic Expectations
• Improved Governance for Planning, Executing, and Reporting

One Connect is hosted in Azure as a muti-tenant SAAS service.  It can connect to both cloud and on premise applications.  OneConnect uses your Office 365 authentication.  We do not store customer data in One Connect (project names, user info, etc).  We only store Unique Item IDs (like 1234-3456-5678-6788) and timestamps of when the item was sent, for performance reasons.  All data is encrypted on transit via SSL using Digicert certificates in TLS 1.2.  All usernames and passwords (service credentials for accessing integrated systems) are encrypted using Azure Key Vault.  API keys / token based methods are used instead of user names and passwords where supported.  

Azure internet relays can be used to connect securely to on premise applications without the need for opening ports on firewalls.   For more information on relays use the following link: https://screensteps.oneconnect.ai/a/848451-what-is-a-relay

Azure has a variety of certifications and is very secure.  You can access more info here: https://www.microsoft.com/en-us/trustcenter/security/azure-security

For SOC reports use the following link.  

https://www.microsoft.com/en-us/trustcenter/compliance/soc

We utilize Pentest-Tools.com for network penetration testing our applications to verify there are no unknown risks.  We also utilize the Security Code Scan extension for Visual Studio to scan our source code for code level vulnerabilities.  We follow OWASP standards.  As changes are made to our application and / or network settings, we re-scan to verify no issues have been created.  If a issue has been created we will resolve it before pushing it to production.  If a issue is found in production, we will resolve it immediately.  

The below attached files contain more information.  The first is a filled out CAIQ security document with answers to common security questions.  The second is an application architecture diagram.

https://screensteps.oneconnect.ai/a/848451-what-is-a-relay