First, your files are always under your control on your file servers. Second, any user trying to access your Olympus.io application must have 2 factor authentication which you control with your corporate email system. Finally, all traffic to and from your Olympus.io app is tunneled with TLS 1.2+ encryption meeting NIST SP 8000-52 Revsion 2 and HIPAA guidelines for encryption-in-flight.
At Olympus.io we build security in during the software development process. We run nightly scans for all code check-ins to verify against suspect code leveraging the OWASP framework. We also peer-review all components and libraries included in the software at build-time.
The Olympus.io app has been through external third party penetration testing. Automated tools such as those by Qualys are also run on a daily basis for continuous vulnerability detection, assessment and remediation. Because the application runs in your own virtual machine, you can also perform your own penetration test at the time of your private deployment.
All access is governed through Active Directory. If you want only a subset of your users to be authorized to use your Olympus.io service, then you can create a security group for Olympus.io and add your authorized users to that group. A configuration in the Olympus.io admin portal allows you to restrict only members of that security group to login to the application.