FUJITSU RUNMYPROCESS SECURITY WHITE PAPER.

Transcription

1 FUJITSU RUNMYPROCESS SECURITY WHITE PAPER

2 TABLE OF CONTENTS 1. INTRODUCTION 4 2. BUSINESS GOVERNANCE Data Prtectin Intellectual Prperty Prtectin 5 3. ORGANIZATIONAL GOVERNANCE Access Plicies Operatinal Plicies Develpment Plicies 7 4. PHYSICAL AND ENVIRONMENTAL SECURITY Access Cntrls Envirnmental Cntrls Pwer Cntrls 8 5. ACCESS MANAGEMENT AND CONTROL Authenticatin Authrizing Access t Resurces Transactin Security Lgs Preventing Abuse Secure Access t On-Premise Systems DATA MANAGEMENT Data Segregatin Data Retentin 11 Page 2

3 6.3. Data Extractin / Prtability BUSINESS CONTINUITY Multiple Availability Znes Disaster Recvery Strage Engines SERVICE AVAILABILITY Supervisin and Incident Management Operatinal Transparency SUMMARY ABOUT FUJITSU RUNMYPROCESS CONTACT 15 Page 3

4 1. INTRODUCTION Fujitsu RunMyPrcess empwers rganizatins t build business applicatins fr anyne, anywhere, n any device and deliver them thrugh a custm enterprise prcess stre. We prvide a 100% multi-tenant clud platfrm that changes the way in which business applicatins are built, delivered and gverned. We remve the need fr capital and resurce intensive IT develpments and instead prvide a flexible and prcess-riented clud platfrm fr the rapid delivery, peratin and evlutin f business systems. By fcusing n high prductivity we enable rganizatins t deliver critical business systems up t 80% faster than with traditinal methds. Furthermre these systems are then perated and scaled seamlessly withut any wrries r respnsibilities in terms f availability, lad balancing, scaling r ther lw value infrastructure issues. In delivering these services the availability, cnfidentiality and prtectin f ur custmer s data is at the heart f ur thinking, ur architecture and ur daily peratins. This dcument describes the business, rganizatinal and technical measures in place t meet these critical cmmitments. In rder t cver the brad range f perspectives that fall under a cnsideratin f security this dcument will cver the fllwing tpics: Business Gvernance Organizatinal Gvernance Physical & Envirnmental Security Access Management & Cntrl Hw we supprt data prtectin plicies and defend against IP challenges Hw we cntrl access t the platfrm and its resurces within ur rganizatin Hw the physical premises and assets underpinning ur platfrm are prtected Hw we secure custmer resurces frm unauthrized r malicius access Data Management Hw we ensure that the data & applicatins f ur custmers remain separate and private Business Cntinuity Hw we ensure cntinuus platfrm access in the face f unfreseen events Service Availability Hw we ensure the security & availability f ur custmers data & applicatins Each tpic will be cvered in its wn sectin t give a fully runded view f the way in which Fujitsu RunMyPrcess addresses security related cncerns. Page 4

5 2. BUSINESS GOVERNANCE In this sectin we cnsider the majr business plicies which ensure ur custmers can fulfill their data prtectin and IP due diligence respnsibilities Data Prtectin Custmers retain sle respnsibility and wnership fr any data (including persnal data) they prcess using the RunMyPrcess service. We prvide a number f data prtectin guarantees and benefits, hwever, t aid custmers in fulfilling their respnsibilities. Firstly we prvide hsting f applicatins and data via a prvider participating within the U.S. Safe Harbr prgram. This prgram ensures that custmers frm utside the U.S. can benefit frm the same level f prtectin as that ensured within the territry f the E.U. Secndly, RunMyPrcess des nt make any direct r indirect use f custmers data fr any purpse ther than that required fr prvisin f the service (r unless therwise previusly instructed in writing). Finally, ur service ensures the cnfidentiality f custmers data in a number f ways: Every custmer s accunt and Applicatins are cmpartmentalized and nly available t authrized users within their rganizatin; Data is encrypted using Transprt Layer Security (TLS); Users passwrds are used and stred in an encrypted frmat; The cnnectin/lgin prcess is designed t withstand brute frce attacks; Users passwrds have a minimum f 8 characters; and All servers are prtected with a firewall Intellectual Prperty Prtectin We assert that all f the intellectual prperty required t deliver the RunMyPrcess service belngs t the cmpany and we further secure ur custmers against any third party claims challenging their right t use any f the technlgies and practices it cntains. Full details f the terms f this cver are made available within the custmer cntract. Page 5

6 3. ORGANIZATIONAL GOVERNANCE In this sectin we cnsider the majr rganizatinal plicies that are relevant t the way in which we secure and gvern ur custmers data, assets and interests frm an internal perspective Access Plicies ACCESS TO SERVERS Only a strictly limited subset f RunMyPrcess persnnel designated within ur plicies as nminated Operatins Engineers have the ability t access ur prductin servers. This access is nly pssible via a cmbinatin f VPN tgether with a specific PKI certificate. Lcal cntrl and access t all servers is deactivated ACCESS TO SERVER LOGS Server lgs are nly accessible t designated Operatins Engineers via VPN and certificate. Where custmers prduce additinal / custm lgs during prcess executin these lgs are nly accessible t the custmer via the prvided APIs ACCESS TO CUSTOMER ENVIRONMENTS RunMyPrcess persnnel d nt have access t custmer envirnments during nrmal peratin. Fr supprt purpses, hwever, a designated accunt administratr within a custmer s rganizatin can grant access t an explicitly named RunMyPrcess supprt engineer fr a defined amunt f time. Fr example, supprt authrizatin culd be granted t supprt_engineer@runmyprcess.cm frm xx/xx/xxxx t yy/yy/yyyy. In this example, the supprt engineer wuld be able t access the custmer accunt - with the same privileges as the user that granted the access - fr the defined perid. If necessary the accunt administratr can als revke access at any time ACCESS TO CUSTOMER DATA LOGS All lgs cntaining custmer data are nly accessible t designated Operatins Engineers n a needs basis via VPN and certificate. Lcal cntrl / access t all data is deactivated. Page 6

7 3.2. Operatinal Plicies PATCH POLICY The RunMyPrcess security team clsely fllws a list f security and vulnerability infrmatin surces such as the US CERT security bulletin. Based n infrmatin frm such surces a triage prcess is undertaken and necessary updates are applied. Depending n the severity level f the threat such updates may be applied immediately r during a regular platfrm update CHANGE POLICY All changes t the platfrm are assessed and where practical assigned t a specific release. All necessary tests t validate the functinality and security f the enhancement must be written as part f the develpment and release cycle. These tests must ensure that the feature is behaving as expected and that it will nt intrduce any instabilities r vulnerabilities. When signed ff as part f a release new features are rlled ut as part f the frmal update prcess TESTING POLICY The Fujitsu RunMyPrcess platfrm is tested daily thrugh the applicatin f ver 5000 functinal and security tests. These tests simulate a wide range f unitary and cmplex scenaris. This testing is cntinually evlving as we add new features t the platfrm Develpment Plicies At RunMyPrcess we perate an agile develpment lifecycle fcused n early testing and reslutin f issues. We fllw an iterative lifecycle f multiple design, develp and test lps fr each platfrm release and have a range f security questins and patterns that are applied and reviewed at each stage. As part f ur effrt t reduce attack surface these reviews include the relevance f the new feature, its applicability t ur full set f custmers and the way in which it fits int ur security mdels. Once validated, the change will be assigned t a new versin f the platfrm and all necessary tests prepared. Finally we use state f the art tls t autmatically check fr quality and security issues within surce cde. New features are made available during a platfrm update as per the release prcess. Page 7

8 4. PHYSICAL AND ENVIRONMENTAL SECURITY In this sectin we summarize the systems that ur chsen infrastructure prvider - Amazn Web Services (AWS) - has put in place t secure the physical lcatins pwering ur clud platfrm Access Cntrls AWS data centers are hused in nndescript facilities at a number f lcatins arund the wrld and prvide stringent cntrls ver access and infrmatin fr emplyees and cntractrs bth at the perimeter and at building ingress pints Envirnmental Cntrls Climate cntrl systems within AWS facilities maintain a cnstant perating temperature fr hardware t prevent verheating and reduce the pssibility f utages. Autmatic fire detectin and suppressin equipment is deplyed in all areas Pwer Cntrls Electrical pwer systems are designed t be fully redundant and maintainable withut impact t peratins, 24 hurs a day, and seven days a week. Uninterruptible Pwer Supply (UPS) units prvide back-up pwer in the event f an electrical failure fr critical and essential lads in the facility. Data centers use generatrs t prvide back-up pwer fr the entire facility. 5. ACCESS MANAGEMENT AND CONTROL In this sectin we discuss the ways in which we manage custmer usage and prtect systems and data frm unauthrized and inapprpriate external access Authenticatin RunMyPrcess ffers several methds fr user authenticatin: RunMyPrcess lgin and passwrd OAuth2 with Ggle Apps SSO via SAML V2 Fr server-t-server cmmunicatin RunMyPrcess supprts the fllwing schemes fr calling external APIs: Lgin/passwrd with RunMyPrcess secure lckbx fr credential strage Page 8

9 Ggle 2-legged OAuth Java Keystre Windws Azure authenticatin AWS digest Fujitsu SOPOS 5.2. Authrizing Access t Resurces Once a principal is authenticated all subsequent requests are submitted t strict authrizatin mechanisms. These mechanisms are based n the rle based authrizatin features in RunMyPrcess. These authrizatin features enable rganizatins t create a hierarchy f entities and rles which reflect the structure f their perating mdel. Using this mdel we guarantee the fulfillment f authrizatin requirements at fur separate levels (Platfrm level, Prject/applicatin level, Prcess level, Step/Task level). Mre infrmatin n rles and access prfiles can be fund at Transactin Security Cmmunicatin between the brwser and the Fujitsu RunMyPrcess platfrm is dne via HTTPS and secured using 128- bit Transprt Layer Security (TLS). All cnnectins require authenticatin and authrizatin and all user peratins are recrded including IP addresses and ther sessin details. Several secured cmmunicatin prtcls are supprted fr server-t-server cmmunicatin (HTTPS, SMTPS, POPS, SFTP, FTPS). Fr security reasns, Secure Sckets Layer are nt accepted when cnnecting t the platfrm since September Lgs All user authenticatin is lgged and available t accunt administratrs fr audit and security purpses. The infrmatin captured includes user lgin, timestamp, lcatin and a descriptin f any actin undertaken Preventing Abuse Depending n custmer plicies RunMyPrcess can blck accunts in respnse t a cnfigurable number f failed authenticatin attempts. Once blcked, nly an accunt administratr can restre access. Page 9

10 5.6. Secure Access t On-Premise Systems Fujitsu RunMyPrcess supprts secure access t enterprise envirnments using the Secure Enterprise Cnnectr. The Secure Enterprise Cnnectr creates a secure tunnel between the RunMyPrcess platfrm and an rganizatin s lcal netwrk. Fr this tunnel t wrk, an agent - named the Data Cnnectr agent - is installed inside the firewall. This agent creates an encrypted utbund tunnel t the RunMyPrcess platfrm, prviding a secure link based n TLS. Originally develped by Ggle the technlgy is nw maintained by Fujitsu RunMyPrcess. When a cnnectr cnfigured t use the Secure Enterprise Cnnectr tunnel is called, the request is sent t the agent thrugh the encrypted tunnel and then dispatched lcally t the relevant system. 6. DATA MANAGEMENT In this sectin we discuss the ways in which we ensure that the data & applicatins f ur custmers remain separate, private and available Data Segregatin RunMyPrcess is a multi-tenant clud platfrm built frm the grund up t keep custmer data private while enabling the benefits f a shared technical and peratinal envirnment. As such, custmer data is segregated. Cnfiguratin data is segregated by the sftware. Since all access is authenticated and authrized, custmers cannt access data that des nt belng t their accunt. Custmer and prcess data are segregated by bth the sftware and the strage engine. This means that data is stred using different physical databases (fr custmer defined cllectins) r different S3 flders (fr raw prcess data). All accesses are strictly authrized, preventing infrmatin visibility between custmers. Specifically, the segregatin is carried ut using a range f techniques dependent n the data in questin. Page 10

11 Cnfiguratin data (prcess / UI definitin) MySQL lgical partitin. On-Demand Database (accessible t develpers t stre business bjects fr their applicatins) MngDB physical partitin (fr every custmer accunt). Raw prcess executin data AWS S3 flder per custmer. Upladed files AWS S3 flder per custmer Data Retentin Prductin data is kept withut any time limit s lng as the cntract between RunMyPrcess and the custmer remains in frce. Instant access t prductin data is guaranteed fr a perid f 48 mnths. Data that are lder than 48 mnths may be archived and made available t the custmer upn request. Instant access t test/acceptance data is guaranteed fr a perid f 2 mnths. Data that are lder than 2 mnths may be deleted by RunMyPrcess withut any ntice Data Extractin / Prtability All f the data stred within RunMyPrcess e.g. cnfiguratin data, prcess executin data, business bjects, reprts, etc.- are accessible via REST APIs which prvide a JSON-frmat respnse fr business bject data and an XML-frmat respnse fr everything else. In the case f a cntract terminatin, custmers can always extract all f their data. Page 11

12 7. BUSINESS CONTINUITY In this sectin we discuss the ways in which we ensure cntinuus platfrm access in the face f unfreseen events Multiple Availability Znes In rder t maximize business cntinuity, platfrm cmpnents are installed n different AWS availability znes. This ensures that the platfrm will still perfrm crrectly in the case f an AWS zne deficiency. As f tday, all applicatin servers and databases (cnfiguratin data, cllectin data) are distributed acrss different znes Disaster Recvery In the case f a ttal failure within a platfrm cmpnent, actin will be taken t recver nrmal peratins accrding t identified recvery prcedures. Data strage is replicated and distributed acrss several znes but in the wrst case scenari, data recvery will be pssible using backups. Cllectin and cnfiguratin data are backed up n a daily basis and can be restred fr any given time in the last 7 days (Pint in Time Recvery) Strage Engines As previusly discussed, RunMyPrcess uses multiple databases t stre different kinds f data. Each f these data stres is cnfigured in different ways t ensure cntinuity f service: MySQL master-slave ver 2 availability znes, Daily cmplete Snapshts, PITR t the minute fr up t 7 days. MngDB Replicated ver 3 Amazn servers n 2 different availability znes, 1 daily snapsht, 7 days histry AWS S3 99,999999% data durability guaranteed by AWS Encrypted with asymmetric 256 bits keys, specific t each custmer Page 12

13 8. SERVICE AVAILABILITY In this sectin we discuss the ways in which we ensure the security & availability f ur custmers data & applicatins Supervisin and Incident Management Platfrm peratins are mnitred 24 hurs a day, 7 days a week and supprted by a range f best in class technical supprt tls. Identified issues are distributed fr human actin acrss a range f alert channels, with peratins teams taking all necessary actins t slve the issue via predefined incident management & escalatin prcedures Operatinal Transparency RunMyPrcess is cmmitted t building custmer trust thrugh transparency f peratins. T supprt this gal regular service updates, incident infrmatin and reslutin estimates are published via twitter accunt. 9. SUMMARY In this dcument we have examined a range f security tpics in rder t give a brad understanding f the way in which Fujitsu RunMyPrcess prtects the interests f ur custmers. Specifically we have cnsidered a range f different perspectives t give a runded view f ur apprach, cvering: Business Gvernance Organizatinal Gvernance Physical & Envirnmental Security Access Management & Cntrl Data Management Business Cntinuity Service Availability Page 13

14 10. ABOUT FUJITSU RUNMYPROCESS Fujitsu RunMyPrcess is a unique clud platfrm that enables hundreds f leading cmpanies in ver 45 cuntries t vercme the technlgy barriers t digital transfrmatin. Its clud-based platfrm-as-a-service prvides a high prductivity develpment envirnment t mdel user interfaces, business prcesses, integratin cnnectrs and databases, alng with metrics and reprting t mnitr perfrmance. By leveraging an easy-t-use, drag-and-drp design cupled with ver 2,400 integratin cnnectrs and full integratin with Ggle Apps - Fujitsu RunMyPrcess custmers can rapidly build and deply highly custmized business applicatins. Accessible n the Web thrugh a brwser and based n a pay-per-use mdel, the Fujitsu RunMyPrcess platfrm is less expensive and mre flexible than n-premise slutins, ensuring a quicker return n investment. In April 2013, Fujitsu annunced that it had finalized a cntract with RunMyPrcess t acquire all shares f the cmpany. With this acquisitin, Fujitsu added integratin Platfrm as a Service (ipaas) t its clud fferings t blster its clud prtfli as it expands its glbal clud business. Fujitsu is the leading Japanese infrmatin and cmmunicatin technlgy (ICT) cmpany ffering a full range f technlgy prducts, slutins and services. Over 170,000 Fujitsu peple supprt custmers in mre than 100 cuntries. Fujitsu Limited (TSE:6702) reprted cnslidated revenues f 4.4 trillin yen (US$47 billin) fr the fiscal year ended March 31, Fr mre infrmatin, please see Page 14

15 11. CONTACT PARIS, FRANCE 3 rue de Gramnt Paris, France +33 (0) sales@runmyprcess.cm LONDON, UNITED KINGDOM 22 Baker Street W1U 3BW Lndn, United Kingdm Tel: +49-(0) jelkingtn@runmyprcess.cm SUNNYVALE, UNITED STATES 1250 E. Arques Ave. Sunnyvale, CA TOKYO, JAPAN Fujitsu Limited , Shin-kamata, Ohta-ku Tky , Japan MUNICH, GERMANY Fujitsu Enabling Sftware Technlgy Schwanthaler Str. 75a D München Page 15