MicroStrategy Express: Security Framework
|
|
- Oliver Alexander
- 8 years ago
- Views:
Transcription
1 MicroStrategy Express: Security Framework
2 I. Introduction... 2 II. Employing Best Practices... 2 Expertise... 2 Certifications and Compliance... 2 III. Application, Platform, and Physical Security... 3 Application Security... 4 Platform Security... 5 System Security... 6 Physical Security and Protection... 6 IV. Operational Readiness... 7 Risk Management Framework... 7 Information Security Program... 7 System Serveillance... 7 Incident Management... 7 Communication Plan... 8 V. Redundancy... 8 VI. Contingency Planning... 8 System Recovery... 8 Data Recovery... 9 VII. Conclusion... 9
3 I. Introduction Many organizations have legitimate concerns about the privacy and security of their data in the cloud. MicroStrategy understands this, and protecting its customers data is of paramount importance. Threats to data security can come in many forms, including cyber-attacks, on-site tampering, as well as destruction due to acts of nature. These threats exist whether an organization manages its own data or entrusts it to an organization like MicroStrategy. Protecting data against a wide array of highly complex and insidious dangers is not easy. That is why MicroStrategy Cloud has assembled a dedicated services team and charged them with putting in place stringent security measures, based on industry best practices. MicroStrategy s goal is to ensure its customers data is as safe and secure as possible in the MicroStrategy Cloud environment. Moreover, MicroStrategy continues to invest and innovate to stay ahead of the evolving threats to data security. MicroStrategy employs a multi-pronged strategy to securing systems and data. First, MicroStrategy ensures that the Cloud environment meets or exceeds industry best practices by investing in expertise and staying compliant with the many industry standards and frameworks. Second, MicroStrategy has put in place a wide array of counter-measures to ensure application, platform, and physical security. Third, MicroStrategy uses independent, third-party audit services and uses internal monitoring and alerting systems to neutralize any threats. Finally, MicroStrategy ensures high availability through the use of redundancy and reliable backup procedures. Table 1 on the next page provides a summary of MicroStrategy s multi-pronged strategy as well as specific tactics. With Express, individuals now have access to MicroStrategy s award-winning business intelligence directly, without need of a planned data model, or a large infrastructure. Instead, users are given only a subset of functionality that is most relevant to their direct needs. This, coupled with MicroStrategy s focus on data privacy and security, gives nontechnical business users the ability to deliver high-performance and secure applications with ease. II. Employing Best Practices Expertise In order to keep pace with cyber security threats, MicroStrategy employs a highly qualified team of security experts to develop a security program around adaptive defense. Further, since inception, MicroStrategy has been built with the philosophy of bringing together the best, brightest, and most experienced engineers and computer scientists. The Express team is no exception. This group of highly experienced software, BI, network, storage, and security engineers have put in place industry tried-and-tested security countermeasures and processes to safeguard data throughout the cloud environment. Certifications and Compliance Express servers are hosted in an SSAE 16 compliant facility. 2
4 Table 1. Overview of MicroStrategy Cloud Security Strategies Strategy Detail Best Practice Expertise and Investment Customers leverage MicroStrategy s significant investment in securing the cloud environment using best practices. Cyber and Physical Security Application Security User, project and object level authentication Enables enforcement of strong password protection and management Secure date transmission Platform Security Physical Security Operational Readiness System Audits Perimeter firewalls Intrusion detection process in place Multi-tier architecture Support for secure connectivity (SSL, VPN, and others) IP obfuscation and Encrypted communication SSAE-16 Type II compliant hosting facility 24x7 security including video surveillance Biometric access to locked cages Redundant, fault-tolerant designs Network Operation Centers (NOC) that operate 24x7 and have global reach Independent audits of security controls Internal reviews to assess conformance to the information security policy Monitoring, Alerting, and Reporting Continuous monitoring of logs, alerts, and notifications Well defined incident management, escalation process, and communication plan Redundancy and Disaster Recovery Capability Redundancy Redundant infrastructure, including servers and network components Redundant operating environments (VMs) Disaster Recovery Capability Data and system recovery processes support disaster recovery plan III. Application, Platform, and Physical Security There are at least three areas of vulnerability that any public facing computing platform must protect. First, at the application layer, the system must be able to thwart any unauthorized attempt to access data. Second, at the platform layer, the underlying architecture and control mechanisms should ensure the integrity and security of the data. Third, at the physical layer, sufficient obstacles must be put in place to make it difficult for any unauthorized persons to access the systems directly. Any security counter measures that are put in place must, at a minimum, 3
5 protect these three areas of vulnerability. This section describes the details of how application, platform, and physical security are applied to Express APPLICATION SECURITY Overview A successful application security implementation uses a multi-layered approach to role-based authentication control (RBAC). This ensures only authorized users are able to access the system and users are only able to view or update data they are authorized to see. Express offers both standard username and password authentication, and integration with Usher, a MicroStrategy application which provides full digital validation of identity. Once a user gains access to Express, their access is restricted only to objects and data leveraged by those objects which they have been granted access to. As Express does not work off of an object based model, connections to the data itself are not reusable. Authentication Modes Express offers authentication via both MicroStrategy-Based Authentication, and through the Usher Application Server (part of the Usher Mobile Identity Network) from MicroStrategy ( The former follows industry standard authentication authority to process username and password to grant access. The latter uses a digital authentication application, which allows a user to prove their identity with hardware (i.e. an ios or Android device) rather than a username and password. Object Security By default, no dashboard can be seen by any user other than its creator. In order to grant access to a dashboard, a creator must choose to share the dashboard or application, and specifically add users to the access list. At this point, only if the user has a valid Express subscription, will they be allowed to access the dashboard. The permission to access the dashboard can be removed from any user at any time within the same mechanism. The removal of permissions will be instantaneous. In addition, row level security can be granted through the personalization process. At the level of each individual dashboard access can be restricted to specific data elements, thereby allowing the user access only to the rows that are relevant to him or her. This row level security is applied whether the user accesses the data interactively, via delivery, or any other method. Data Security The MicroStrategy In-Memory Cubes underlying each Express dashboard are accessible only to that specific dashboard. This insures that no other user on the system can gain access to the data stored within the In-Memory Cube. The Cubes themselves are secured in a number of other ways, as well, including both the MicroStrategy encryption technology and the MicroStrategy Cloud Infrastructure outlined separately within this document. Data Transmission For all flat file data imported into Express, the data is transferred via HTTPS. This is also true, by default for Database data. Any data replicated into Express In-Memory Cubes is persisted into a proprietary format cache file, which is stored with a RIPEMD-160 encryption. This ensures multiple levels of security for all data. 4
6 Express Delivery Dashboards do not utilize the MicroStrategy In-Memory Cube approach, and so in the case of a delivery dashboard, there is no data stored within the Express servers. Data is brought into memory briefly to create the s, and then discarded immediately after delivery. Where possible, connections to standard cloud sources such as Salesforce.com utilize industry standard protocols, such as oauth, to ensure that MicroStrategy does not store credential information for these data providers. VPN Option In the case that HTTPS level security is insufficient for user security needs, or it is required to connect to a database which is not accessible via the internet, it is also possible to establish a VPN connection between the user environment and the MicroStrategy Cloud servers which host Express. Our IPsec VPN creates a point to point connection, and allows the user to specify the IP addresses of the Database servers they wish to connect to the servers hosting their Express Teams. It s also possible to restrict access down to the port level. This virtual network provides the user with the same functionality, security and management policies of a full local network. Session Management Express closes all sessions after 30 minutes of inactivity. This ensures that even if the user leaves their computer accessible, data will not be exposed via an orphan session. Strong Password Standard MicroStrategy strictly enforces strong password standards for all MicroStrategy user accounts. Requiring minimum password length and complexity makes Express user accounts less susceptible to hacking. Passwords must have a minimum of eight characters and contain at least one of the following special #, $, %, ^, &, +, =. PLATFORM Security Network Architecture MicroStrategy Cloud is implemented using a high-performance, multi-tier, scalable web architecture that inherently provides a wide range of security features. The system is comprised of four logical layers, namely, the user, web server, application, and data access layers. The network is characterized by secure external connectivity, secure intranetwork communication, secure data transfer via HTTPS or VPN, and stringent port controls. Perimeter firewalls are used to isolate internal sub-systems from internet traffic. These firewalls are configured to prevent communication on any unnecessary ports. This reduces the network s susceptibility to port-scanning," a tactic often employed by hackers to find active ports and exploit known vulnerabilities. In addition, any remote server calls (e.g., RPC, RMI) are strictly prohibited on any MicroStrategy Cloud servers hosting Express. 5
7 A multi-tier architecture ensures isolation of application and database components. system security Restrictive permissions to files, services, and system settings are applied to all MicroStrategy servers. Access Control Lists (ACLs) are used to limit access. All unnecessary operating system services are removed or disabled before system deployment in the MicroStrategy Cloud Infrastructure. All users are required to authenticate using a unique username and password to access any MicroStrategy Cloud server. An up-to-date antivirus scanner is installed on all MicroStrategy Cloud computers and vulnerability scans are conducted on all computing equipment regularly. Security and other important patches provided by equipment vendors are routinely reviewed and applied by MicroStrategy Information Systems professionals. All virtual machines deployed in the MicroStrategy Cloud Infrastructure are governed by the same system security practices of physical machines. physical security and protection MicroStrategy Cloud servers are housed exclusively in SSAE16 Type II compliant hosting environments. This means that physical access to the servers on which customer data resides is highly restricted. Moreover, the facilities are constructed to prevent damage caused by deliberate acts of vandalism or that caused by acts of nature. Below is a list of security features found at MicroStrategy Cloud s data centers. ACCESS CONTROL AT HOSTING FACILITIES 24-hour manned security, including foot patrols and perimeter inspections Biometric scanning for access Dedicated concrete-walled Data Center rooms Computing equipment in access-controlled steel cages Video surveillance throughout facility and perimeter Building engineered for local seismic, storm, and flood risks Tracking of asset removal FACILITY ENVIRONMENTAL CONTROLS Humidity and temperature control Redundant (N+1) cooling system 6
8 POWER Underground utility power feed Redundant (N+1) CPS/UPS systems Redundant power distribution units (PDUs) Redundant (N+1) diesel generators with on-site diesel fuel storage NETWORK Concrete vaults for fiber entry Redundant internal networks Network neutral; connects to all major carriers and located near major Internet hubs High bandwidth capacity FIRE DETECTION AND SUPPRESSION VESDA (very early smoke detection apparatus) Dual-alarmed, dual-interlock, multi-zone, pre-action dry pipe water-based fire suppression IV. Operational Readiness RISK MANAGEMENT FRAMEWORK MicroStrategy leverages internal risk management and audit functions to provide independent assessments of risk as part of an on-going cycle of audit. Third party auditors are leveraged to provide a final assessment of the control framework and to ensure MicroStrategy is executing controls as documented. information security program MicroStrategy Cloud Security teams maintain the security policy, provides security training to employees, and performs application security reviews. These reviews assess the confidentiality, integrity, and availability of data, as well as conformance to the information security policy. system serveillance MicroStrategy s Information Security teams monitor logs, alerts, and notifications from a variety of systems in order to proactively detect and manage threats. In addition, software agents are deployed across all tiers of the MicroStrategy Cloud framework to monitor hardware, storage, networking, virtualization, operating system, and application, providing real-time visibility into the environment. incident management In the event of a triggered alert, the alert is triaged and the appropriate issue resolution process is initiated. The objective of this process is to highlight and identify the appropriate level of resources and expertise to isolate and neutralize any threats. The process has a well-defined escalation path and communication plan. It also calls for a postmortem of any significant alerts in order to prevent repeat incidents by identifying, and then subsequently rectifying, any gaps in existing controls. 7
9 communication plan In compliance with federal, state, or foreign law (as applicable), MicroStrategy has implemented processes to provide notification to customers of lost or compromised data based on the severity of the security threat and the results of any individual attack. V. Redundancy MicroStrategy Cloud s infrastructure is architected with redundancy in mind. A variety of backup mechanisms and failover processes help contribute to MicroStrategy Cloud s uptime SLA. This protects against a number of different potential causes of disruption including power outages, loss of Internet connection, as well as hardware failure. The MicroStrategy Cloud has dual, independent 10GB connections to the Internet backbone. Each line is brought in from a different carrier. In the event that there is disruption to one carrier s service, the additional connection will remain live. Hardware redundancy is also key to providing uninterrupted service. The cloud infrastructure is designed with redundant load balancers, firewalls as well as physical servers. While typically the mean time-to-failure for such devices is quite long, any of these components are subject to breakdown. Automatic failover mechanisms are also built into the MicroStrategy Cloud infrastructure for these hardware devices. The system would automatically recognize any disabled device and direct traffic to only the remaining functioning hardware. As noted earlier, Express runs within the MicroStrategy Cloud infrastructure in virtual machines. These VMs provide self-contained operating environments that enable a highly effective redundancy strategy. Redundant VMs are deployed across different physical servers. Should one of the VMs fail, the system would continue to operate using the backup VM. Similarly, in the event of physical server failure, the system would still continue to operate using the backup VMs on the backup servers. In any situation involving a component failure, an alert is automatically generated and distributed to the MicroStrategy Cloud Operations team. At that point, the incidence management process would kick in and steps would be taken to remediate the problems. VI. Contingency Planning system recovery System reconstruction in the event of a disaster requires MicroStrategy s teams to be able to restore the hardware and software infrastructure to its original state. To support this, MicroStrategy has established and documented processes to re-create the base operating environment. This includes both the hardware and system software components. MicroStrategy s use of VMs to run customer specific software, then enables its engineers to very easily restore the application software to the last known state. 8
10 data recovery MicroStrategy backup policies and procedures are designed to ensure limited downtime to the customer should an unforeseen incident occur that impacts the quality or availability of customer data. MicroStrategy will make use of off-site backups to support disaster recovery. MicroStrategy Cloud Services will perform a scheduled backup on a nightly basis of the following: MicroStrategy environment including metadata Customer access control lists Virtual environment parameters and settings Applicable audit logs This backup is persisted in a storage device located in the MicroStrategy Cloud data center and is subject to the same physical security as other MicroStrategy Cloud infrastructure. These backups are retained for a period of 30 days, at which point they are permanently deleted. These backup procedures are designed as part of an overall effort to support customers disaster recovery plans. VII. Conclusion Express gives control over data to individuals, providing a rapidly deployment process for reporting, at low cost, in the cloud. As the purpose of Express is making life easier for the business user in need of reporting, security has been a critical concern. Express is built on top of the MicroStrategy Cloud which has been architected from the ground up to include a wide range of countermeasures to protect the data it houses. The security controls in place map to many of the common frameworks and standards including SOC 2 Type I and II, ISO27001, PCI, HIPAA, and others. Protecting the data of each individual who uses Express is of paramount importance for MicroStrategy. MicroStrategy Cloud s infrastructure is designed to provide a high degree of data security. Moreover, MicroStrategy continues to invest and innovate to stay ahead of the evolving cyber-security threats. This allows customers to leverage and rely on the MicroStrategy Cloud security infrastructure and focus their efforts, instead, on analyzing data to solve business problems. 9
11 Copyright Information All Contents Copyright 2013 MicroStrategy Incorporated. All Rights Reserved. Trademark Information MicroStrategy, MicroStrategy 6, MicroStrategy 7, MicroStrategy 7i, MicroStrategy 7i Evaluation Edition, MicroStrategy 7i Olap Services, MicroStrategy 8, MicroStrategy 9, MicroStrategy Distribution Services, MicroStrategy MultiSource Option, MicroStrategy Command Manager, MicroStrategy Enterprise Manager, MicroStrategy Object Manager, MicroStrategy Reporting Suite, MicroStrategy Power User, MicroStrategy Analyst, MicroStrategy Consumer, MicroStrategy Delivery, MicroStrategy BI Author, MicroStrategy BI Modeler, MicroStrategy Evaluation Edition, MicroStrategy Administrator, MicroStrategy Agent, MicroStrategy Architect, MicroStrategy BI Developer Kit, MicroStrategy Broadcast Server, MicroStrategy Broadcaster, MicroStrategy Broadcaster Server, MicroStrategy Business Intelligence Platform, MicroStrategy Consulting, MicroStrategy CRM Applications, MicroStrategy Customer Analyzer, MicroStrategy Desktop, MicroStrategy Desktop Analyst, MicroStrategy Desktop Designer, MicroStrategy ecrm 7, MicroStrategy Education, MicroStrategy etrainer, MicroStrategy Executive, MicroStrategy Infocenter, MicroStrategy Intelligence Server, MicroStrategy Intelligence Server Universal Edition, MicroStrategy MDX Adapter, MicroStrategy Narrowcast Server, MicroStrategy Objects, MicroStrategy OLAP Provider, MicroStrategy SDK, MicroStrategy Support, MicroStrategy Telecaster, MicroStrategy Transactor, MicroStrategy Web, MicroStrategy Web Business Analyzer, MicroStrategy World, Application Development and Sophisticated Analysis, Best In Business Intelligence, Centralized Application Management, Information Like Water, Intelligence Through Every Phone, Intelligence To Every Decision Maker, Intelligent E-Business, Personalized Intelligence Portal, Query Tone, Rapid Application Development, MicroStrategy Intelligent Cubes, The Foundation For Intelligent E-Business, The Integrated Business Intelligence Platform Built For The Enterprise, The Platform For Intelligent E-Business, The Scalable Business Intelligence Platform Built For The Internet, Office Intelligence, MicroStrategy Office, MicroStrategy Report Services, MicroStrategy Web MMT, MicroStrategy Web Services, Pixel Perfect, Pixel-Perfect, MicroStrategy Mobile, MicroStrategy Integrity Manager and MicroStrategy Data Mining Services are all registered trademarks or trademarks of MicroStrategy Incorporated. All other company and product names may be trademarks of the respective companies with which they are associated. Specifications subject to change without notice. MicroStrategy is not responsible for errors or omissions. MicroStrategy makes no warranties or commitments concerning the availability of future products or versions that may be planned or under development. Patent Information This product is patented. One or more of the following patents may apply to the product sold herein: U.S. Patent Nos. 6,154,766, 6,173,310, 6,260,050, 6,263,051, 6,269,393, 6,279,033, 6,567,796, 6,587,547, 6,606,596, 6,658,093, 6,658,432, 6,662,195, 6,671,715, 6,691,100, 6,694,316, 6,697,808, 6,704,723, 6,741,980, 6,765,997, 6,768,788, 6,772,137, 6,788,768, 6,798,867, 6,801,910, 6,820,073, 6,829,334, 6,836,537, 6,850,603, 6,859,798, 6,873,693, 6,885,734, 6,940,953, 6,964,012, 6,977,992, 6,996,568, 6,996,569, 7,003,512, 7,010,518, 7,016,480, 7,020,251, 7,039,165, 7,082,422, 7,113,993, 7,127,403, 7,174,349, 7,181,417, 7,194,457, 7,197,461, 7,228,303, 7,260,577, 7,266,181, 7,272,212, 7,302,639, 7,324,942, 7,330,847, 7,340,040, 7,356,758, 7,356,840, 7,415,438, 7,428,302, 7,430,562, 7,440,898, 7,486,780, 7,509,671, 7,516,181, 7,559,048, 7,574,376, 7,617,201, 7,725,811, 7,801,967, 7,836,178, 7,861,161, 7,861,253, 7,881,443, 7,925,616, 7,945,584, 7,970,782, 8,005,870, 8,051,168, 8,051,369, 8,094,788, 8,130,918 and 8,296,287. Other patent applications are pending. MicroStrategy Incorporated 1850 Towers Crescent Plaza Tysons Corner, VA COLL
How To Build A Microstrategy Product Line
MicroStrategy Enterprise Cloud: Security Framework Copyright Information All Contents Copyright 2012 MicroStrategy Incorporated. All Rights Reserved. MicroStrategy, MicroStrategy 6, MicroStrategy 7, MicroStrategy
More informationMicroStrategy Cloud Reduces the Barriers to Enterprise BI...
MicroStrategy Cloud Reduces the Barriers to Enterprise BI... MicroStrategy Cloud reduces the traditional barriers that organizations face when implementing enterprise business intelligence solutions. MicroStrategy
More informationANALYTICS WHITE PAPER. MicroStrategy Analytics: Delivering Secure Enterprise Analytics
MicroStrategy Analytics: Delivering Secure Enterprise Analytics Copyright Information All Contents Copyright 2015 MicroStrategy Incorporated. All Rights Reserved. Trademark Information MicroStrategy, MicroStrategy
More informationSecure, Scalable and Reliable Cloud Analytics from FusionOps
White Paper Secure, Scalable and Reliable Cloud Analytics from FusionOps A FusionOps White Paper FusionOps 265 Santa Ana Court Sunnyvale, CA 94085 www.fusionops.com World-class security... 4 Physical Security...
More informationKeyLock Solutions Security and Privacy Protection Practices
KeyLock Solutions Overview KeyLock Solutions hosts its infrastructure at Heroku. Heroku is a cloud application platform used by organizations of all sizes to deploy and operate applications throughout
More informationCONTENTS. Security Policy
CONTENTS PHYSICAL SECURITY (UK) PHYSICAL SECURITY (CHICAGO) PHYSICAL SECURITY (PHOENIX) PHYSICAL SECURITY (SINGAPORE) SYSTEM SECURITY INFRASTRUCTURE Vendor software updates Security first policy CUSTOMER
More informationInfor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security
Technical Paper Plain talk about security When it comes to Cloud deployment, security is top of mind for all concerned. The Infor CloudSuite team uses best-practice protocols and a thorough, continuous
More informationSecurity Policy JUNE 1, 2012. SalesNOW. Security Policy v.1.4 2012-06-01. v.1.4 2012-06-01 1
JUNE 1, 2012 SalesNOW Security Policy v.1.4 2012-06-01 v.1.4 2012-06-01 1 Overview Interchange Solutions Inc. (Interchange) is the proud maker of SalesNOW. Interchange understands that your trust in us
More informationPROTECTING YOUR VOICE SYSTEM IN THE CLOUD
PROTECTING YOUR VOICE SYSTEM IN THE CLOUD Every enterprise deserves to know what its vendors are doing to protect the data and systems entrusted to them. Leading IVR vendors in the cloud, like Angel, consider
More informationFormFire Application and IT Security. White Paper
FormFire Application and IT Security White Paper Contents Overview... 3 FormFire Corporate Security Policy... 3 Organizational Security... 3 Infrastructure and Security Team... 4 Application Development
More informationSITECATALYST SECURITY
SITECATALYST SECURITY Ensuring the Security of Client Data June 6, 2008 Version 2.0 CHAPTER 1 1 Omniture Security The availability, integrity and confidentiality of client data is of paramount importance
More informationProjectplace: A Secure Project Collaboration Solution
Solution brief Projectplace: A Secure Project Collaboration Solution The security of your information is as critical as your business is dynamic. That s why we built Projectplace on a foundation of the
More informationLas Vegas Datacenter Overview. Product Overview and Data Sheet. Created on 6/18/2014 3:49:00 PM
Las Vegas Datacenter Overview Product Overview and Data Sheet Product Data Sheet Maintaining a Software as a Service (SaaS) environment with market leading availability and security is something that Active
More informationSecurity & Infrastructure White Paper
Proofing and approval made easy. Security & Infrastructure White Paper ProofHQ (Approvr Limited) 66 The High Street Northwood Middlesex HA6 1BL United Kingdom Email: contact.us@proofhq.com US: +1 214 519
More informationMicroStrategy Professional Services
MicroStrategy Professional Services GET THE MOST FROM WHAT YOU OWN. We help businesses unleash the value of their MicroStrategy technology. MicroStrategy Professional Services works with you to set up,
More informationSecurity Whitepaper: ivvy Products
Security Whitepaper: ivvy Products Security Whitepaper ivvy Products Table of Contents Introduction Overview Security Policies Internal Protocol and Employee Education Physical and Environmental Security
More informationOracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0
Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0 Unless otherwise stated, these Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies
More informationFive keys to a more secure data environment
Five keys to a more secure data environment A holistic approach to data infrastructure security Compliance professionals know better than anyone how compromised data can lead to financial and reputational
More informationManaged Security Services for Data
A v a y a G l o b a l S e r v i c e s Managed Security Services for Data P r o a c t i v e l y M a n a g i n g Y o u r N e t w o r k S e c u r i t y 2 4 x 7 x 3 6 5 IP Telephony Contact Centers Unified
More informationInformation Technology Security Procedures
Information Technology Security Procedures Prepared By: Paul Athaide Date Prepared: Dec 1, 2010 Revised By: Paul Athaide Date Revised: September 20, 2012 Version 1.2 Contents 1. Policy Procedures... 3
More informationHosted SharePoint: Questions every provider should answer
Hosted SharePoint: Questions every provider should answer Deciding to host your SharePoint environment in the Cloud is a game-changer for your company. The potential savings surrounding your time and money
More informationSecurity Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions
Kevin Staggs, Honeywell Process Solutions Table of Contents Introduction...3 Nerc Standards and Implications...3 How to Meet the New Requirements...4 Protecting Your System...4 Cyber Security...5 A Sample
More informationPowering the Cloud Desktop: OS33 Data Centers
OS33 Data Centers info@os33.com (866) 796-0310 www.os33.com It is hard to overstate the importance of security and uptime, which is why we obsess over making sure that your corporate information assets
More informationGiftWrap 4.0 Security FAQ
GiftWrap 4.0 Security FAQ The information presented here is current as of the date of this document, and may change from time-to-time, in order to reflect s ongoing efforts to maintain the highest levels
More informationWHITE PAPER Secure mobile computing and business intelligence on Apple and Android mobile devices
WHITE PAPER Secure mobile computing and business intelligence on Apple and Android mobile devices MicroStrategy Mobile App Platform Copyright Information All Contents Copyright 2014 MicroStrategy Incorporated.
More information7QUESTIONSYOUNEEDTOASKBEFORE CHOOSINGACOLOCATIONFACILITY FORYOURBUSINESS
7QUESTIONSYOUNEEDTOASKBEFORE CHOOSINGACOLOCATIONFACILITY FORYOURBUSINESS ExecutiveBrief P a g e 1 Executive Brief 7 Questions You Need to Ask Before Choosing a Colocation Facility for Your Business Choosing
More informationCloudDesk - Security in the Cloud INFORMATION
CloudDesk - Security in the Cloud INFORMATION INFORMATION CloudDesk SECURITY IN THE CLOUD 3 GOVERNANCE AND INFORMATION SECURITY 3 DATA CENTRES 3 DATA RESILIENCE 3 DATA BACKUP 4 ELECTRONIC ACCESS TO SERVICES
More informationAutodesk PLM 360 Security Whitepaper
Autodesk PLM 360 Autodesk PLM 360 Security Whitepaper May 1, 2015 trust.autodesk.com Contents Introduction... 1 Document Purpose... 1 Cloud Operations... 1 High Availability... 1 Physical Infrastructure
More informationStratusLIVE for Fundraisers Cloud Operations
6465 College Park Square Virginia Beach, VA 23464 757-273-8219 (main) 757-962-6989 (fax) stratuslive.com Contents Security Services... 3 Rackspace Multi Layered Approach to Security... 3 Network... 3 Rackspace
More informationGoodData Corporation Security White Paper
GoodData Corporation Security White Paper May 2016 Executive Overview The GoodData Analytics Distribution Platform is designed to help Enterprises and Independent Software Vendors (ISVs) securely share
More informationLevel I - Public. Technical Portfolio. Revised: July 2015
Level I - Public Technical Portfolio Revised: July 2015 Table of Contents 1. INTRODUCTION 3 1.1 About Imaginatik 3 1.2 Taking Information Security Seriously 3 2. DATA CENTER SECURITY 3 2.1 Data Center
More informationSecurity & Infra-Structure Overview
Security & Infra-Structure Overview Contents KantanMT Platform Security... 2 Customer Data Protection... 2 Application Security... 2 Physical and Environmental Security... 3 ecommerce Transactions... 4
More informationSecure and control how your business shares files using Hightail
HIGHTAIL FOR ENTERPRISE: SECURITY OVERVIEW Secure and control how your business shares files using Hightail Information the lifeblood of any business is potentially placed at risk every time digital files
More informationBirst Security and Reliability
Birst Security and Reliability Birst is Dedicated to Safeguarding Your Information 2 Birst is Dedicated to Safeguarding Your Information To protect the privacy of its customers and the safety of their
More informationGE Measurement & Control. Cyber Security for NEI 08-09
GE Measurement & Control Cyber Security for NEI 08-09 Contents Cyber Security for NEI 08-09...3 Cyber Security Solution Support for NEI 08-09...3 1.0 Access Contols...4 2.0 Audit And Accountability...4
More informationSecure Business Intelligence on Apple Mobile Devices
Secure Business Intelligence on Apple Mobile Devices MicroStrategy Mobile for iphone and ipad MOBILE INTELLIGENCE Copyright Information All Contents Copyright 2011 MicroStrategy Incorporated. All Rights
More informationRetention & Destruction
Last Updated: March 28, 2014 This document sets forth the security policies and procedures for WealthEngine, Inc. ( WealthEngine or the Company ). A. Retention & Destruction Retention & Destruction of
More informationSaaS Security for the Confirmit CustomerSat Software
SaaS Security for the Confirmit CustomerSat Software July 2015 Arnt Feruglio Chief Operating Officer The Confirmit CustomerSat Software Designed for The Web. From its inception in 1997, the architecture
More informationSCADA Compliance Tools For NERC-CIP. The Right Tools for Bringing Your Organization in Line with the Latest Standards
SCADA Compliance Tools For NERC-CIP The Right Tools for Bringing Your Organization in Line with the Latest Standards OVERVIEW Electrical utilities are responsible for defining critical cyber assets which
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.5)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.5) Directions and Instructions for completing this assessment The answers provided
More informationThis document and the information contained herein are the property of Bowman Systems L.L.C. and should be considered business sensitive.
SERVICEPOINT SECURING CLIENT DATA This document and the information contained herein are the property of and should be considered business sensitive. Copyright 2006 333 Texas Street Suite 300 Shreveport,
More informationUnderstanding Sage CRM Cloud
Understanding Sage CRM Cloud Data centre and platform security whitepaper Document version 2016 Table of Contents 1.0 Introduction 3 2.0 Sage CRM Cloud Data centre Infrastructure 4 2.1 Site location 4
More informationFamly ApS: Overview of Security Processes
Famly ApS: Overview of Security Processes October 2015 Please consult http://famly.co for the latest version of this paper Page 1 of 10 Table of Contents 1. INTRODUCTION TO SECURITY AT FAMLY... 3 2. PHYSICAL
More informationTRADITIONAL ENTERPRISE SCIENTIFIC SOFTWARE
TRADITIONAL ENTERPRISE SCIENTIFIC SOFTWARE deployments have been complicated and expensive. They require a data center with office space, power, cooling, bandwidth, networks, servers, and storage. They
More informationVMware vcloud Air Security TECHNICAL WHITE PAPER
TECHNICAL WHITE PAPER The Shared Security Model for vcloud Air The end-to-end security of VMware vcloud Air (the Service ) is shared between VMware and the customer. VMware provides security for the aspects
More informationDESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE
DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the
More informationWoodcock-Johnson and Woodcock-Muñoz Language Survey Revised Normative Update Technical and Data Security Overview
Houghton Mifflin Harcourt - Riverside (HMH - Riverside) is pleased to offer online scoring and reporting for Woodcock-Johnson IV (WJ IV) and Woodcock-Muñoz Language Survey Revised Normative Update (WMLS-R
More informationFrequently Asked Questions
MICROSTRATEGY CLOUD Frequently Asked Questions v20120611 ARCHITECTURE AND ENVIRONMENT 1. Where is the MicroStrategy Cloud service hosted? MicroStrategy Cloud is hosted at secure MicroStrategy co-location
More informationFive Keys to Successful Mobile Apps in Wealth Management. Advisors Want An App for That : Helping Them Go Further with Tablets and Smart Phones
Five Keys to Successful Mobile Apps in Wealth Management Advisors Want An App for That : Helping Them Go Further with Tablets and Smart Phones The scenario is a familiar one: A financial advisor is meeting
More informationBMC s Security Strategy for ITSM in the SaaS Environment
BMC s Security Strategy for ITSM in the SaaS Environment TABLE OF CONTENTS Introduction... 3 Data Security... 4 Secure Backup... 6 Administrative Access... 6 Patching Processes... 6 Security Certifications...
More informationSNAP WEBHOST SECURITY POLICY
SNAP WEBHOST SECURITY POLICY Should you require any technical support for the Snap survey software or any assistance with software licenses, training and Snap research services please contact us at one
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V2.0, JULY 2015 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationProjectManager.com Security White Paper
ProjectManager.com Security White Paper Standards & Practices www.projectmanager.com Introduction ProjectManager.com (PM) developed its Security Framework to continue to provide a level of security for
More informationSMS. Cloud Computing. Systems Management Specialists. Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales
SMS Systems Management Specialists Cloud Computing Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales Cloud Computing The SMS Model: Cloud computing is a model for enabling ubiquitous, convenient,
More informationPerceptive Software Platform Services
Perceptive Software Platform Services CLOUD SOLUTIONS process and content management Perceptive Software Platform Services Perceptive Software process and content management systems have been deployed
More informationMicroStrategy Cloud Enterprise User Guide Version 2
MicroStrategy Cloud Enterprise User Guide Version 2 Service Definition and Policies February 26, 2014 Copyright 2014 MicroStrategy, Inc. All Rights Reserved. TABLE OF CONTENTS MicroStrategy Cloud Platform
More informationSecurity Controls for the Autodesk 360 Managed Services
Autodesk Trust Center Security Controls for the Autodesk 360 Managed Services Autodesk strives to apply the operational best practices of leading cloud-computing providers around the world. Sound practices
More informationClient Security Risk Assessment Questionnaire
Select the appropriate answer from the drop down in the column, and provide a brief description in the section. 1 Do you have a member of your organization with dedicated information security duties? 2
More informationSecurity Practices, Architecture and Technologies
Security Practices, Architecture and Technologies CONTACT: 36 S. Wall Street Columbus, OH 43215 1-800-VAB-0300 www.viewabill.com 1 CONTENTS End-to-End Security Processes and Technologies... 3 Secure Architecture...
More informationSecuring the Service Desk in the Cloud
TECHNICAL WHITE PAPER Securing the Service Desk in the Cloud BMC s Security Strategy for ITSM in the SaaS Environment Introduction Faced with a growing number of regulatory, corporate, and industry requirements,
More informationAltus UC Security Overview
Altus UC Security Overview Description Document Version D2.3 TABLE OF CONTENTS Network and Services Security 1. OVERVIEW... 1 2. PHYSICAL SECURITY... 1 2.1 FACILITY... 1 ENVIRONMENTAL SAFEGUARDS... 1 ACCESS...
More informationWHITE PAPER Secure mobile computing and business intelligence on Apple and Android mobile devices
WHITE PAPER Secure mobile computing and business intelligence on Apple and Android mobile devices Mobile App Platform Copyright Information All Contents Copyright 2014 Incorporated. All Rights Reserved.
More informationCreated By: 2009 Windows Server Security Best Practices Committee. Revised By: 2014 Windows Server Security Best Practices Committee
Windows Server Security Best Practices Initial Document Created By: 2009 Windows Server Security Best Practices Committee Document Creation Date: August 21, 2009 Revision Revised By: 2014 Windows Server
More informationIBM Cognos TM1 on Cloud Solution scalability with rapid time to value
IBM Solution scalability with rapid time to value Cloud-based deployment for full performance management functionality Highlights Reduced IT overhead and increased utilization rates with less hardware.
More informationCautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work
Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Security concerns and dangers come both from internal means as well as external. In order to enhance your security posture
More informationSUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This
More informationEllucian Cloud Services. Joe Street Cloud Services, Sr. Solution Consultant
Ellucian Cloud Services Joe Street Cloud Services, Sr. Solution Consultant Confidentiality Statement The information contained herein is considered proprietary and highly confidential by Ellucian Managed
More informationWhite paper. SAS Solutions OnDemand Hosting Overview
White paper SAS Solutions OnDemand Hosting Overview Contents Overview...1 Cary 1 Facility Specifications...2 Cary 2 Facility Specifications (SAS New Cloud Computing Center)...3 Charlotte 1 Facility Specifications...4
More informationBAE Systems PCI Essentail. PCI Requirements Coverage Summary Table
BAE Systems PCI Essentail PCI Requirements Coverage Summary Table Introduction BAE Systems PCI Essential solution can help your company significantly reduce the costs and complexity of meeting PCI compliance
More informationXerox Litigation Services. In the Cybersecurity Hot Seat: How Law Firms are Optimizing Security While Reducing Cost and Risk
Xerox Litigation Services In the Cybersecurity Hot Seat: How Law Firms are Optimizing Security While Reducing Cost and Risk Your Highest Priority is also Your Greatest Challenge Data breaches are not just
More informationSecurity Information & Policies
Security Information & Policies 01 Table of Contents OVERVIEW CHAPTER 1 : CHAPTER 2: CHAPTER 3: CHAPTER 4: CHAPTER 5: CHAPTER 6: CHAPTER 7: CHAPTER 8: CHAPTER 9: CHAPTER 10: CHAPTER 11: CHAPTER 12: CHAPTER
More informationMaking the leap to the cloud: IS my data private and secure?
Making the leap to the cloud: IS my data private and secure? tax & accounting MAKING THE LEAP TO THE CLOUD: IS MY DATA PRIVATE AND SECURE? Cloud computing: What s in it for me? The more you know about
More informationSafeNet Authentication Service Security Considerations
SafeNet Authentication Service Security Considerations Publication Date: Nov. 2012 Revision 1.1 Information provided is confidential and proprietary to SafeNet, Inc. ( SafeNet ) Executive Summary Service
More informationPayment Card Industry Data Security Standard
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
More informationWHITE PAPER. HIPAA-Compliant Data Backup and Disaster Recovery
WHITE PAPER HIPAA-Compliant Data Backup and Disaster Recovery DOCUMENT INFORMATION HIPAA-Compliant Data Backup and Disaster Recovery PRINTED March 2011 COPYRIGHT Copyright 2011 VaultLogix, LLC. All Rights
More informationSecurity from a customer s perspective. Halogen s approach to security
September 18, 2015 Security from a customer s perspective Using a cloud-based talent management program can deliver tremendous benefits to your organization, including aligning your workforce, improving
More informationEnterprise Security Model in SAS Environment
Enterprise Security Model in SAS Environment WHITE PAPER Enterprise Security Model in SAS Environment Emerging internet threats coupled with strict compliance requirements of banks, financial institutions,
More informationCloud Management. Overview. Cloud Managed Networks
Datasheet Cloud Management Cloud Management Overview Meraki s cloud based management provides centralized visibility & control over Meraki s wired & wireless networking hardware, without the cost and complexity
More informationTHE SECURITY OF HOSTED EXCHANGE FOR SMBs
THE SECURITY OF HOSTED EXCHANGE FOR SMBs In the interest of security and cost-efficiency, many businesses are turning to hosted Microsoft Exchange for the scalability, ease of use and accessibility available
More informationLifecycle Solutions & Services. Managed Industrial Cyber Security Services
Lifecycle Solutions & Services Managed Industrial Cyber Security Services Around the world, industrial firms and critical infrastructure operators partner with Honeywell to address the unique requirements
More informationUNIFIED MEETING 5 SECURITY WHITEPAPER INFO@INTERCALL.COM INTERCALL.COM 800.820.5855 1
UNIFIED MEETING 5 SECURITY WHITEPAPER INFO@INTERCALL.COM INTERCALL.COM 800.820.5855 1 As organizations unlock the true potential of meeting over the web as an alternative to costly and timeconsuming travel,
More informationData Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture
Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture 2 Data Security and Privacy Principles for IBM SaaS Contents 2 Introduction
More informationCloud Assurance: Ensuring Security and Compliance for your IT Environment
Cloud Assurance: Ensuring Security and Compliance for your IT Environment A large global enterprise has to deal with all sorts of potential threats: advanced persistent threats (APTs), phishing, malware
More informationKeyfort Cloud Services (KCS)
Keyfort Cloud Services (KCS) Data Location, Security & Privacy 1. Executive Summary The purposes of this document is to provide a common understanding of the data location, security, privacy, resiliency
More informationClickTale Security Standards and Practices: Delivering Peace of Mind in Digital Optimization
Delivering Peace of Mind in Digital Optimization TABLE OF CONTENTS INTRODUCTION 2 PRIVACY AND ANONYMITY 3 ISO 27001 COMPLIANCE 5 APPLICATION-LEVEL SECURITY 6 PENETRATION TESTING AND SECURITY AUDITS 7 GENERAL
More informationEnterprise level security, the Huddle way.
Enterprise level security, the Huddle way. Security whitepaper TABLE OF CONTENTS 5 Huddle s promise Hosting environment Network infrastructure Multiple levels of security Physical security System & network
More informationA Decision Maker s Guide to Securing an IT Infrastructure
A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationTECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES
TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES Contents Introduction... 3 The Technical and Organizational Data Security Measures... 3 Access Control of Processing Areas (Physical)... 3 Access Control
More informationItron Cloud Services Offering
Itron Cloud Services Offering WHITE PAPER TABLE OF CONTENTS Introduction... 3 Types of Services... 3 Software as a Service (SaaS)...3 Managed Services...3 On-site Managed Services...3 Benefits... 3 Infrastructure...
More informationSplunk Enterprise Log Management Role Supporting the ISO 27002 Framework EXECUTIVE BRIEF
Splunk Enterprise Log Management Role Supporting the ISO 27002 Framework EXECUTIVE BRIEF Businesses around the world have adopted the information security standard ISO 27002 as part of their overall risk
More informationVERISIGN DDoS PROTECTION SERVICES CUSTOMER HANDBOOK
HANDBOOK VERISIGN DDoS PROTECTION SERVICES CUSTOMER HANDBOOK CONSIDERATIONS FOR SERVICE ADOPTION Version 1.0 July 2014 VerisignInc.com CONTENTS 1. WHAT IS A DDOS PROTECTION SERVICE? 3 2. HOW CAN VERISIGN
More informationThe Software-as-a Service (SaaS) Delivery Stack
The Software-as-a Service (SaaS) Delivery Stack A Framework for Delivering Successful SaaS Applications October 2010 2010 Online Tech, Inc. Page 1 of 12 www.onlinetech.com Audience Executives, founders,
More informationNorth American Electric Reliability Corporation (NERC) Cyber Security Standard
North American Electric Reliability Corporation (NERC) Cyber Security Standard Symantec Managed Security Services Support for CIP Compliance Overviewview The North American Electric Reliability Corporation
More informationCompany Overview & Product Information
Quick Facts: 1100 Clients Globally Operate 4 Data Centers 22 Points of Presence CDN About Network Redux Network Redux is an Enterprise Managed Solutions Provider. We develop, deploy and manage critical
More informationNetwork Router Monitoring & Management Services
Network Router Monitoring & Management Services Get different parameters of routers monitored and managed, and protect your business from planned and unplanned downtime. SERVICE DEFINITION: NETWORK ROUTER
More informationTable of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility.
FME Cloud Security Table of Contents FME Cloud Architecture Overview Secure Operations I. Backup II. Data Governance and Privacy III. Destruction of Data IV. Incident Reporting V. Development VI. Customer
More informationWHITE PAPER Unlock the value of your SFA/CRM system
WHITE PAPER Unlock the value of your SFA/CRM system Leverage analytics and mobile apps to boost sales productivity Table of contents Executive summary Page 4 The four challenges of SFA and CRM systems
More informationBlackboard Collaborate Web Conferencing Hosted Environment Technical Infrastructure and Security
Overview Blackboard Collaborate Web Conferencing Hosted Environment Technical Infrastructure and Security Blackboard Collaborate web conferencing is available in a hosted environment and this document
More information