CloudDesk - Security in the Cloud INFORMATION

Size: px
Start display at page:

Download "CloudDesk - Security in the Cloud INFORMATION"

Transcription

1 CloudDesk - Security in the Cloud INFORMATION

2 INFORMATION CloudDesk SECURITY IN THE CLOUD 3 GOVERNANCE AND INFORMATION SECURITY 3 DATA CENTRES 3 DATA RESILIENCE 3 DATA BACKUP 4 ELECTRONIC ACCESS TO SERVICES 4 ANTI-VIRUS AND PATCHING 4 INTRUSION DETECTION / PREVENTION AND LOGGING 4 STAFF CHANGE CONTROL AND ACCESS MONITORING 4 DATA OWNERSHIP 5 CLIENT DATA 5 ACTIVE DIRECTORY 5 DOCUMENT CONTROL 5 Hosted PC in the Cloud Fully Managed Service Windows 7 Look and Feel Highly Secure with 100% Data Encryption Self-install any Windows Application Choice of User Applications Persaonalise & Customise Flexible Scale Up & Down QMS DOC REF: QMS REC 87, ISSUE NUMBER: 1.1, ISSUE DATE: 15/09/2014, PUBLISH DATE: 12/01/2015.

3 security in the cloud This document summarises Calligo s security policies and explains how we protect your CloudDesk data and keep it safe. Cloud computing offers numerous advantages over the traditional delivery of IT using inhouse or hosted systems. This document describes the governance, physical, technical standards and systems that Calligo has implemented. Taken as a whole these deliver the highest levels of protection. governance and information security Calligo has a dedicated team of professionals with responsibility, across all areas of the organisation, for Security & Compliance. This includes product development, the delivery of services and the day-to-day management of the company. The Chief Security Officer, who is a member of the executive management team for Calligo, leads the Security & Compliance group. Calligo is an Accredited Quality Management System (QMS) company as specified in ISO 9001:2008. The scope of Calligo s QMS comprises Service Delivery, Project Management, HR and Supplier Management. Within the Security & Compliance group we have a dedicated Standards & Compliance Manager, who is professionally trained as a lead auditor, to maintain and improve its quality, both internally and to our clients. In addition, Calligo has implemented its own Information Security Management System (ISMS) across all areas of the business. This is based on and independently accredited to ISO :2013, which is considered the industry standard for information security management. Calligo ensures the constant integration of best practice and operational conformance to its published policies and procedures. We achieve this by an internal audit process that ensures that the activities undertaken by the team are fully inline with our internal processes, and where necessary supplement this with third party audits, an example of this would be the external audit undertaken of Calligo s ISO 27001:2013 implementation. The policies and procedures that Calligo has deployed are fully aligned to the standards that are published by the Cloud Security Alliance (CSA), known as the STAR standards. These extend the ISO standards and reflect best practice that is specific to cloud service providers. Calligo will soon be seeking CSA STAR certification. data centres Calligo uses specialist data centre providers who host our equipment at selected offshore locations. In Jersey & Guernsey we use Sure International, in Zurich we use Interoute and in Cayman we have partnered with MCS. All data centres have the highest level of physical and technical security. The infrastructure design includes: Independent electricity supply from the grid separate transformers and diverse cable routing Multiple standby power generators onsite with diesel stored on-site Uninterruptible power supply systems (battery backup) N+1 Multiple air conditioning units N+1 Fire suppression and VESDA (Very Early Smoke Detection Apparatus) Network communication circuits delivered over multiple carriers and routes All services monitored 24x7. The Jersey & Zurich facilities have ISO certification in place. The Guernsey facility has adopted ISO standards throughout, and will be looking to formally be audited in the coming months. Physical access to the data centres is highly restricted. Calligo has full control over who has access, when access occurs and we also ensure that the standards of the data centre facility are regularly reviewed to ensure compliance. In addition we have a controlled process in place to manage visitor access should it be required, we ensure that this access is limited and controlled typically with proximity card or biometrics. data resilience Calligo uses state of the art hardware including solid state storage platforms with all data being centrally stored on a Storage Area Network (SAN). Calligo s storage system is designed specifically for cloud services providers and provides levels of performance and security rarely seen in older, more traditional storage. Data is stored using 128-bit AES encryption. The distribution of keys is secure, as the key is never stored completely in one place. The key is split and encrypted prior to node distribution. No single node or drive has the key on it at any time. Whenever power is lost on a drive the data stored is inaccessible as it is encrypted. The disk system uses a clustered architecture, providing a highly available system that is designed to be fault tolerant with no single points of failure. A distributed replication mechanism protects data across multiple drives and nodes within a cluster. 3

4 In addition the disk system contains specific features to support multi-tenancy cloud services, destructive data deletion and forensic data discovery. data backup A CloudDesk consists of a C: Drive and a D: Drive. The C: Drive is a system drive and Calligo strongly advises that this is not used to store data. This drive is not backed up if it becomes corrupted Calligo will recreate from a Gold build. The D: Drive, also called Persistent Data Disk, is a personal data drive. Documents saved to the My Documents folder (or a sub-folder of this) will be stored on the D: Drive. The My Documents folder, and sub-folders, are backed up as default for 7 days. My Documents includes Documents, Music, Pictures, Videos and Favourites. This backup is held in the same data centre as your CloudDesk. When you delete a file, such as a Word document or Excel spreadsheet, then a copy of that file will be held in the backup system for a further 7 days and can be restored by Calligo (as a chargeable service) during that period. After 7 days it will be permanently deleted. The above backup service meets the vast majority of operational requirements. If a document is accidentally deleted or overwritten then that is usually realised very quickly, within 7 days, and the document can be restored. But, a regulated business is likely to have more demanding data retention policies and Calligo recommends the use of its CloudCopy service. The CloudCopy service encrypts, compresses and replicates data across two data centres. This backup service provides a very high level of protection and meets, or exceeds, the most demanding security requirements. Clients can define their own data retention policies which for a financial services business might be to retain daily backups for 31 days, month end backups for 13 months and year end backups for 7 years. electronic access to services The CloudDesk service is accessed via the Internet or private communication circuits. The desktop connection sessions provides full encryption of the active session ensuring protection of all transmitted data, preventing interception for key strokes and screen data logging, and preventing Man in the Browser type attacks. Customers may also request VPN (virtual private network) access to their cloud services such as CloudDesk. This is a cost option, but can be provided with PPTP or VPN with a permanent point to point tunnel or dial-up VPN. anti-virus and patching The CloudDesk desktops are protected from viruses and malware using a combination of Microsoft and Trend Micro s protection services. Trend Micro is a leading provider of IT security systems and has invested extensively to deliver products specifically designed for cloud service providers, and is a trusted partner of Calligo. The Windows desktop and Microsoft applications, such as Office, are patched and updated by Calligo. Clients and their end users do not have to worry about undertaking these time consuming tasks. The Trend Micro solution is also available as an option for hosted servers. It is not automatically provided as clients may already have alternative, preferred, options. intrusion detection / prevention and logging Using a combination of security solutions from trusted partners we have built a multi layered deployment Security Platform. It delivers a comprehensive, vendor neutral, adaptive and highly efficient protection service across our environment that defends and protects at every level of the platform, covering areas such as anti-malware, intrusion detection and prevention, firewalls, web application protection, full end to end integrity monitoring and detailed log inspection. This is running in real time across the entire cloud platform. The solution is deployed both internally and externally ensuring full defense at multiple layers throughout the environment. In addition, Calligo employs a detailed policy to log all user access to any and all services (such as hosted desktop and ) storing these information security logs as part of a detailed managed data retention policy. staff change control and access monitoring Calligo engineers that provide support to CloudDesk clients have passed a data competency check. All staff members have references checked and have also signed an encompassing Confidentiality Agreement with Calligo, preventing the disclosure of any sensitive materials in our domain. Access to systems and data is only undertaken by experienced engineering staff that have been granted access by Director or C Level. Staff members are aware that their access to systems and physical access is monitored. Access to all systems and the data contained within is role based, ensuring that control of access is maintained and provided on a needs basis opposed to full access at all times. Any changes to data, systems or infrastructure must be requested through Calligo s formal change management process, with approval required by its change board, which includes executive management approval prior to any changes occurring this ensures that any change that is authorised to occur is fully considered and understood, which includes relevant rollback and reversal processes in the unlikely event that a change must be backed out. Calligo s Change Management policy is ITIL compliant, and is a key area of both its Quality and Information Security Management processes which have been independently reviewed and certified. Quarterly audits are made by the Security & Compliance group to ensure access to data is aligned to roles of staff members, and fully reported to back to the executive management team. user access control and storage separation Authentication and access control measures are fully adopted throughout the CloudDesk platform to prevent inappropriate access to data. Access control usage policies are established for each client to ensure that the correct access permissions are applied to its data, and these are applied using ACL (access control lists), and are periodically reviewed to ensure relevance Each customer s data is logically separated within our storage network and through ACL (access control lists) only approved designated users are granted access. Calligo uses Secure LDAP and Microsoft s Active Directory Services to allow for the administration and control of access to data, with unique access to client data built based on client need. In the case of dynamic services and hosted desktops the session data is also protected by virtualisation technologies (VMware), which allow for user resources at the hardware or software level (memory, processes and CPU units), which provides total security to users 4

5 within these systems, as well as the data they are accessing. Unlike pure terminal services, or Citrix, Calligo clients have their own virtualised and isolated environment to work within not one that is shared by other users. This architecture allows for a great level of security to be applied, not just on data access, but also on the entire virtual session that is used. data ownership Calligo ensures security and privacy of your data and Calligo s terms and conditions of service provide specific guarantees in respect of the ability to off-board. We comply with the principles of the UK Data Protection Act 1998, the Data Protection (Jersey) Law 2005, the Data Protection (Bailiwick of Guernsey) Law 2001 and the Privacy and Electronic Communications (EC Directive) Regulations The eight principles relating to the processing of personal information are: Fairly and lawfully processed Processed for a limited time Adequate, relevant & not excessive Accurate Not kept longer than necessary Processed in accordance with your rights Secure Not transferred to countries without adequate protection Customer privacy and security is of upmost importance to us. We will always follow these principles and ask you how you would like us (or our partners) to communicate with you. CLIENT DATA You can be confident that your data is safe and will always be available to you, and only you. Our managed service protects you from the ever changing threat of viruses and the loss of data. We take responsibility for ensuring that proper security measures are in place to protect your data. Clients have access to their own data at any time, which they can copy, backup and store themselves if required. Client data is not stored in any proprietary format and in the case of service termination the data can be provided to the Client on DVD or other portable digital device subject to a standard services fee. After a Client has exited the service their data is purged from Calligo s systems. active directory The CloudDesk service incorporates Microsoft s Active Directory (AD) service. This allows for granular control of a wide range of services and features. For example, it is possible to lock down a desktop so that it is impossible for an end user to install additional applications. This can be controlled by organisation, department or individual user. Access to shared network folders can be similarly controlled by department or user with control over access rights such as read/ write, read only. By default user passwords are required to be complex (i.e. include a variety of upper, lower case, numbers and special characters), expire regularly and cannot reuse recent. Password policies can be adjusted to reflect a client s policies (may be chargeable), and will ensure that a client s unique security requirement can be built into the solution to be deployed. document control For details visit: Copyright 2015 Calligo Limited. Not to be reproduced without permission.

InsightCloud. www.insightcloud.com. Hosted Desktop Service. What is InsightCloud? What is SaaS? What are the benefits of SaaS?

InsightCloud. www.insightcloud.com. Hosted Desktop Service. What is InsightCloud? What is SaaS? What are the benefits of SaaS? What is InsightCloud? InsightCloud is a web portal enabling Insight customers to purchase and provision a wide range of Cloud services in a straightforward and convenient manner. What is SaaS? Software

More information

CloudCore. cloudcore infrastructure 4 100% SOLID STATE STORAGE 4 TRUE SCALE-OUT ARCHITECTURE 5 RAID-LESS DATA PROTECTION 5

CloudCore. cloudcore infrastructure 4 100% SOLID STATE STORAGE 4 TRUE SCALE-OUT ARCHITECTURE 5 RAID-LESS DATA PROTECTION 5 OVERVIEW CloudCore Supports the Most Demanding Workloads ISO 27001:2013 Security with 100% Data Encryption VMware s vcloud Air Network Service Compatible Choice of Multiple Offshore Jurisdictions calligo

More information

White Paper How Noah Mobile uses Microsoft Azure Core Services

White Paper How Noah Mobile uses Microsoft Azure Core Services NoahMobile Documentation White Paper How Noah Mobile uses Microsoft Azure Core Services The Noah Mobile Cloud service is built for the Microsoft Azure platform. The solutions that are part of the Noah

More information

TalentLink Disaster Recovery & Service Continuity

TalentLink Disaster Recovery & Service Continuity Technical Services Briefing Document TalentLink Disaster Recovery & Service Continuity Version 1.2 (January 2012) Contents Overview Planning for Service Continuity Disaster Recovery Process Business Continuity

More information

System Security. Your data security is always our top priority

System Security. Your data security is always our top priority Your data security is always our top priority Data security is an important factor for every client, our continued investment in the latest technology methods and world class data centres show our commitment

More information

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room MAXIMUM DATA SECURITY with ideals TM Virtual Data Room WWW.IDEALSCORP.COM ISO 27001 Certified Account Settings and Controls Administrators control users settings and can easily configure privileges for

More information

Created By: 2009 Windows Server Security Best Practices Committee. Revised By: 2014 Windows Server Security Best Practices Committee

Created By: 2009 Windows Server Security Best Practices Committee. Revised By: 2014 Windows Server Security Best Practices Committee Windows Server Security Best Practices Initial Document Created By: 2009 Windows Server Security Best Practices Committee Document Creation Date: August 21, 2009 Revision Revised By: 2014 Windows Server

More information

SaaS Security for the Confirmit CustomerSat Software

SaaS Security for the Confirmit CustomerSat Software SaaS Security for the Confirmit CustomerSat Software July 2015 Arnt Feruglio Chief Operating Officer The Confirmit CustomerSat Software Designed for The Web. From its inception in 1997, the architecture

More information

White Paper. BD Assurity Linc Software Security. Overview

White Paper. BD Assurity Linc Software Security. Overview Contents 1 Overview 2 System Architecture 3 Network Settings 4 Security Configurations 5 Data Privacy and Security Measures 6 Security Recommendations Overview This white paper provides information about

More information

Supplier Information Security Addendum for GE Restricted Data

Supplier Information Security Addendum for GE Restricted Data Supplier Information Security Addendum for GE Restricted Data This Supplier Information Security Addendum lists the security controls that GE Suppliers are required to adopt when accessing, processing,

More information

TELSTRA CLOUD SERVICES CLOUD INFRASTRUCTURE PRICING GUIDE AUSTRALIA

TELSTRA CLOUD SERVICES CLOUD INFRASTRUCTURE PRICING GUIDE AUSTRALIA TELSTRA CLOUD SERVICES CLOUD INFRASTRUCTURE PRICING GUIDE AUSTRALIA WELCOME TO TELSTRA CLOUD SERVICES Our cloud infrastructure solutions are made up of a combination of scalable cloud resources, including

More information

SaaS architecture security

SaaS architecture security Introduction i2o solutions utilise the software as a service (or SaaS) model because it enables us to provide our customers with a robust, easy to use software platform that facilitates the rapid deployment

More information

Our Cloud Offers You a Brighter Future

Our Cloud Offers You a Brighter Future Our Cloud Offers You a Brighter Future Qube Global Software Cloud Services are used by many diverse organisations including financial institutions, international service providers, property companies,

More information

itg CloudBase is a suite of fully managed Hybrid & Private Cloud Services ready to support your business onwards and upwards into the future.

itg CloudBase is a suite of fully managed Hybrid & Private Cloud Services ready to support your business onwards and upwards into the future. Web Filtering Email Filtering Mail Archiving Cloud Backup Disaster Recovery Virtual Machines Private Cloud itg CloudBase is a suite of fully managed Hybrid & Private Cloud Services ready to support your

More information

IT Security Procedure

IT Security Procedure IT Security Procedure 1. Purpose This Procedure outlines the process for appropriate security measures throughout the West Coast District Health Board (WCDHB) Information Systems. 2. Application This Procedure

More information

Hosted Exchange. Security Overview. Learn More: Call us at 877.634.2728. www.megapath.com

Hosted Exchange. Security Overview. Learn More: Call us at 877.634.2728. www.megapath.com Security Overview Learn More: Call us at 877.634.2728. www.megapath.com Secure and Reliable Hosted Exchange Our Hosted Exchange service is delivered across an advanced network infrastructure, built on

More information

Las Vegas Datacenter Overview. Product Overview and Data Sheet. Created on 6/18/2014 3:49:00 PM

Las Vegas Datacenter Overview. Product Overview and Data Sheet. Created on 6/18/2014 3:49:00 PM Las Vegas Datacenter Overview Product Overview and Data Sheet Product Data Sheet Maintaining a Software as a Service (SaaS) environment with market leading availability and security is something that Active

More information

Birst Security and Reliability

Birst Security and Reliability Birst Security and Reliability Birst is Dedicated to Safeguarding Your Information 2 Birst is Dedicated to Safeguarding Your Information To protect the privacy of its customers and the safety of their

More information

Addendum Windows Azure Data Processing Agreement Amendment ID M129

<Choose> Addendum Windows Azure Data Processing Agreement Amendment ID M129 Addendum Amendment ID Proposal ID Enrollment number Microsoft to complete This addendum ( Windows Azure Addendum ) is entered into between the parties identified on the signature form for the

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

Guardian365. Managed IT Support Services Suite

Guardian365. Managed IT Support Services Suite Guardian365 Managed IT Support Services Suite What will you get from us? Award Winning Team Deloitte Best Managed Company in 2015. Ranked in the Top 3 globally for Best Managed Service Desk by the Service

More information

SNAP WEBHOST SECURITY POLICY

SNAP WEBHOST SECURITY POLICY SNAP WEBHOST SECURITY POLICY Should you require any technical support for the Snap survey software or any assistance with software licenses, training and Snap research services please contact us at one

More information

Interact Intranet Version 7. Technical Requirements. August 2014. 2014 Interact

Interact Intranet Version 7. Technical Requirements. August 2014. 2014 Interact Interact Intranet Version 7 Technical Requirements August 2014 2014 Interact Definitions... 3 Licenses... 3 On-Premise... 3 Cloud... 3 Pulic Cloud... 3 Private Cloud... 3 Perpetual... 3 Self-Hosted...

More information

SHARPCLOUD SECURITY STATEMENT

SHARPCLOUD SECURITY STATEMENT SHARPCLOUD SECURITY STATEMENT Summary Provides details of the SharpCloud Security Architecture Authors: Russell Johnson and Andrew Sinclair v1.8 (December 2014) Contents Overview... 2 1. The SharpCloud

More information

NHSnet SyOP 9.2 NHSnet Portable Security Policy V1. NHSnet : PORTABLE COMPUTER SECURITY POLICY. 9.2 Introduction

NHSnet SyOP 9.2 NHSnet Portable Security Policy V1. NHSnet : PORTABLE COMPUTER SECURITY POLICY. 9.2 Introduction NHSnet : PORTABLE COMPUTER SECURITY POLICY 9.2 Introduction This document comprises the IT Security policy for Portable Computer systems as described below. For the sake of this document Portable Computers

More information

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY DATA LABEL: PUBLIC INFORMATION SECURITY POLICY CONTENTS 1. INTRODUCTION... 3 2. MAIN OBJECTIVES... 3 3. LEGISLATION... 4 4. SCOPE... 4 5. STANDARDS... 4

More information

Woodcock-Johnson and Woodcock-Muñoz Language Survey Revised Normative Update Technical and Data Security Overview

Woodcock-Johnson and Woodcock-Muñoz Language Survey Revised Normative Update Technical and Data Security Overview Houghton Mifflin Harcourt - Riverside (HMH - Riverside) is pleased to offer online scoring and reporting for Woodcock-Johnson IV (WJ IV) and Woodcock-Muñoz Language Survey Revised Normative Update (WMLS-R

More information

Securing the Service Desk in the Cloud

Securing the Service Desk in the Cloud TECHNICAL WHITE PAPER Securing the Service Desk in the Cloud BMC s Security Strategy for ITSM in the SaaS Environment Introduction Faced with a growing number of regulatory, corporate, and industry requirements,

More information

PAAS Public Sector Managed Services

PAAS Public Sector Managed Services Meritec Limited Meritec House, Acorn Business Park, Skipton, North Yorkshire, BD23 2UE 0845 3451155 servicepoint@meritec.co.uk www.meritec.co.uk Registered In England & Wales No. 3224622 Table of Contents

More information

EAaaS Cloud Security Best Practices

EAaaS Cloud Security Best Practices EAaaS Cloud Security Best Practices A Technical White Paper by Sennovate Inc Jan 2013 EAaaS Cloud Security Best Practices Page 1 Introduction: Cloud security is an ever evolving subject that is difficult

More information

Ensuring security the last barrier to Cloud adoption

Ensuring security the last barrier to Cloud adoption Ensuring security the last barrier to Cloud adoption Publication date: March 2011 Ensuring security the last barrier to Cloud adoption Cloud computing has powerful attractions for the organisation. It

More information

1 Purpose... 2. 2 Scope... 2. 3 Roles and Responsibilities... 2. 4 Physical & Environmental Security... 3. 5 Access Control to the Network...

1 Purpose... 2. 2 Scope... 2. 3 Roles and Responsibilities... 2. 4 Physical & Environmental Security... 3. 5 Access Control to the Network... Contents 1 Purpose... 2 2 Scope... 2 3 Roles and Responsibilities... 2 4 Physical & Environmental Security... 3 5 Access Control to the Network... 3 6 Firewall Standards... 4 7 Wired network... 5 8 Wireless

More information

Cyber Essentials Questionnaire

Cyber Essentials Questionnaire Cyber Essentials Questionnaire Introduction The Cyber Essentials scheme is recommended for organisations looking for a base level Cyber security test where IT is a business enabler rather than a core deliverable.

More information

Infrastructure & Software

Infrastructure & Software Managed Services We can provide you with a fully managed service more than simply hosting or co-location but a full end-to-end and single point of contact service. Infrastructure & Software Datacentres

More information

WHAT ARE THE KEY FEATURES OF ON DEMAND FILE SERVER?

WHAT ARE THE KEY FEATURES OF ON DEMAND FILE SERVER? INTRODUCING ON DEMAND FILE SERVER FROM BT WHOLESALE APPLICATION STORE WHAT IS ON DEMAND FILE SERVER? The three most common technology challenges facing every small business are data storage, information

More information

Keyfort Cloud Services (KCS)

Keyfort Cloud Services (KCS) Keyfort Cloud Services (KCS) Data Location, Security & Privacy 1. Executive Summary The purposes of this document is to provide a common understanding of the data location, security, privacy, resiliency

More information

UNCLASSIFIED. Cobweb Hosted Exchange Service Description

UNCLASSIFIED. Cobweb Hosted Exchange Service Description UNCLASSIFIED 26/05/2016 V3.3 Cobweb Hosted Exchange Service Description Cobweb Hosted Exchange is a business-class messaging and collaboration service designed to help your business communicate securely,

More information

John Essner, CISO Office of Information Technology State of New Jersey

John Essner, CISO Office of Information Technology State of New Jersey John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management

More information

Autodesk PLM 360 Security Whitepaper

Autodesk PLM 360 Security Whitepaper Autodesk PLM 360 Autodesk PLM 360 Security Whitepaper May 1, 2015 trust.autodesk.com Contents Introduction... 1 Document Purpose... 1 Cloud Operations... 1 High Availability... 1 Physical Infrastructure

More information

GiftWrap 4.0 Security FAQ

GiftWrap 4.0 Security FAQ GiftWrap 4.0 Security FAQ The information presented here is current as of the date of this document, and may change from time-to-time, in order to reflect s ongoing efforts to maintain the highest levels

More information

Security Overview Enterprise-Class Secure Mobile File Sharing

Security Overview Enterprise-Class Secure Mobile File Sharing Security Overview Enterprise-Class Secure Mobile File Sharing Accellion, Inc. 1 Overview 3 End to End Security 4 File Sharing Security Features 5 Storage 7 Encryption 8 Audit Trail 9 Accellion Public Cloud

More information

IBM G-Cloud Microsoft Windows Active Directory as a Service

IBM G-Cloud Microsoft Windows Active Directory as a Service IBM G-Cloud Microsoft Windows Active Directory as a Service Service Definition IBM G-Cloud Windows AD as a Service 1 1. Summary 1.1 Service Description This offering is provided by IBM Global Business

More information

Croner Hosting Services

Croner Hosting Services 2015 Croner Hosting Services Overview This document describes the Hosting Options, Process Controls and Security models used in Croner s software platforms. Hosting Options Croner have partnered with one

More information

REDCENTRIC MANAGED SERVER SERVICE DEFINITION

REDCENTRIC MANAGED SERVER SERVICE DEFINITION REDCENTRIC MANAGED SERVER SERVICE DEFINITION SD062 V1.4 Issue Date 01 July 2014 1) OVERVIEW The Managed Server service (MSS) provides access to Redcentric s 24x7 support capability, technical skills and

More information

UK Inflammatory Bowel Disease Audit Biologics Audit system and hosted server Security Details

UK Inflammatory Bowel Disease Audit Biologics Audit system and hosted server Security Details UK Inflammatory Bowel Disease Audit Biologics Audit system and hosted server Details www.ibdbiologicsaudit.org Table of contents For further information contact: biologics.audit@rcplondon.ac.uk Overview...2

More information

Hosted Exchange Service

Hosted Exchange Service Hosted Exchange Service Contents Contents... 1 Overview Hosted Exchange... 3 Hosted Exchange Features... 3 Technical Features... 3 Hosted Exchange - MailBox... 4 Hosted Exchange - Key Points... 4 Cloud

More information

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,

More information

FileCloud Security FAQ

FileCloud Security FAQ is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file

More information

University of Liverpool

University of Liverpool University of Liverpool Information Security Policy Reference Number Title CSD-003 Information Security Policy Version Number 3.0 Document Status Document Classification Active Open Effective Date 01 October

More information

White Paper. Software as a Service by Yardi. Secure, seamless hosting and support

White Paper. Software as a Service by Yardi. Secure, seamless hosting and support White Paper Software as a Service by Yardi Secure, seamless hosting and support Yardi, the Yardi logo, and the names of Yardi products and services are either registered trademarks or trademarks of Yardi

More information

Managing for the Long Term: Keys to Securing, Troubleshooting and Monitoring a Private Cloud

Managing for the Long Term: Keys to Securing, Troubleshooting and Monitoring a Private Cloud Deploying and Managing Private Clouds The Essentials Series Managing for the Long Term: Keys to Securing, Troubleshooting and Monitoring a Private Cloud sponsored by Managing for the Long Term: Keys to

More information

Enterprise level security, the Huddle way.

Enterprise level security, the Huddle way. Enterprise level security, the Huddle way. Security whitepaper TABLE OF CONTENTS 5 Huddle s promise Hosting environment Network infrastructure Multiple levels of security Physical security System & network

More information

Desktop as a Service Service Definition

Desktop as a Service Service Definition Desktop as a Service Service Definition 2 Table of Contents Purpose of Document... 4 Desktops as a Service (DaaS) Service Description... 4 Technology... 5 Deliver Uncompromised End User Experience... 5

More information

Secure, Scalable and Reliable Cloud Analytics from FusionOps

Secure, Scalable and Reliable Cloud Analytics from FusionOps White Paper Secure, Scalable and Reliable Cloud Analytics from FusionOps A FusionOps White Paper FusionOps 265 Santa Ana Court Sunnyvale, CA 94085 www.fusionops.com World-class security... 4 Physical Security...

More information

TIBCO Nimbus Cloud Service

TIBCO Nimbus Cloud Service TIBCO Nimbus Cloud Service TIBCO Nimbus TIBCO Software Inc. (NASDAQ: TIBX) is a provider of infrastructure software for companies to use onpremise or as part of cloud computing environments. Whether it's

More information

ECSA EuroCloud Star Audit Data Privacy Audit Guide

ECSA EuroCloud Star Audit Data Privacy Audit Guide ECSA EuroCloud Star Audit Data Privacy Audit Guide Page 1 of 15 Table of contents Introduction... 3 ECSA Data Privacy Rules... 4 Governing Law... 6 Sub processing... 6 A. TOMs: Cloud Service... 7 TOMs:

More information

StratusLIVE for Fundraisers Cloud Operations

StratusLIVE for Fundraisers Cloud Operations 6465 College Park Square Virginia Beach, VA 23464 757-273-8219 (main) 757-962-6989 (fax) stratuslive.com Contents Security Services... 3 Rackspace Multi Layered Approach to Security... 3 Network... 3 Rackspace

More information

Secure and control how your business shares files using Hightail

Secure and control how your business shares files using Hightail HIGHTAIL FOR ENTERPRISE: SECURITY OVERVIEW Secure and control how your business shares files using Hightail Information the lifeblood of any business is potentially placed at risk every time digital files

More information

BOWMAN SYSTEMS SECURING CLIENT DATA

BOWMAN SYSTEMS SECURING CLIENT DATA BOWMAN SYSTEMS SECURING CLIENT DATA 2012 Bowman Systems L.L.C. All Rights Reserved. This document and the information contained herein are the property of Bowman Systems L.L.C. and should be considered

More information

WICKSoft Mobile Documents for the BlackBerry Security white paper mobile document access for the Enterprise

WICKSoft Mobile Documents for the BlackBerry Security white paper mobile document access for the Enterprise WICKSoft Mobile Documents for the BlackBerry Security white paper mobile document access for the Enterprise WICKSoft Corporation http://www.wicksoft.com Copyright WICKSoft 2007. WICKSoft Mobile Documents

More information

BUILT FOR YOU. Contents. Cloudmore Exchange

BUILT FOR YOU. Contents. Cloudmore Exchange BUILT FOR YOU Introduction is designed so it is as cost effective as possible for you to configure, provision and manage to a specification to suit your organisation. With a proven history of delivering

More information

Online Backup Service Definition

Online Backup Service Definition Online Backup Service Definition 2 Table of Contents Purpose of Document... 3 Online Backup Service... 3 Accreditations... 5 Target Service Levels for Online Backup... 5 Service Credits Rules and Claims...

More information

Security Policy JUNE 1, 2012. SalesNOW. Security Policy v.1.4 2012-06-01. v.1.4 2012-06-01 1

Security Policy JUNE 1, 2012. SalesNOW. Security Policy v.1.4 2012-06-01. v.1.4 2012-06-01 1 JUNE 1, 2012 SalesNOW Security Policy v.1.4 2012-06-01 v.1.4 2012-06-01 1 Overview Interchange Solutions Inc. (Interchange) is the proud maker of SalesNOW. Interchange understands that your trust in us

More information

Table of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility.

Table of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility. FME Cloud Security Table of Contents FME Cloud Architecture Overview Secure Operations I. Backup II. Data Governance and Privacy III. Destruction of Data IV. Incident Reporting V. Development VI. Customer

More information

Appendix 1c. DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA REVIEW OF NETWORK/INTERNET SECURITY

Appendix 1c. DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA REVIEW OF NETWORK/INTERNET SECURITY Appendix 1c DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA REVIEW OF NETWORK/INTERNET SECURITY DISTRIBUTION LIST Audit Team Prakash Gohil, Audit Manager Steven Snaith, Risk

More information

Microsoft Exchange Online from BT. Service Description (Shared Platform)

Microsoft Exchange Online from BT. Service Description (Shared Platform) Microsoft Exchange Online from BT Version 5.1 January 2004 Confidentiality statement All information contained in this document is provided in confidence for the sole purpose of adjudication, and shall

More information

Endpoint protection for physical and virtual desktops

Endpoint protection for physical and virtual desktops datasheet Trend Micro officescan Endpoint protection for physical and virtual desktops In the bring-your-own-device (BYOD) environment, protecting your endpoints against ever-evolving threats has become

More information

RSA Authentication Agents Security Best Practices Guide. Version 3

RSA Authentication Agents Security Best Practices Guide. Version 3 RSA Authentication Agents Security Best Practices Guide Version 3 Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com. Trademarks RSA,

More information

Security Architecture Whitepaper

Security Architecture Whitepaper Security Architecture Whitepaper 2015 by Network2Share Pty Ltd. All rights reserved. 1 Table of Contents CloudFileSync Security 1 Introduction 1 Data Security 2 Local Encryption - Data on the local computer

More information

Newcastle University Information Security Procedures Version 3

Newcastle University Information Security Procedures Version 3 Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations

More information

AGENDA ITEM: SUMMARY. Author/Responsible Officer: John Worts, ICT Team Leader

AGENDA ITEM: SUMMARY. Author/Responsible Officer: John Worts, ICT Team Leader AGENDA ITEM: SUMMARY Report for: Committee Date of meeting: 30 May 2012 PART: 1 If Part II, reason: Title of report: Contact: Purpose of report: Recommendations Corporate objectives: Implications: INFORMATION

More information

Data Protection Act 1998. Guidance on the use of cloud computing

Data Protection Act 1998. Guidance on the use of cloud computing Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered

More information

CLOUD FRAMEWORK & SECURITY OVERVIEW

CLOUD FRAMEWORK & SECURITY OVERVIEW CLOUD FRAMEWORK & OVERVIEW From small businesses to the largest Fortune 500 Enterprises, customers trust the irise cloud infrastructure when collaborating to define and design their applications. This

More information

APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST

APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST Application Name: Vendor Name: Briefly describe the purpose of the application. Include an overview of the application architecture, and identify the data

More information

Xerox DocuShare Private Cloud Service. Security White Paper

Xerox DocuShare Private Cloud Service. Security White Paper Xerox DocuShare Private Cloud Service Security White Paper Table of Contents Overview 3 Adherence to Proven Security Practices 3 Highly Secure Data Centers 4 Three-Tier Architecture 4 Security Layers Safeguard

More information

Service Overview CloudCare Online Backup

Service Overview CloudCare Online Backup Service Overview CloudCare Online Backup CloudCare s Online Backup service is a secure, fully automated set and forget solution, powered by Attix5, and is ideal for organisations with limited in-house

More information

Application Development within University. Security Checklist

Application Development within University. Security Checklist Application Development within University Security Checklist April 2011 The Application Development using data from the University Enterprise Systems or application Development for departmental use security

More information

custom hosting for how you do business

custom hosting for how you do business custom hosting for how you do business 24775 League Island Boulevard Philadelphia PA 19112 gibraltarit.com 866.410.4427 Gibraltar s replicated cloud architecture and PCI/HIPAA compliant data centers provide

More information

Secure Hosting Services

<cloud> Secure Hosting Services Global Resources... Local Knowledge Figtree offers the functionality of Figtree Systems Software without the upfront infrastructure investment. It is the preferred deployment solution for organisations

More information

Did you know your security solution can help with PCI compliance too?

Did you know your security solution can help with PCI compliance too? Did you know your security solution can help with PCI compliance too? High-profile data losses have led to increasingly complex and evolving regulations. Any organization or retailer that accepts payment

More information

Ensuring Enterprise Data Security with Secure Mobile File Sharing.

Ensuring Enterprise Data Security with Secure Mobile File Sharing. A c c e l l i o n S e c u r i t y O v e r v i e w Ensuring Enterprise Data Security with Secure Mobile File Sharing. Accellion, Inc. Tel +1 650 485-4300 1804 Embarcadero Road Fax +1 650 485-4308 Suite

More information

A Decision Maker s Guide to Securing an IT Infrastructure

A Decision Maker s Guide to Securing an IT Infrastructure A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose

More information

Product Overview. UNIFIED COMPUTING Managed Hosting - Storage Data Sheet

Product Overview. UNIFIED COMPUTING Managed Hosting - Storage Data Sheet Product Overview Interoute offers a range of managed storage solutions to provide the best fit for our customers budget, capacity, performance and compliance needs. By taking advantage of our unrivalled

More information

Comparative study of security parameters by Cloud Providers

Comparative study of security parameters by Cloud Providers Comparative study of security parameters by Cloud Providers Manish Kumar Aery 1 Faculty of Computer Applications, Global Infotech Institute of IT & Management (LPUDE) aery.manish1@gmail.com, Sumit Gupta

More information

At its meeting in March 2012, the Committee approved the Internal Audit Plan for 2012-13.

At its meeting in March 2012, the Committee approved the Internal Audit Plan for 2012-13. Audit Committee 28 Internal audit report ICT Security Executive summary and recommendations Introduction Mazars has undertaken a review of ICT Security controls, in accordance with the internal audit plan

More information

White paper inforouter in the Life Sciences Industry: 21 CFR Part 11 Compliance

White paper inforouter in the Life Sciences Industry: 21 CFR Part 11 Compliance White paper inforouter in the Life Sciences Industry: 21 CFR Part 11 Compliance Overview of 21 CFR Part 11 The final version of the 21 CFR Part 11 regulation released by the FDA in 1997 provides a framework

More information

TELSTRA CLOUD SERVICES CLOUD INFRASTRUCTURE PRICING GUIDE SINGAPORE

TELSTRA CLOUD SERVICES CLOUD INFRASTRUCTURE PRICING GUIDE SINGAPORE TELSTRA CLOUD SERVICES CLOUD INFRASTRUCTURE PRICING GUIDE SINGAPORE WELCOME TO TELSTRA CLOUD SERVICES Our cloud infrastructure solutions are made up of a combination of scalable cloud resources, including

More information

Level I - Public. Technical Portfolio. Revised: July 2015

Level I - Public. Technical Portfolio. Revised: July 2015 Level I - Public Technical Portfolio Revised: July 2015 Table of Contents 1. INTRODUCTION 3 1.1 About Imaginatik 3 1.2 Taking Information Security Seriously 3 2. DATA CENTER SECURITY 3 2.1 Data Center

More information

Service Definition Document

Service Definition Document Service Definition Document QinetiQ Secure Cloud Protective Monitoring Service (AWARE) QinetiQ Secure Cloud Protective Monitoring Service (DETER) Secure Multi-Tenant Protective Monitoring Service (AWARE)

More information

How Microsoft is taking Privacy by Design to Work. Alan Chan National Technology Officer Microsoft Hong Kong 7 May 2015

How Microsoft is taking Privacy by Design to Work. Alan Chan National Technology Officer Microsoft Hong Kong 7 May 2015 How Microsoft is taking Privacy by Design to Work Alan Chan National Technology Officer Microsoft Hong Kong 7 May 2015 Agenda Introducing the New Microsoft Microsoft privacy principle Protecting privacy

More information

Table of Contents. Page 1 of 6 (Last updated 30 July 2015)

Table of Contents. Page 1 of 6 (Last updated 30 July 2015) Table of Contents What is Connect?... 2 Physical Access Controls... 2 User Access Controls... 3 Systems Architecture... 4 Application Development... 5 Business Continuity Management... 5 Other Operational

More information

Vendor Audit Questionnaire

Vendor Audit Questionnaire Vendor Audit Questionnaire The following questionnaire should be completed as thoroughly as possible. When information cannot be provided it should be noted why it cannot be provided. Information may be

More information

Perceptive Software Platform Services

Perceptive Software Platform Services Perceptive Software Platform Services CLOUD SOLUTIONS process and content management Perceptive Software Platform Services Perceptive Software process and content management systems have been deployed

More information

TECHNOLOGY OVERVIEW INTRONIS CLOUD BACKUP & RECOVERY

TECHNOLOGY OVERVIEW INTRONIS CLOUD BACKUP & RECOVERY INTRONIS CLOUD BACKUP & RECOVERY TECHNOLOGY OVERVIEW CONTENTS Introduction 3 Ease-of-Use 3 Simple Installation 3 Automatic Backup 3 Backup Status Dashboard 4 Off-Site Storage 4 Scalability 4 File Restoration

More information

INCIDENT RESPONSE CHECKLIST

INCIDENT RESPONSE CHECKLIST INCIDENT RESPONSE CHECKLIST The purpose of this checklist is to provide clients of Kivu Consulting, Inc. with guidance in the initial stages of an actual or possible data breach. Clients are encouraged

More information

Security Controls for the Autodesk 360 Managed Services

Security Controls for the Autodesk 360 Managed Services Autodesk Trust Center Security Controls for the Autodesk 360 Managed Services Autodesk strives to apply the operational best practices of leading cloud-computing providers around the world. Sound practices

More information

Retention & Destruction

Retention & Destruction Last Updated: March 28, 2014 This document sets forth the security policies and procedures for WealthEngine, Inc. ( WealthEngine or the Company ). A. Retention & Destruction Retention & Destruction of

More information

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP solution brief PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP AWS AND PCI DSS COMPLIANCE To ensure an end-to-end secure computing environment, Amazon Web Services (AWS) employs a shared security responsibility

More information

Secure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation

Secure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation Secure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation Rev 5058-CO900C Agenda Control System Network Security Defence in Depth Secure Remote Access Examples

More information

Open Data Center Alliance Usage: Provider Assurance Rev. 1.1

Open Data Center Alliance Usage: Provider Assurance Rev. 1.1 sm Open Data Center Alliance Usage: Provider Assurance Rev. 1.1 Legal Notice This Open Data Center Alliance SM Usage:Provider Assurance is proprietary to the Open Data Center Alliance, Inc. NOTICE TO USERS

More information