GoodData Security Overview
|
|
- Neal Parsons
- 8 years ago
- Views:
Transcription
1 GoodData GoodData deploys industry-standard security practices in its GoodData Open Analytics Platform and extends them to data storage in a hardened cloud environment.
2 GoodData Security Overview GoodData is proven security. GE, Comcast, Target, and Time Warner Cable are a few of the companies that trust GoodData. This paper describes the security features of the GoodData platform and the operational controls put into place to ensure the security of your data. Security has been integrated into the architecture, policies, and procedures of the GoodData platform. In this paper, you will learn about the design, credentials, change management, and other security mechanisms of the GoodData platform. This paper covers the following topics: GoodData Platform Security Overview An overview of the platform architecture GoodData Security Certification and Accreditation Certifications and accreditations earned by the GoodData platform. Application-Level Security GoodData has implemented features to secure users and operations within the web application. Data Security An overview of security features implemented to ensure that your data is safer with GoodData. Rackspace Security Implementation An overview of security implementation across multiple layers (physical, virtual infrastructure, software infrastructure security, and more) and application and administrative security features. 2
3 Organizational Security and Change Management Processes A description of GoodData s operational security practices, including organizational security and change management processes, data backup and disaster recovery, and compliance with industry regulations. Note Additional details are available in the GoodData Security White Paper, which is available under NDA. For more information, please contact your GoodData representative. 3
4 GoodData Platform Internal communications are managed over SSL, except for internal cluster communications, which are protected by firewall and need non-ssl communications for performance reasons. The GoodData platform is designed to organize functional and security aspects into well-defined, multi-tenant layers: presentation, analytical engine, datamart, data warehouse, and extract, transform, and load (ETL) (see Figure 1). Figure 1 Presentation Analytical Engine Datamart Data Warehouse Extract, Transform, & Load On-prem Cloud Big Data This architecture provides robust data processing capabilities while ensuring the privacy and security of your enterprise data. The platform also accommodates a large number of customers without requiring a separate instance for each customer. Currently, more than 35,000 companies use GoodData, with 28,000 users at one customer alone. The foundation of this flexible and secure data solution lies within the architecture of the individual layers of the platform. User authentication and authorization on the web API layer Verifies that a valid identity is attached to each request and is authorized for access to required resources. Logical security controls Logical security measures and relationships between individual users, projects, data stores, and the meta-model are configured within the control layer. Multiple authentication providers can be integrated with your solution to support authentication, including optional Single Sign-On (SSO). Client access Access to operational tools over your projects is restricted to a single project at a time. Client requests are managed 4
5 individually by the Relational Online Analytical Processing (ROLAP) engine, so that each client request is separated into a set of tasks that are executed independently without sharing contextual or other information. Data store security The meta-model and data are logically separated in each project, and each project is an individual physical entity. Connection to the data store is restricted through access credentials configured and stored within the control layer. Encryption Input and output are protected by SSL encryption technology, and all data at rest is encrypted as well. 5
6 GoodData Security Certification and Accreditation GoodData participates in and complies with relevant industry certification and accreditation programs to provide you the highest level of assurance regarding GoodData operations, infrastructures, and controls in place. When it comes to regulatory compliance, GoodData knows that its customers often operate within a complex statutory environment that governs the retention and management of customer data. As safe and secure management of data becomes a global issue, GoodData keeps up with international security compliance mandates, and continues to monitor and improve compliance with the specific regulatory requirements in customer industries and locales. There s Safety In Numbers, Says Forrester 1 Cloud service providers employ a multitenancy model, which means that multiple customers are served by a single instance of software. By employing this model, cloud services are inherently more secure, according to Forrester, which says there are four supporting reasons for making them even more secure than the typical enterprise. Why? There s safety in numbers: Cloud services have more to lose if their operations aren t secure. Providing cloud services is their business. If they get a reputation for lacking security, they won t survive in a tough marketplace. You ask clouds for transparency. Cloud service providers tend to be much more transparent about availability, uptime, security incidents than enterprise IT shops. Why? Their customers demand it. They need to do this to assure you that they are taking all the steps possible to protect your data. Focus gives clouds an edge. They only have one service to secure and one version of that service, which lets their security teams really focus. [1] Understanding Cloud s Multitenancy, by James Staten and John R. Rymer, Forrester, March 15,
7 Security comes through obfuscation. If hackers targeted your company, it would be simple for them to focus on your data center or internet domain than get at your data through a cloud provider s security mechanisms and multitenant environment. GoodData possesses the following certifications: Service Organization Control (SOC) 2 Report under SSAE 16 A licensee of the TRUSTe Privacy Program Salesforce.com AppExchange Security Review for GoodData AppExchange Apps Abides by the EU Safe Harbor Framework as outlined by the U.S. Department of Commerce and the European Union GoodData also provides a range of technology tools and measures to assist you in meeting your security requirements. These features include data and transport encryption technologies, data access application program interfaces (APIs), and administrative controls. For data archiving, information managed by the GoodData infrastructure can be retrieved by customers using the GoodData APIs. These APIs can be used to export data, including collaboration data, on a periodic basis. Additionally, all data can be encrypted in transit to meet certain regulations, and API tokens have time to live (TTL). Finally, GoodData has attained the following independent web application security certifications: TRUSTe Symantec salesforce.com 7
8 Rackspace Security Implementation For more information on Rackspace, see GoodData s open analytics platform is built and hosted on top of enterprise-ready collocation services from Rackspace, Inc. A scalable, distributed computing infrastructure is used to host and manage GoodData applications. Rackspace provides a robust suite of security features, which the GoodData platform automatically inherits. These features are augmented by specific GoodData features and policies around securing the platform and its data. Physical Infrastructure The GoodData infrastructure, including network switches, load balancers, servers, and shared storage devices, is managed and configured by GoodData personnel, in conjunction with the Rackspace support team. Rackspace is one of the top providers of managed collocation services and has achieved a high standard regarding its security certifications. All GoodData services are configured for high availability with automatic failover capabilities. 8
9 Rackspace administrators do not have access to a server s virtual images and cannot login to GoodData server instances. By using this enterprise-level infrastructure, GoodData can: Deploy the GoodData platform across multiple geographical regions to ensure redundancy and high availability. Replicate the infrastructure setup to any datacenter. Optimize the infrastructure for different levels of regulatory and performance compliance. Maintain complete control of hardware configurations. Virtual Environment Security The private cloud deployment provides a cloud-based infrastructure for the hosted GoodData platform. The OpenStack technology used for the private cloud includes several security measures of specific use to the GoodData platform: Separation of user roles for manipulating the virtual hosts Network security model for strict separation of virtual hosts, with different roles on L2 network layer Security groups for TCP/IP and Ethernet levels of traffic control Authentication, Authorization, and Single Sign On GoodData architecture relies on a centralized authentication and authorization security framework to control access to services. The security framework enables the enforcement of security policy by ensuring password strength algorithms to set minimum password length and complexity and CAPTCHA filters that use human-readable images to reduce the risk of automated attacks against customer data. For communications between virtual servers, GoodData relies on an additional set of authentication mechanisms and protocols to control access to customer data. For example, access to any customer database is only permitted by a specified set of front-end servers. This restriction is intended to prevent unauthorized services or systems from accidentally or maliciously retrieving or modifying customer data. 9
10 Backups are archived for at least one year. Data Replication, Backup, and Archiving For disk backup, GoodData has implemented functionality in the private cloud environment similar to the Amazon Elastic Block Storage (EBS) data store. The private cloud storage layer provides basic level of redundancy. When changes are detected in a particular data set, a backup is created on Amazon Simple Storage Service (S3) as well. Backups are stored on Amazon S3 systems. They are encrypted with GnuPGP protection, using 128-bit AES encryption and at least 64 bytes-long randomly generated passphrases (Gnome Password Generator). 10
11 The Hardware Security Layer The GoodData infrastructure which includes network switches, load balancers, servers, and shared storage devices is managed and configured by GoodData personnel in conjunction with the Rackspace support team. All devices are protected by an industry-grade hardware firewall appliance, and all GoodData services are configured for high availability with automatic failover capabilities. In addition, GoodData applies additional security measures to further safeguard the environment. Dedicated network and hardware is secured by an industry-grade firewall and network security zones All data transfers, passwords, data at rest, and backups are encrypted using SSL protocol and SHA-2 or AES algorithm. For data at rest, encryption is managed at the hypervisor (VMM) level All devices used by the instance are automatically encrypted, and all data access is audited The hardware servers hosting the virtual hosts are managed by GoodData. All Linux operating system deployments are under GoodData control. As part of general security reviews, regular patch management is performed. Patches are periodically reviewed for security vulnerability by a third party. All these maintenance procedures on operating system images, patch management, and security hot-fixes are subjected to GoodData s defined change management process. All network switches are managed by GoodData personnel. The firewall is managed primarily by GoodData personnel, although Rackspace is available for on-site maintenance tasks upon explicit request. The switches and firewalls configurations are automatically backed up, and any change in configuration is tracked and reviewed by the GoodData team. Data in the Rackspace private cloud is typically stored on two primary devices local disk and shared storage except for backups and information with longer retention, which are encrypted and stored in Amazon s S3 service. This works as follows: On local disks Used mostly for data warehousing Whole disk strong encryption (AES256) is used to implement data at rest encryption RAID setup for improved reliability Optimized hardware setup for performance 11
12 Using shared storage Primarily used for moving the data between virtual hosts Hardware encryption appliances provide AES256 data at rest encryption High-availability setup Designed for high-performance data sharing Rackspace Virtual Environment Security GoodData s private cloud deployment on Rackspace provides a cloud-based infrastructure for the hosted GoodData platform. The OpenStack technology used for this private cloud includes several security measures of specific use to the GoodData platform, including separation of user roles for manipulating the virtual hosts; network security model for strict separation of virtual hosts, with different roles on L2 network layer; and security groups for TCP/IP and Ethernet levels of traffic control. At Rackspace, the GoodData OpenStack cloud implementation is based on kernel-based virtual machine (KVM) virtualization. To provide the same level of security on the virtualization level, it uses the same processes and architecture that are used in the AWS cloud to access the virtual hosts. All network access to the virtual hosts is protected by a multi-layered firewall operating in a deny-all mode. Internet access is only permitted on explicitly opened ports for explicitly listed and limited number of virtual hosts. To reduce the network attack surface, GoodData virtual servers operate an enterprise version of Linux with a minimum subset of services. At the network level, the Intrusion Detection System is managed by the Rackspace network team. Private Cloud Data Replication, Backup, and Archiving For disk backup, GoodData has implemented functionality in the private cloud environment similar to the EBS data store. The private cloud storage layer provides a basic level of redundancy. When changes are detected in a particular data set, a backup is created on Amazon S3 for the private cloud deployment, too. 12
13 Application-Level Security Dashboards can be filtered by date or by attribute value to limit access to data by user, region, or other criterion. The GoodData platform provides a range of application-level security mechanisms that allow you to fine-tune your GoodData solution to meet specific requirements. Each granular action in the platform can be controlled by a customer-managed permission. Permissions are grouped to roles and are always global. Security and privacy are enforced at the GoodData project level. A project contains a data warehouse and its users. Users in a project can never see into other projects, and each project has database instance affinity. User roles inside projects are either Admin, Editor, or Viewer. And because the GoodData Platform is built as a self-service Web 2.0 application, users can administer their own accounts and easily collaborate with the other users of the platform. The following activities are completely self-service in the GoodData Platform: Account registration and activation Password reset Project (data mart) creation and administration Project invitations and sharing (project owner and certain roles only) Suspending user access to projects (project owner and certain roles only) In the GoodData platform, you can apply date and attribute filters to your dashboards to limit the data that is displayed in them. This data access control is especially useful for publishing dashboards to Embedded Dashboard Only users. The combination of data filter and dashboard only access provides the finest-grain of control over data access in the GoodData Platform. 13
14 Data Security Platform architectural patterns are strategically selected around data confidentiality, integrity and availability. These patterns include data segregation, consistency checks (MD5), and log management. The GoodData platform features active monitoring using situational awareness algorithms. Strict process separation (sealed) is a built-in design feature of all GoodData software development and operational lifecycles. The deployed multi-tenant security patterns provide effective isolation and sealing of data and metadata, even while sharing the same physical storage grids. Continuous monitoring and situational awareness enable analysis and logging of known data movements and quickly surfaces anomalies and outliers for immediate response. Data transport and long-term storage are protected using industry standard methods of encryption (SSL/TLS, strong symmetric-key cryptography). The GoodData platform is independent of specific database technologies, since users are interacting with a logical data model (LDM) to define attributes, facts and their relationships, which are built in a proprietary application instead of the physical data layer (PDM). All metrics and reports are defined at the LDM layer and correlate to the underlying physical data model. Data visibility can be restricted using mandatory filters and via metadata security. For example, queries for a user or group can be restricted to a specific region, and access to sensitive datasets may be restricted. This level of abstraction enables continuous improvements and changes to the PDM, including support at the PDM layer for new database technologies. Optionally, administrators can configure expressions to filter data access for project members. These expressions are configured as part of all internal queries, so that users are exposed only to the report data appropriate to their roles. If a customer chooses to end its relationship with with GoodData, GoodData maintains its backups and archives for a period of time, as defined by the customer s service plan effective at the date of termination. Customers may request complete and permanent deletion of their data by contacting GoodData support. The unit on which data destruction is applied is an entire project (a data mart). GoodData support does not provide data deletion on the individual report- or data-load level. 14
15 Organizational Security and Change Management Processes The Director of Operations monitors the revoking of access to employees who become inactive or change job roles. On the GoodData platform, secure operations extend beyond putting the right systems and technologies in place. Our effective security infrastructure is also embedded into our organizational culture and everyday business processes. GoodData has deployed several layers of operational security to eliminate the risks associated with human activities. All employees with access to customer data are thoroughly screened, and access to the production environment is only permitted through a secure gateway from a predefined set of locations. Through the gateway, administrators invoke platform functions; they are not permitted to directly interact with the platform components. GoodData policy is to provide system access only to appropriately trained staff, who require a specific level of access to perform authorized tasks. Internal systems enforce unique user IDs and strong passwords and limit password reuse. To manage access, GoodData relies on industry- standard security systems and standards including LDAP, Kerberos, and RSA. There is physical security that requires individuals to show badges and input access codes at all company buildings and hosting sites, and only authorized users can gain access to servers, logs, customer information, and system configuration information. Logical access to the production environment by GoodData employees is limited to the core operational personnel only. All access keys are stored within an encrypted credentials vault. Access requests, grants, and revocations are periodically reviewed. And all changes to access rights are logged and are based on roles and job responsibilities. The approval process maintains audit records of all changes. Access to the production infrastructure servers for the platform is restricted at the network level. Each server is accessible only from one access node, which can be accessed only by authorized GoodData operations personnel. A specific set of credentials is required for authentication from the access node; access to the access node server does not automatically enable access to production servers. 15
16 Change management also is a critical aspect of GoodData s security profile. At GoodData, software design is a two-phase process. First, the requirements-analysis phase assembles both functional and nonfunctional requirements into a document. Next, the technical analysis phase results in a detailed technical specification document. Both documents require a three-way sign-off between Product Management, Engineering, and Operations. During both phases, the engineering and delivery teams carefully consider the impact of the newly introduced features or changes on GoodData Platform security. For development and test stages, all source code and other artifacts that are part of the product are subject to version control and are managed in centralized version repositories. When code for a feature has been completed, the new code artifacts need to pass multiple quality controls before they are allowed into the main product code base. The main product branch is then subject to continuous integration (automated testing) so that any regressions not captured by the other quality controls are discovered and corrected as soon as possible. The continuous integration process includes the full cycle product build, packaging, and deployment in order to simulate the actual production deployment as closely as possible. The development cycle reaches the QA phase when all features approved for the upcoming release have reached the main product code base. One or more release candidates are subsequently built from the main product code base and are subject to extensive manual testing. Each release candidate test cycle has its own test plan, and a written record of passed and failed test cases linked to the defect tracking system is generated and retained. The release candidate that reaches QA acceptance is subsequently scheduled for a production release. If the result of the test upgrade passes all of the prescribed tests and validations routines, the release is subsequently applied to the production environment. A deployment plan and a deployment log are kept for each production deployment, and the GoodData delivery team is required to comment on and to explain all manual steps taken during the deployment that are specific to that particular release. GoodData then proactively monitors the platform for security incidents, including alert notifications generated by GoodData systems, alerts generated by Amazon and Rackspace, open source and industry alerts, and community alerts. 16
17 GoodData does not release information about customers or customer data to third parties. When an alert is raised, the risk level is assessed first. Based on this assessment, the prescribed response process is chosen and launched. Documented escalation procedures and communication protocols clarify when and how an escalation takes place, and who is notified. GoodData maintains a strong privacy policy to protect customer data. GoodData is obligated to protect access to customer information while also abiding by the law. Information can only be obtained from GoodData through a valid legal process, such as a search warrant, court order, or subpoena. If legally permitted, GoodData notifies the organization whose information is being sought and allows them 21 days to respond. GoodData hiring practices ensure that all staff are qualified for their functional responsibilities and hold appropriate certifications or accreditation, if required. At a minimum, these practices include verification of the individual s education and previous employment, as well as a reference check. Based on the statutory environment and the employee s position, additional background checks may be performed. The employee on-boarding process includes a mandatory security orientation session during which new employees are instructed about security policies and procedures. All employment contracts include a clause clarifying the staff member s responsibility to communicate significant issues to GoodData s management team. 17
18 Conclusion To ensure effective information security, GoodData has implemented the people, processes, and technical protection measures demanded of a leading-edge enterprise solution. All external messaging is managed over SSL. HTTPS communications feature a two-level authentication mechanism for additional security. GoodData has designed the GoodData platform to ensure the security of its customers data and analytics. The GoodData platform is hosted ion Rackspace, consistently rated among the top-line collocation service providers. The base security features offered by Rackspace are augmented by applying select technologies, such as key-based authentication, data encryption, platform monitoring, and firewall configuration, as well as policies for change and incident management. Additionally, wherever possible, the GoodData security model is designed to be open and pluggable to accommodate customer-specific requirements, such as third-party authentication, user account management, or primary storage encryption. GoodData has designed the GoodData platform to ensure the security of its customer s data and analytics. By partnering with Rackspace, GoodData enables implementation across multiple layers--including physical, virtual infrastructure, software and infrastructure security. It also delivers other application and administrative security features, as well as a completely encrypted environment. GoodData ensures security at both the application and data levels, and has implemented rigorous change-management processes as a critical part of its security profile. 18
GoodData Corporation Security White Paper
GoodData Corporation Security White Paper May 2016 Executive Overview The GoodData Analytics Distribution Platform is designed to help Enterprises and Independent Software Vendors (ISVs) securely share
More informationSecure, Scalable and Reliable Cloud Analytics from FusionOps
White Paper Secure, Scalable and Reliable Cloud Analytics from FusionOps A FusionOps White Paper FusionOps 265 Santa Ana Court Sunnyvale, CA 94085 www.fusionops.com World-class security... 4 Physical Security...
More informationSecurity and Data Protection for Online Document Management Software
Security and Data Protection for Online Document Management Software Overview As organizations transition documents and company information to Software as a Service (SaaS) applications that are no longer
More informationMAXIMUM DATA SECURITY with ideals TM Virtual Data Room
MAXIMUM DATA SECURITY with ideals TM Virtual Data Room WWW.IDEALSCORP.COM ISO 27001 Certified Account Settings and Controls Administrators control users settings and can easily configure privileges for
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V2.0, JULY 2015 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationCollaborate on your projects in a secure environment. Physical security. World-class datacenters. Uptime over 99%
Security overview Collaborate on your projects in a secure environment Thousands of businesses, including Fortune 500 corporations, trust Wrike for managing their projects through collaboration in the
More informationensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster
Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)
More informationPaxata Security Overview
Paxata Security Overview Ensuring your most trusted data remains secure Nenshad Bardoliwalla Co-Founder and Vice President of Products nenshad@paxata.com Table of Contents: Introduction...3 Secure Data
More informationEnterprise level security, the Huddle way.
Enterprise level security, the Huddle way. Security whitepaper TABLE OF CONTENTS 5 Huddle s promise Hosting environment Network infrastructure Multiple levels of security Physical security System & network
More informationSecurity Information & Policies
Security Information & Policies 01 Table of Contents OVERVIEW CHAPTER 1 : CHAPTER 2: CHAPTER 3: CHAPTER 4: CHAPTER 5: CHAPTER 6: CHAPTER 7: CHAPTER 8: CHAPTER 9: CHAPTER 10: CHAPTER 11: CHAPTER 12: CHAPTER
More informationProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary
VISIBILITY DATA GOVERNANCE SYSTEM OS PARTITION UNIFIED MANAGEMENT CENTRAL AUDIT POINT ACCESS MONITORING ENCRYPTION STORAGE VOLUME POLICY ENFORCEMENT ProtectV SECURITY SNAPSHOT (backup) DATA PROTECTION
More informationGE Measurement & Control. Cyber Security for NEI 08-09
GE Measurement & Control Cyber Security for NEI 08-09 Contents Cyber Security for NEI 08-09...3 Cyber Security Solution Support for NEI 08-09...3 1.0 Access Contols...4 2.0 Audit And Accountability...4
More informationPROTECTING YOUR VOICE SYSTEM IN THE CLOUD
PROTECTING YOUR VOICE SYSTEM IN THE CLOUD Every enterprise deserves to know what its vendors are doing to protect the data and systems entrusted to them. Leading IVR vendors in the cloud, like Angel, consider
More informationFormFire Application and IT Security. White Paper
FormFire Application and IT Security White Paper Contents Overview... 3 FormFire Corporate Security Policy... 3 Organizational Security... 3 Infrastructure and Security Team... 4 Application Development
More informationSecurity Controls for the Autodesk 360 Managed Services
Autodesk Trust Center Security Controls for the Autodesk 360 Managed Services Autodesk strives to apply the operational best practices of leading cloud-computing providers around the world. Sound practices
More informationFileCloud Security FAQ
is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file
More informationPRIVACY, SECURITY AND THE VOLLY SERVICE
PRIVACY, SECURITY AND THE VOLLY SERVICE Delight Delivered by EXECUTIVE SUMMARY The Volly secure digital delivery service from Pitney Bowes is a closed, secure, end-to-end system that consolidates and delivers
More informationAutodesk PLM 360 Security Whitepaper
Autodesk PLM 360 Autodesk PLM 360 Security Whitepaper May 1, 2015 trust.autodesk.com Contents Introduction... 1 Document Purpose... 1 Cloud Operations... 1 High Availability... 1 Physical Infrastructure
More informationTable of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility.
FME Cloud Security Table of Contents FME Cloud Architecture Overview Secure Operations I. Backup II. Data Governance and Privacy III. Destruction of Data IV. Incident Reporting V. Development VI. Customer
More informationIT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:
IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225
More informationMySQL Security: Best Practices
MySQL Security: Best Practices Sastry Vedantam sastry.vedantam@oracle.com Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes
More informationWhite Paper How Noah Mobile uses Microsoft Azure Core Services
NoahMobile Documentation White Paper How Noah Mobile uses Microsoft Azure Core Services The Noah Mobile Cloud service is built for the Microsoft Azure platform. The solutions that are part of the Noah
More informationTableau Online Security in the Cloud
Tableau Online Security in the Cloud Author: Ellie Fields Senior Director, Product Marketing, Tableau Software June 2013 p2 Tableau Software understands that data is among the most strategic and important
More informationInfor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security
Technical Paper Plain talk about security When it comes to Cloud deployment, security is top of mind for all concerned. The Infor CloudSuite team uses best-practice protocols and a thorough, continuous
More informationFamly ApS: Overview of Security Processes
Famly ApS: Overview of Security Processes October 2015 Please consult http://famly.co for the latest version of this paper Page 1 of 10 Table of Contents 1. INTRODUCTION TO SECURITY AT FAMLY... 3 2. PHYSICAL
More informationSaaS Security for the Confirmit CustomerSat Software
SaaS Security for the Confirmit CustomerSat Software July 2015 Arnt Feruglio Chief Operating Officer The Confirmit CustomerSat Software Designed for The Web. From its inception in 1997, the architecture
More informationWhite Paper: Librestream Security Overview
White Paper: Librestream Security Overview TABLE OF CONTENTS 1 SECURITY OVERVIEW... 3 2 USE OF SECURE DATA CENTERS... 3 3 SECURITY MONITORING, INTERNAL TESTING AND ASSESSMENTS... 4 3.1 Penetration Testing
More informationDruva Phoenix: Enterprise-Class. Data Security & Privacy in the Cloud
Druva Phoenix: Enterprise-Class Data Security & Privacy in the Cloud Advanced, multi-layer security to provide the highest level of protection for today's enterprise. Table of Contents Overview...3 Cloud
More informationComplying with PCI Data Security
Complying with PCI Data Security Solution BRIEF Retailers, financial institutions, data processors, and any other vendors that manage credit card holder data today must adhere to strict policies for ensuring
More informationTONAQUINT DATA CENTER, INC. CLOUD SECURITY POLICY & PROCEDURES. Tonaquint Data Center, Inc Cloud Security Policy & Procedures 1
TONAQUINT DATA CENTER, INC. CLOUD SECURITY POLICY & PROCEDURES Tonaquint Data Center, Inc Cloud Security Policy & Procedures 1 Table of Contents 1. Operational Security 2. Physical Security 3. Network
More informationKeyfort Cloud Services (KCS)
Keyfort Cloud Services (KCS) Data Location, Security & Privacy 1. Executive Summary The purposes of this document is to provide a common understanding of the data location, security, privacy, resiliency
More informationSimone Brunozzi, AWS Technology Evangelist, APAC. Fortress in the Cloud
Simone Brunozzi, AWS Technology Evangelist, APAC Fortress in the Cloud AWS Cloud Security Model Overview Certifications & Accreditations Sarbanes-Oxley (SOX) compliance ISO 27001 Certification PCI DSS
More informationSecurity & Infra-Structure Overview
Security & Infra-Structure Overview Contents KantanMT Platform Security... 2 Customer Data Protection... 2 Application Security... 2 Physical and Environmental Security... 3 ecommerce Transactions... 4
More informationEnsuring Enterprise Data Security with Secure Mobile File Sharing.
A c c e l l i o n S e c u r i t y O v e r v i e w Ensuring Enterprise Data Security with Secure Mobile File Sharing. Accellion, Inc. Tel +1 650 485-4300 1804 Embarcadero Road Fax +1 650 485-4308 Suite
More informationData Protection: From PKI to Virtualization & Cloud
Data Protection: From PKI to Virtualization & Cloud Raymond Yeung CISSP, CISA Senior Regional Director, HK/TW, ASEAN & A/NZ SafeNet Inc. Agenda What is PKI? And Value? Traditional PKI Usage Cloud Security
More informationSecurity Whitepaper: ivvy Products
Security Whitepaper: ivvy Products Security Whitepaper ivvy Products Table of Contents Introduction Overview Security Policies Internal Protocol and Employee Education Physical and Environmental Security
More informationNETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015
NETWORK ACCESS CONTROL AND CLOUD SECURITY Tran Song Dat Phuc SeoulTech 2015 Table of Contents Network Access Control (NAC) Network Access Enforcement Methods Extensible Authentication Protocol IEEE 802.1X
More informationHIPAA Privacy & Security White Paper
HIPAA Privacy & Security White Paper Sabrina Patel, JD +1.718.683.6577 sabrina@captureproof.com Compliance TABLE OF CONTENTS Overview 2 Security Frameworks & Standards 3 Key Security & Privacy Elements
More informationCLOUD FRAMEWORK & SECURITY OVERVIEW
CLOUD FRAMEWORK & OVERVIEW From small businesses to the largest Fortune 500 Enterprises, customers trust the irise cloud infrastructure when collaborating to define and design their applications. This
More informationMobile Mobile Security COPYRIGHT 2014 INTUITION ALL RIGHTS RESERVED. Copyright 2014 Intuition
Mobile Mobile Security COPYRIGHT 2014 INTUITION ALL RIGHTS RESERVED 1 Background Traditionally, security has not been a high priority for e-learning; as such content was hosted and only accessible at the
More informationUNIFIED MEETING 5 SECURITY WHITEPAPER INFO@INTERCALL.COM INTERCALL.COM 800.820.5855 1
UNIFIED MEETING 5 SECURITY WHITEPAPER INFO@INTERCALL.COM INTERCALL.COM 800.820.5855 1 As organizations unlock the true potential of meeting over the web as an alternative to costly and timeconsuming travel,
More informationAcano solution. Security Considerations. August 2015 76-1026-01-E
Acano solution Security Considerations August 2015 76-1026-01-E Contents Contents 1 Introduction... 3 2 Acano Secure Development Lifecycle... 3 3 Acano Security Points... 4 Acano solution: Security Consideration
More informationWoodcock-Johnson and Woodcock-Muñoz Language Survey Revised Normative Update Technical and Data Security Overview
Houghton Mifflin Harcourt - Riverside (HMH - Riverside) is pleased to offer online scoring and reporting for Woodcock-Johnson IV (WJ IV) and Woodcock-Muñoz Language Survey Revised Normative Update (WMLS-R
More informationMirantis OpenStack Express: Security White Paper
Mirantis OpenStack Express: Security White Paper Version 1.0 2005 2014 All Rights Reserved www.mirantis.com 1 Introduction While the vast majority IT professionals are now familiar with the cost-saving
More informationProjectManager.com Security White Paper
ProjectManager.com Security White Paper Standards & Practices www.projectmanager.com Introduction ProjectManager.com (PM) developed its Security Framework to continue to provide a level of security for
More informationSECURITY AND REGULATORY COMPLIANCE OVERVIEW
Powering Cloud IT SECURITY AND REGULATORY COMPLIANCE OVERVIEW Executive Summary BetterCloud provides critical insights, automated management, and intelligent data security for cloud office platforms. As
More informationnwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.
CONTENTS 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4. Conclusion 1. EXECUTIVE SUMMARY The advantages of networked data storage technologies such
More informationWebEx Security Overview Security Documentation
WebEx Security Overview Security Documentation 8/1/2003: WebEx Communications Inc. WebEx Security Overview WebEx Security Overview Introduction WebEx Communications, Inc. provides real-time communication
More informationWhitepaper. Security Best Practices for Evaluating Google Apps Marketplace Applications. Introduction. At a Glance
Whitepaper Security Best Practices for Evaluating Google Apps Marketplace Applications At a Glance Intended Audience: Security Officers CIOs of large enterprises evaluating Google Apps Marketplace applications
More informationDean Bank Primary and Nursery School. Secure Storage of Data and Cloud Storage
Dean Bank Primary and Nursery School Secure Storage of Data and Cloud Storage January 2015 All school e-mail is disclosable under Freedom of Information and Data Protection legislation. Be aware that anything
More informationProjectplace: A Secure Project Collaboration Solution
Solution brief Projectplace: A Secure Project Collaboration Solution The security of your information is as critical as your business is dynamic. That s why we built Projectplace on a foundation of the
More informationCentral Agency for Information Technology
Central Agency for Information Technology Kuwait National IT Governance Framework Information Security Agenda 1 Manage security policy 2 Information security management system procedure Agenda 3 Manage
More informationSymantec Enterprise Vault.cloud Overview
Fact Sheet: Archiving and ediscovery Introduction The data explosion that has burdened corporations and governments across the globe for the past decade has become increasingly expensive and difficult
More informationEnterprise Architecture Review Checklist
Enterprise Architecture Review Checklist Software as a Service (SaaS) Solutions Overview This document serves as Informatica s Enterprise Architecture (EA) Review checklist for Cloud vendors that wish
More informationAlliance Key Manager Solution Brief
Alliance Key Manager Solution Brief KEY MANAGEMENT Enterprise Encryption Key Management On the road to protecting sensitive data assets, data encryption remains one of the most difficult goals. A major
More informationSecurity Overview Enterprise-Class Secure Mobile File Sharing
Security Overview Enterprise-Class Secure Mobile File Sharing Accellion, Inc. 1 Overview 3 End to End Security 4 File Sharing Security Features 5 Storage 7 Encryption 8 Audit Trail 9 Accellion Public Cloud
More informationHosted Exchange. Security Overview. Learn More: Call us at 877.634.2728. www.megapath.com
Security Overview Learn More: Call us at 877.634.2728. www.megapath.com Secure and Reliable Hosted Exchange Our Hosted Exchange service is delivered across an advanced network infrastructure, built on
More informationIBX Business Network Platform Information Security Controls. 2015-02- 20 Document Classification [Public]
IBX Business Network Platform Information Security Controls 2015-02- 20 Document Classification [Public] Table of Contents 1. General 2 2. Physical Security 2 3. Network Access Control 2 4. Operating System
More informationBuildingIQ Security. Executive Summary
WHITE PAPER Executive Summary The security of customer BMS and IT systems is of the utmost importance to BuildingIQ, and our products and policies reflect that. BuildingIQ stays abreast of and uses the
More informationBMC s Security Strategy for ITSM in the SaaS Environment
BMC s Security Strategy for ITSM in the SaaS Environment TABLE OF CONTENTS Introduction... 3 Data Security... 4 Secure Backup... 6 Administrative Access... 6 Patching Processes... 6 Security Certifications...
More informationSplunk Enterprise Log Management Role Supporting the ISO 27002 Framework EXECUTIVE BRIEF
Splunk Enterprise Log Management Role Supporting the ISO 27002 Framework EXECUTIVE BRIEF Businesses around the world have adopted the information security standard ISO 27002 as part of their overall risk
More informationHow does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1
How does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1 2 How does IBM deliver cloud security? Contents 2 Introduction 3 Cloud governance 3 Security governance, risk management
More informationRSA Authentication Manager 7.1 Security Best Practices Guide. Version 2
RSA Authentication Manager 7.1 Security Best Practices Guide Version 2 Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com. Trademarks
More informationThis paper introduces the security policies, practices, and procedures at Smartsheet.
SMARTSHEET SECURITY Abstract This paper introduces the security policies, practices, and procedures at Smartsheet. Readers will gain an understanding of the Smartsheet operating environment and application
More informationSupplier Information Security Addendum for GE Restricted Data
Supplier Information Security Addendum for GE Restricted Data This Supplier Information Security Addendum lists the security controls that GE Suppliers are required to adopt when accessing, processing,
More informationJohn Essner, CISO Office of Information Technology State of New Jersey
John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management
More informationSecuring the Service Desk in the Cloud
TECHNICAL WHITE PAPER Securing the Service Desk in the Cloud BMC s Security Strategy for ITSM in the SaaS Environment Introduction Faced with a growing number of regulatory, corporate, and industry requirements,
More informationBOLDCHAT ARCHITECTURE & APPLICATION CONTROL
ARCHITECTURE & APPLICATION CONTROL A technical overview of BoldChat s security. INTRODUCTION LogMeIn offers consistently reliable service to its BoldChat customers and is vigilant in efforts to provide
More informationSecurity Whitepaper. NetTec NSI Philosophy. Best Practices
Security Whitepaper NetTec NSI provides a leading SaaS-based managed services platform that to efficiently backup, monitor, and troubleshoot desktops, servers and other endpoints for businesses. Our comprehensive
More informationSecurity Issues in Cloud Computing
Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources
More informationCloud Contact Center. Security White Paper
Cloud Contact Center Security White Paper Introduction Customers communicate with organizations in a variety of forms from phone conversations to email, web chat and social media. As each interaction may
More informationNetop Environment Security. Unified security to all Netop products while leveraging the benefits of cloud computing
Netop Environment Security Unified security to all Netop products while leveraging the benefits of cloud computing Contents Introduction... 2 AWS Infrastructure Security... 3 Standards - Compliancy...
More informationApteligent White Paper. Security and Information Polices
Apteligent White Paper Security and Information Polices Data and Security Policies for 2016 Overview Apteligent s Mobile App Intelligence delivers real-time user experience insight based on behavioral
More informationSysAid Cloud Architecture Including Security and Disaster Recovery Plan
SysAid Cloud Architecture Including Security and Disaster Recovery Plan This document covers three aspects of SysAid Cloud: Datacenters Network, Hardware, and Software Components Disaster Recovery Plan
More informationData In The Cloud: Who Owns It, and How Do You Get it Back?
Data In The Cloud: Who Owns It, and How Do You Get it Back? Presented by Dave Millier, Soban Bhatti, and Oleg Sotnikov 2013 Sentry Metrics Inc. Agenda Reasons for Cloud Adoption How Did My Data Get There?
More informationHow To Control Vcloud Air From A Microsoft Vcloud 1.1.1 (Vcloud)
SOC 1 Control Objectives/Activities Matrix goes to great lengths to ensure the security and availability of vcloud Air services. In this effort, we have undergone a variety of industry standard audits,
More informationWhy can you trust Google?
Why can you trust Google? Przemek Sienkiewicz Head of Enterprise CEE, Russia & CIS Why is Security So Tough? Data Problem: Users want to access their data anytime, from anywhere 60% 1-out-of-10 66% of
More informationAddressing Cloud Computing Security Considerations
Addressing Cloud Computing Security Considerations with Microsoft Office 365 Protect more Contents 2 Introduction 3 Key Security Considerations 4 Office 365 Service Stack 5 ISO Certifications for the Microsoft
More informationBlackboard Collaborate Web Conferencing Hosted Environment Technical Infrastructure and Security
Overview Blackboard Collaborate Web Conferencing Hosted Environment Technical Infrastructure and Security Blackboard Collaborate web conferencing is available in a hosted environment and this document
More informationTroux Hosting Options
Troux Hosting Options Introducing Troux Hosting Options Benefits of a Hosted Troux Environment...3 Convenience...3 Time-to-Value...3 Reduced Cost of Ownership...3 Scalability and Flexibility...3 Security...4
More informationQuickBooks Online: Security & Infrastructure
QuickBooks Online: Security & Infrastructure May 2014 Contents Introduction: QuickBooks Online Security and Infrastructure... 3 Security of Your Data... 3 Access Control... 3 Privacy... 4 Availability...
More informationTHE BLUENOSE SECURITY FRAMEWORK
THE BLUENOSE SECURITY FRAMEWORK Bluenose Analytics, Inc. All rights reserved TABLE OF CONTENTS Bluenose Analytics, Inc. Security Whitepaper ISO 27001/27002 / 1 The Four Pillars of Our Security Program
More informationInformation security controls. Briefing for clients on Experian information security controls
Information security controls Briefing for clients on Experian information security controls Introduction Security sits at the core of Experian s operations. The vast majority of modern organisations face
More informationRetention & Destruction
Last Updated: March 28, 2014 This document sets forth the security policies and procedures for WealthEngine, Inc. ( WealthEngine or the Company ). A. Retention & Destruction Retention & Destruction of
More informationData Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment
White Paper Data Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment Cisco Connected Analytics for Network Deployment (CAND) is Cisco hosted, subscription-based
More informationThe data which you put into our systems is yours, and we believe it should stay that way. We think that means three key things.
Privacy and Security FAQ Privacy 1. Who owns the data that organizations put into Google Apps? 2. When can Google employees access my account? 3. Who can gain access to my Google Apps administrative account?
More informationSeven Things To Consider When Evaluating Privileged Account Security Solutions
Seven Things To Consider When Evaluating Privileged Account Security Solutions Contents Introduction 1 Seven questions to ask every privileged account security provider 4 1. Is the solution really secure?
More informationLogz.io See the logz that matter
See the logz that matter How Logz.io Secures Customer Log Data White Paper A certain amount of confidence is needed when relying on third party vendors to manage and handle your online data and log files
More informationWeb Conferencing: Unleash the Power of Secure, Real-Time Collaboration
White Paper Web Conferencing: Unleash the Power of Secure, Real-Time Collaboration This paper focuses on security information for Cisco WebEx Meeting Center, Cisco WebEx Training Center, Cisco WebEx Support
More informationNational Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy. Version 1.1. February 2, 2016
National Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy Version 1.1 February 2, 2016 Copyright 2016, Georgia Tech Research Institute Table of Contents TABLE OF CONTENTS I 1 INTRODUCTION
More informationSMS. Cloud Computing. Systems Management Specialists. Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales
SMS Systems Management Specialists Cloud Computing Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales Cloud Computing The SMS Model: Cloud computing is a model for enabling ubiquitous, convenient,
More informationSecurity and Information Policies
Security and Information Policies 1 Data and Security Policies for 2015-2016 Overview Crittercism's Mobile App Intelligence delivers real-time user experience insight based on behavioral and operational
More informationTENDER NOTICE No. UGVCL/SP/III/608/GPRS Modem Page 1 of 6. TECHNICAL SPECIFICATION OF GPRS based MODEM PART 4
TENDER NOTICE No. UGVCL/SP/III/608/GPRS Modem Page 1 of 6 TECHNICAL SPECIFICATION OF GPRS based MODEM PART 4 Cloud services (Data Centre) and related Functional requirement Cloud services as a Control
More informationBirst Security and Reliability
Birst Security and Reliability Birst is Dedicated to Safeguarding Your Information 2 Birst is Dedicated to Safeguarding Your Information To protect the privacy of its customers and the safety of their
More informationData Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture
Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture 2 Data Security and Privacy Principles for IBM SaaS Contents 2 Introduction
More informationIBM Cognos TM1 on Cloud Solution scalability with rapid time to value
IBM Solution scalability with rapid time to value Cloud-based deployment for full performance management functionality Highlights Reduced IT overhead and increased utilization rates with less hardware.
More informationData Processing Agreement for Oracle Cloud Services
Data Processing Agreement for Oracle Cloud Services Version December 1, 2013 1. Scope and order of precedence This is an agreement concerning the Processing of Personal Data as part of Oracle s Cloud Services
More informationSecurity and Managed Services
iconnect Cloud Archive System Overview Security and Managed Services iconnect Cloud Archive (formerly known as Merge Honeycomb ) iconnect Cloud Archive offers cloud-based storage for medical images. Images
More information