Security, Stability, Scalability:

iQmetrix’s Above-and-Beyond Security Posture and Deep Azure Integration

For telecom carriers and major wireless retailers, data security isn’t just a nice-to-have for their peace of mind — it’s essential. Here’s how iQmetrix ensures its clients’ datasets are secure and their workloads run reliably, no matter how big they get.

When it comes to telecom carriers and major wireless retailers choosing to work with a retail management software provider, impeccable data security isn’t just a nice-to-have for their own peace of mind — it’s essential. A non-negotiable. Sometimes, it’s the deciding factor in an RFP. And, in many cases, it can be a regulatory requirement. 

In telecom retail, there is a massive amount of computing workload being carried out at every moment — through iQmetrix solutions, nearly 7,000 transactions are processed every hour — along with an equally massive amount of sensitive data that is constantly being processed and managed. This includes all the end customers’ personal identifiable information (PII) data that telecom carriers and major retailers handle on a routine basis as part of their day-to-day business, including such sensitive data as credit card details and home addresses. If this were to leak, it would be hugely detrimental to the telecom brand reputation, could cost them their customers, could cost them their business license, and in some cases could result in fines and regulatory sanctions. 

In addition to customer PII, there is also a vast amount of business and operational data that brands must protect to stay competitive. A major breach may not have the same far-reaching consequences as a PII leak, but major telecom players have every reason to expect their operational data to be as well protected as the customer information flowing through their systems. 

Added to all the above is the fundamental need to use software built on architecture that is utterly reliable and has a high level of performance — no matter how busy the workload traffic, or how many users and/​or stores are on it. 

All of this means that software providers working with such major players in telecom retail have a lot to prove. A software provider such as iQmetrix must demonstrate its ilities” — the architectural attributes that our customers expect as table stakes.

These would include: 

  • security
  • scalability
  • reliability
  • performance ability
  • maintainability
  • and more besides. 

These attributes need to not only meet globally established standards, but also go above and beyond to take them to world-class level. After all, our enterprise customers are world class, and the solutions they use should be no less. 

In this mini-report, we examine what iQmetrix is doing behind the scenes to ensure its security posture and other ilities” are at world-class level, and what all this means for our clients. 

We’ll break our report down into two parts: 

Software with world-class security and stability must begin with the foundation of a world-class cloud platform that offers enterprise-grade attributes. 

iQmetrix has a deep integration with Microsoft Azure and has recently completed the full transition of all its SaaS data processing and workload onto the Azure Cloud Platform. Microsoft is one of the world’s leading and most trusted technology providers, and its Azure platform is one of the three biggest hyperscalers on the planet. 

Azure’s compliance with numerous industry-specific and international standards is a significant benefit for iQmetrix and its customers, including: 

  • Regulatory Compliance: Azure adheres to a broad array of regulatory requirements, including GDPR, HIPAA, ISO/IEC 27001, and more. This compliance ensures that iQmetrix clients’ data remains secure and meets all relevant legal standards. 
  • Audit and Reporting: Azure provides robust audit and reporting tools that help iQmetrix maintain transparency and accountability in its data-handling practices. 

Hosting workloads on Microsoft Azure allows iQmetrix to take full advantage of Azure’s comprehensive security capabilities. These include: 

  • Built-in Security Controls: Azure provides a range of built-in security controls that safeguard our applications and data. 
  • Advanced Threat Protection: Azure’s advanced threat protection mechanisms help detect and mitigate security threats, ensuring the integrity of our systems. 
  • Identity and Access Management: With Azure’s identity and access management solutions, we can enforce strict access controls, minimizing the risk of unauthorized access to sensitive information. 

Azure also offers a range of tools and resources to help iQmetrix monitor and manage its security posture effectively, such as: 

  • Azure Security Center: This unified security management system provides enhanced visibility and control over our security landscape, enabling iQmetrix to detect vulnerabilities and respond to threats swiftly. 
  • Continuous Monitoring: Azure’s continuous monitoring capabilities allow iQmetrix to track the security health of its environments in real time, ensuring ongoing protection against potential risks. 
  • Automated Security Assessments: Regular automated assessments help us identify and remediate security issues before they can affect our operations or our customers. 

Jason Collinge, Vice President of Technology, Platform Engineering and Architecture at iQmetrix, said, We are fully using all the capabilities that Azure provides to us. So, we have the enterprise-grade security that Azure provides as a starting point, which gives us a really solid base, and then we have all our additional tools and efforts on top of that.” (Read more on the latter in section 2.) 

Scalability in Surging Demand

Storing data and running workloads on Azure is not only excellent for enterprise-level security, but also for scalability as business grows and sales surge.

Collinge explained, Let’s say customers have a particularly busy season and we need to throw more resources at the workloads they’re running. Because we’re running these workloads on Azure, we can do this at the push of a button. This means we’re not beholden to procurement timelines or having to bring in equipment. Most of our applications are designed to scale automatically, minimizing the chance that the system slows down or stops responding due to high traffic.”

This ability to expand and contract as needed means that iQmetrix solutions work for any kind of telecom retail operation — from single-door operators to some of our major-player clients who have thousands of retail locations.

Clients Using Their Own Azure Tenant

One other massive advantage of iQmetrix hosting all data and running all workloads on the Azure Cloud Platform is that many enterprise-level telecom businesses have deep and mutually beneficial partnerships with hyperscalers such as Azure. This makes iQmetrix’s solutions deeply compatible with Azure-based enterprise clients’ technology strategies, who will in turn seek out software providers with complementary cloud transformation strategies. 

Amer Gill, Security Lead on the Enterprise Architecture team at iQmetrix, said, Operating our workloads on Azure allows us the elasticity to scale security based on legal, compliance and regulatory requirements. This includes enhanced controls for auditing, encryption, access controls at pace.” 

Added to that, some enterprise clients may even wish to host their data and workloads that are running through iQmetrix systems on their own Azure tenant. 

Jason Collinge explained, Most of our enterprise customers are already dealing with Microsoft Azure. They will have contracts, similar to our own Azure contract, where Azure agrees to give them partnership incentives if the client guarantees a certain level of consumption and use over a certain timeframe. 

This means the client must make use of enough computing and storage resources to generate value. So, instead of running the client’s retail management workload and customer data on iQmetrix’s own Azure tenant, we could opt to run their workloads on servers that we manage but that come under the client’s Microsoft contract. That’s one way we can support our client’s cloud transformation technology strategy over and above the unparalleled value our retail management platform already provides, even though we’re running the workload for them.” 

This results in a cost saving for the client, while having the security of their data hosted in the Azure environment, and their workloads still being run by iQmetrix. 

Waleed Ayoub, Chief Technology Officer at iQmetrix, said, Our integration with Azure empowers iQmetrix to deliver unparalleled scalability, security, and flexibility. This partnership ensures that we can meet the dynamic needs of our clients, whether they’re managing a single retail location or thousands, all while leveraging Azure’s robust infrastructure to maintain optimal performance and cost-efficiency. This seamless collaboration with Azure not only enhances our service offerings but also aligns perfectly with our clients’ cloud transformation strategies, providing them with the best possible technological solutions for their business growth.” 

Our integration with Azure empowers iQmetrix to deliver unparalleled scalability, security, and flexibility.”

-Waleed Ayoub, CTO, iQmetrix

What Happens in an Azure Outage? 

At iQmetrix, we understand the critical importance of maintaining secure and uninterrupted service for our clients, especially during unforeseen Azure outages. As a company deeply committed to supporting customer success, we have implemented proactive strategies to ensure that even in challenging scenarios, our clients’ data remains protected, and operations continue with minimal disruption. 

Our security measures include geo-redundant storage to safeguard customer data and ensure it remains accessible, even if a regional outage occurs. To further protect our clients’ operations, we leverage hybrid authentication solutions and fallback mechanisms that maintain secure access to essential systems during Azure disruptions. These measures are complemented by offline workflows designed to preserve data integrity and operational continuity, ensuring that our clients’ customer-facing services experience as little downtime as possible. 

Transparency and trust are at the heart of our operations. During any disruption, our team is committed to keeping clients informed with real-time updates, clear recovery timelines, and assurances about the safety of their data. 

On top of our Microsoft Azure foundation, iQmetrix has added building blocks of features that safeguard our security, stability, reliability, maintainability, and more. 

These range from must-haves such as compliance with established, required security standards through to over-and-above features that make our security house even more watertight. 

System Security Compliance 

iQmetrix’s solutions meet the highest of established security compliance standards, as assessed by external assessors — including PCI DSS (Payment Card Industry Data Security Standard) compliance. iQmetrix’s RQ point-of-sale and retail management solutions are also SOC (Systems and Organizational Control) 2, Type 2 compliant.

Both these compliance standards are globally recognized certifications, awarded after third-party audits that thoroughly assess core aspects of our applications and environment. They ensure and certify that iQmetrix is following industry best practices, with systems in place such as proper separation of duties between employees so that security risks are spread, and effective logging and checking of logs. They also assess whether iQmetrix has security tools in place for intrusion detection and prevention, and antivirus systems. SOC 2 certification affirms that a company’s infrastructure, software, people, data, policies, procedures and operations have been formally reviewed, and every measure has been taken to protect the data and assets of clients and their customers. 

Jason Collinge said, These third-party, independent audits ensure that we’re not just saying we’re doing all these things, but that we’re actually doing them.” 

He added, We are also one of the few organizations out there that has a full PCI level one environment that we run ourselves. Most point-of-sale and retail management software providers don’t do that themselves — they outsource that to somebody else.” 

However, for iQmetrix, compliance with recognized security standards is our own table stakes” — the bare minimum level that we deem acceptable. iQmetrix goes over and above these levels in its security features to ensure standards are even higher. 

Even if the whole East Coast were to go offline tomorrow, their data is on the West Coast as well, so they don’t lose any of it.”

—Jason Collinge, VP Technology, Platform Engineering and Architecture, iQmetrix

Over-and-Above Security Levels 

Within the Azure environment, all data at rest” is stored in an encrypted state, and iQmetrix applies additional encryption levels on an as-needed basis, where it is best practice to do so or iQmetrix considers the information to be particularly sensitive. 

Collinge said, We’re giving our clients’ specific segments of data the personalized attention it needs to be fully secure.” 

In addition, depending on the nature of the client and their data and workloads, iQmetrix provides numerous levels of redundancy — duplication of data as a back-up — and availability.

Collinge said, We make sure to address what happens when things go wrong. Even if there are problems with Azure servers or the internet or whatever may happen, our clients want to know their data is secure. Not just from a security standpoint, but also from an availability perspective — to be sure we’re not going to lose their data. We can provide multiple layers of redundancy based on the client’s need. 

For example, you can have multiple servers hosting the data, and then you can have cross-regional redundancy as well. Let’s say most of the servers are in a data center in Azure East — we can replicate the data in Azure West.”

This way, even if the whole East Coast were to go offline tomorrow, their data is on the West Coast as well, so they don’t lose any of it.”

Building on Trust: A Secure Foundation for the Future 

IQmetrix’s success depends on earning and maintaining the trust of its clients, partners, and stakeholders. Recognizing the critical importance of this responsibility, we launched our Secure Software Initiative in 2022 — a company-wide effort to redefine how we approach security in every aspect of our product development. This initiative brings together all parts of the organization to adopt a Secure Software Development Lifecycle (SDLC) that is both effective and measurable. 

To guide our journey, we implemented a Software Assurance Maturity Model (SAMM) — a flexible, risk-driven framework that supports the complete software lifecycle while remaining agnostic to technology and processes. SAMM provides a structured and measurable approach for improving software security across five key business functions: Governance, Design, Implementation, Verification, and Operations. By embedding security into each of these areas, we ensure a holistic and proactive approach to protecting our clients and their data. 

Application security goes beyond deploying tools and conducting tests; it involves harmonizing people, processes, and technology to comprehensively manage and mitigate application security risks.”

— Amer Gill, Security Lead at iQmetrix

Core Tenets of Security

The Secure Software Initiative is built upon the five core business functions, strengthened by the use of Azure technologies:

Governance: Establishing policies, processes, and accountability to ensure security is prioritized at every level of the organization. This includes aligning security goals with business objectives and maintaining transparency for stakeholders. Azure Policy enables us to enforce governance rules across our cloud infrastructure, ensuring that resources comply with organizational standards. Azure Sentinel further strengthens governance with proactive monitoring and actionable insights.

Design: Embedding security into the architectural and design phases of development. By anticipating potential vulnerabilities early, we create resilient systems that can adapt to emerging threats. Azure Architecture Center provides guidance to implement best practices for secure and scalable designs.

Implementation: Ensuring that code is written with security in mind. This involves following secure coding practices, performing regular code reviews, and leveraging tools to detect and prevent vulnerabilities. Azure DevOps integrates seamlessly into our SDLC, offering secure repositories, automated testing, and CI/CD pipelines. With GitHub Advanced Security, integrated into our workflows, we identify vulnerabilities in code early through dependency scanning and secret management.

Verification: Continuously testing and validating the security of applications throughout the development lifecycle. This includes employing automated testing, penetration testing, and other methods to confirm the integrity of our systems. Azure Application Insights allows us to monitor and analyze application performance and potential issues, while Azure Security Center enhances threat detection and vulnerability management. These tools ensure that security validation is an ongoing, automated process. 

Operations: Proactively monitoring and maintaining systems to address threats and vulnerabilities as they arise. This involves leveraging advanced security tools and practices to ensure operational resilience. Azure Monitor provides real-time visibility into system health and performance. Azure Key Vault ensures secure storage of secrets, certificates, and encryption keys, while Microsoft Defender for Cloud delivers advanced threat detection to protect applications and infrastructure. 

Driving Continuous Improvement

iQmetrix’s commitment to evolving application security is proven by the concrete improvements we’ve made to our security assurance program. 

Gill stressed the importance of taking a strategic, forward-looking approach to application security. He said, Application security is a continuously evolving discipline — our multi-year Maturity Action Plan ensures we are building a strong, adaptable, and sustainable security foundation. This approach helps address specific application security challenges and objectives by providing an actionable roadmap for our security and development teams.” 

By embedding these principles and frameworks into our Secure Software Initiative, iQmetrix ensures that security is not just an operational priority — it is a foundational commitment. 

Additional Protocols in Place

In addition to all the above programs and security features, iQmetrix has a range of protocols in place to improve security and maintainability, beyond what the company is required to do. 

One simple example is password complexity requirements. The PCI standard is not as high as iQmetrix deems necessary, so iQmetrix solutions impose higher levels of complexity requirements. Collinge said, This may not be a thrilling talking point, but it’s a great example of where we evaluate for ourselves whether we think that’s good enough or whether we need to go above and beyond.” 

When it comes to maintainability and ensuring that clients are unaffected by back-end changes, there are also many application-level processes in place. 

An example here would be backwards compatibility.” This is where iQmetrix might make changes to a solution the client works with and, because their systems are interconnected with iQmetrix APIs, their systems will keep working no matter what is happening on the back end. 

iQmetrix also operates canary” releases on small segments to test out that changes are working properly before rolling them out more broadly, in a way that has zero impact. 

Mostly our customers find that they suddenly have new features or capabilities appear, or they see performance improvements or other features that we’ve been doing, without any indication from their side that anything has happened. It just works.

-Jason Collinge, VP Technology, Platform Engineering and Architecture, iQmetrix

In the end, iQmetrix is not the only business that has compliance obligations when it comes to security — our clients do, too. With iQmetrix offering such robust security features, from running enterprise workloads on Azure to all the added protocols in place, this ensures our clients can fulfill all their own security and compliance requirements and keep their data safe. 

Waleed Ayoub concluded, Our commitment to third-party audits like PCI DSS and SOC 2, Type 2 underscores our dedication to security excellence. These certifications are outward-facing confirmation that we’re not just meeting industry standards but exceeding them to protect our clients’ data. Ultimately, our comprehensive security features and agile response capabilities mean that our clients can focus on their core business operations, confident in the knowledge that their data is protected and their compliance obligations are met.” 

Learn more about how iQmetrix can personalize security measures to meet your needs.