SaaS architecture security
|
|
- Sabrina Lynette Tate
- 8 years ago
- Views:
Transcription
1 Introduction i2o solutions utilise the software as a service (or SaaS) model because it enables us to provide our customers with a robust, easy to use software platform that facilitates the rapid deployment of innovative new functionality. Security is an important part of providing any SaaS solution that monitors and controls water distribution networks. i2o has placed particular focus on building high levels of security into its SaaS solutions. This whitepaper provides an overview of i2o s approach to security within its software service delivery capabilities. We offer robust, scalable, resilient solutions and policies that meet the security needs of our customers. Security lies at the heart of i2o s multi-tenanted systems architecture. Each customer is provided with its own isolated data stores. The only users able to access the data are those authorised by the customer. Each customer benefits from comprehensive physical, operational and systems security measures, each of which are described in more detail in the following sections. This approach allows i2o to minimise any security risk and enables our customers to focus on maximising the benefits from i2o s Advanced Pressure Management technologies. Issue 1.1 Jan 2014
2 The value of i2o s Software as a Service Over the last ten years the SaaS model has become the dominant approach to delivering software-based solutions. The SaaS approach delivers significant value to the user community for several reasons: + It simplifies, de-risks and reduces the total cost of ownership, providing customers with the flexibility to increase or decrease the service provision in accordance with their specific business needs. + Peace of mind knowing that enterprise class data management policies and practices are in place to ensure business continuity. + A single version of i2o software is delivered to all customers, ensuring that everyone is up to date and using the latest version of the solution. There is no need to worry about the cost and time of managing updates. + The user community is engaged in the on-going development of new and improved software applications provided by i2o. + Feature rich updates fuelled by the user community are delivered seamlessly to enhance the user experience and to provide functional upgrade options. + Rapid time to deploy and realise value enables organisations to avoid involved and costly procurements and respond rapidly to changing market needs. + The SasS model has great green credentials, as there is a significant reduction in energy consumption using SaaS infrastructure when compared to in-house solutions. + Guaranteed service continuity ensures that our customer s operations teams stay in control of water network services 24/7 and 365 days a year. Traditional in-house software solutions The traditional alternative to the SaaS model involves software being implemented within the customers own datacentre environment. Whilst there is a sense of control and ownership with this model, there are a number of issues with this traditional model, which have both cost and security implications. For example: + License fees require the whole cost of the software to be paid upfront + Further fees are usually charged for greater software application usage plus maintenance costs at approximately 25% pa. + Hardware (servers and storage) is procured, installed and maintained in-house + As software usage increases, additional hardware will be required + Operating systems are maintained internally 2
3 + Customisations and bespoke integrations must be maintained internally + Software vendors usually charge for upgrades and training + In-house responsibility for service delivery e.g. redundancy and failover + Data is known to be stored on site + Rogue personnel can by-pass security and attack systems 3
4 SaaS Security The security of the SaaS solution can be split into 4 areas: + Physical security: prevention of unauthorised physical access, damage, and interference to the hosted data premises and stored information + Operational security: continuous management of operational processes to ensure security is maintained + System security: using dedicated firewalls and hardened servers to control access to the software and associated data + Transport layer security: utilising encryption, IDS, IPS and Malware protected physical networks and VPN tunnels. Physical security The physical security associated with the i2o software includes locking down and logging all physical access to the data centres where the i2o system is hosted. This includes the following: + Data centre access is limited to only authorised personnel. For staff leaving the data centre (via resignation or dismissal), the hosting vendor ensures it immediately revokes all logins and access to the i2o software solutions. System and building access rights are also revoked. The data centre building access rights are continuously audited by the hosting vendor s Internal Audit Department. The data centre staff escort ALL visitors. Each visitor signs a log that requires them to present a valid photo ID, purpose of visit and who will escort them. The data centre corporate Security department performs a monthly audit of Security and Visitor access logs. + Badges and biometric scanning for controlled data centre access. All data centre employees utilise picture proximity badges and access cards to enter buildings. All employees entering any of the data centre facilities need to display their badge to the security front desk and strict policy enforcement, requires they visibly wear their badges at all times while in the building. The data centre s policy strictly prohibits employees from tailgating each other at entrances to the data centres. Data centre employees must scan their proximity badges and access cards to enter the lobby. A security guard team operates the front desk where they will check and verify 4
5 credentials before a data centre employee can scan their badge to enter the facility. Entry to the data centres also includes a guarded mantrap to enforce that tailgating does not happen. + Access and video surveillance log retention. All data centre locations are monitored by CCTV/DVRs. Standard data centre access and visitor access is strictly controlled and logged. Motion detection surveillance cameras are deployed internally and externally in all data centre facilities monitoring 24/7. All CCTV/DVRs and supporting data is retained for 90 days. + 24x7 onsite staff provides additional protection against unauthorised entry. In addition to the onsite staff and the surveillance cameras, an unarmed Guard Force is used on site and is present 24/7/365. All Staff are subject to screening. + Unmarked facilities to help maintain low profile. The data centres are unmarked and difficult to identify. No external signage is shown to identify the data centre, therefore reducing external interest in the buildings. + Physical security audited by independent firms annually. An annual report is produced to ensure the physical security of the data centre hosting the i2o software is as secure as possible. Operations Security This involves creating business processes and policies that follow security best practices, to limit access to confidential information held in the data centres and maintain tight security over time. + ISO 27001/2 based policies, reviewed at least annually The i2o data centre provider adheres to policies that meet the best Industry Standards, such as following the ISO27001/22 Framework. The ISO certification covers a broad range of security controls within the data centre, from the physical environment in which the i2o software is deployed, accessed and monitored, to the logical system-based controls employed to manage access. With this certification, the i2o data centre vendor has a systematic approach to managing critical, confidential, and sensitive corporate information to meet current standards for information security. + Documented infrastructure change management procedures Documentation of network and hardware change management procedures is fully documented. This provides procedures to correctly upgrade the data centre network infrastructure (cables, 5
6 power supplies, servers, storage), and re-allocation of data centre assets to other parts of the building. + Secure document and data centre media destruction All documentation detailing the data centre assets is securely stored and only accessible by usernames and password. The access is logged to provide an audit trail. All media that has reached its end of life is physically destroyed. Media is not just wiped clean due to security concerns. An external contract exists with a media destruction company to handle all media destruction. A certificate of destruction by barcode for all media destroyed is sent to the i2o data centre vendor after the destruction has occurred. + Incident management function Policies and processes are in place aimed at making sure information security events and weaknesses are communicated in a timely manner to allow corrective action. All serviceimpacting incidents are logged and shared with customers pro-actively. + Business continuity plan focused on availability of infrastructure Includes disaster recovery strategies and redundancy procedures should the i2o platform hosting the software develop any issues. I2O utilises RAID configurations and a managed backup agent running continuously to ensure frequent data backups are performed. (See section on Data protection and managed backups) + Continuous monitoring and improvement of security programme Continuous monitoring provides on-going visibility of any threats that are being encountered, and any potential new threats to the data centre. Continuous improvement in identifying and defending against those threats is part of the security programme. System Security System security maintains the security of the overall hardware servers the i2o software data is hosted on. This involves the following: + System installation using hardened, patched Operating System (OS) Each server has a hardened OS, which means the OS has the basic services required for the i2o software to run. The OS is hardened using guidelines from Microsoft, NIST and industry vendors. A vulnerability scan is used to validate the integrity of the servers before they are made live to i2o customers. 6
7 At the router infrastructure level, the router configuration supports filtering of non-routable private IP addresses, therefore only allowing authorised data to get through to the i2o system. + System patching to provide on-going protection from exploits All system patches are thoroughly tested in a test environment prior to installation on the live servers. Critical patches are applied immediately when available. + Dedicated firewalls to help block unauthorised system access The i2o servers are located behind a number of firewalls to stop unauthorised system access. Industry leading firewalls including Cisco ASA & PIX dedicated firewalls are used to protect the servers. The firewalls are fully certified including ICSA Firewall and IPSec certification and Common Criteria EAL4 evaluation status. All firewalls are deployed in a maximum secure state, with all ports/services closed/off to begin with. + Data protection with managed backup solutions Servers are backed up to the centralised Managed Backup Storage System. The default configuration is to perform Weekly Full and Daily Differential back-ups with retention rates of two or four weeks, which is a configurable period and can be extended as required. Managed Backup utilises an independent private network for all backups running on an all Cisco equipment switched network. This minimises Network Security concerns with the following results: Each server is in a port level VLAN. Each server can only see the backup servers and no other servers on the network, including their own. No one server can see any other server on another port level VLAN. Once the backups are made, they are stored in a library; the tape libraries are logically separated from all other equipment in the data centre. The onsite data is stored within the locked Tape library, which can only be accessed, by authorised data centre or backup technicians. i2o Application Security The i2o application has been built following best practice offered by OWASP. The application sits between multiple firewalls and multi-faceted security filters. All Logins are audited and users are filtered to ensure authentic behaviours. Administration and operational functionality exist in separate applications with independent security credential requirements. 7
8 + Intrusion Detection System to provide an additional layer of protection against unauthorised system access The data centre hosting the i2o software utilises an Intrusion Detection System (IDS), called AlertLogic to provide IDS capability. The IDS system will detect suspected malicious network traffic and respond appropriately. It detects non-whitelisted and blacklisted data patterns, allowing whitelisted, blocking blacklisted and providing alerts for unknown data patterns. The diagram below shows how IDS works to protect the i2o software from being threatened by unauthorised attacks. + Distributed Denial of Service (DDoS) mitigation services Access Control Listings (ACLs) are set up to stop specific IP addresses from reaching the i2o software and lowering the number of DDoS attacks. In the case of of traffic flowing to the i2o software servers, if abnormal traffic behaviour is detected (i.e. sudden increase in traffic from 1 IP address or multiple login attempts to i2o software), then this is treated as malicious activity. The DDOS mitigation service acts quickly, routing suspicious traffic through a "sanitation engine", which uses multiple DDoS detection methods to filter out and divert malicious traffic. All legitimate traffic is then forwarded to the intended destination servers, which are able to serve clients entirely unaffected by the on-going DDoS attack. 8
9 Transport Layer Security Device(s) GPRS Network i2o Encryption System Operator Internet VPN tunnel option i2o Water Data Centre Encrypted Data Private, Physical Network with IDS, IPS, Malware Protection Firewalls Encrypted SSL and Private Vulnerability Scanning Patch Management Malware Protection IDS/IPS Firewalls The two-way communication follows a transport layer that ensures high levels of security to and from the i2o devices in the field and the data centre. The data in transit is also encrypted and would require detailed system and code level understanding in the unlikely event of interception and decryption, to facilitate any change or intervention. Corrupted or modified data will not be understood or accepted by the i2o system. 9
10 Fire event at the data Centre? An important consideration is what happens in the event of a fire at the data centre hosting the i2o software. The i2o data is backed-up on a daily basis onto a different storage area at a different location for redundancy purposes. In the unlikely event there is a fire, the backup data will be made available for use through the i2o user interface. Backup Technicians will monitor backup jobs, perform data restores and change configurations to ensure the backup procedure works well. The i2o data is hosted using an advanced fire suppression system; this is designed to stop fires from spreading in the unlikely event one should occur. The data centre has the following system in place for fire detection and suppression: + Siemens Cerberus Pyrotronics System with VESDA smoke detection (VESDA- (Very Early Smoke Detection Apparatus) System provides very early warning of smoke or conditions leading to a fire, by continuously sampling air in facilities for carbon products) + Pre-action dry pipe fire suppression system + Portable dry-chemical fire extinguishers + Heat sensitive sprinklers located in all areas of the data centre facilities + Fire extinguishers present throughout the data centre facilities with proper identifying signage and last inspection dates The fire alarm system is connected to an off-site monitoring location that notifies the data centre engineering team to take appropriate actions. The data centre utilises the Foreseer Monitoring system for all Heating Ventilation and Air Conditioning (HVAC) and electrical distribution. In terms of water/liquid damage, the i2o hosted data centre has water leak detector installed under the raised floor throughout the data centres. Detectors are tied into Liebert units for remote alarming and paging through Foreseer. The Liebert unit is a mission-critical cooling solution for computer installations. 10
11 SaaS Accreditation The Hosting vendor used by i2o is accredited with the following certifications: + ISO27001 certified: The ISO certification covers a broad range of security controls within the data centres, from the physical environment in which the i2o system is hosted, accessed and monitored, to the logical system-based controls employed to manage access. This security certification provides assurance for customers as to the scope and scale of the secure environment that the i2o system is hosted in. + ISAE 3402 Type II Service Organisation Control (SOC 2 Reporting): this is a globally recognised standard for reporting on service organisation controls. This demonstrates that all processes, procedures and controls have been formally evaluated and tested by an independent accounting and auditing company for their data centres. The examination includes controls relating to security monitoring, change management, service delivery, support services, back-up, environmental controls, logical and physical access. + ISO 9001:2008 (Quality Management): The data centre enterprise and support functions are certified to this internationally recognised standard, this ensures the quality principles of ISO 9001 are actively embraced in the day-to-day Support to customers Conclusion The SaaS model provides substantial user benefits and the agility to rapidly meet new business requirements as they emerge. For many organisations the shift to external service-based delivery creates a real advantage, driving innovation and lowering costs. For others it is strategic option to explore and support new initiatives, unlocking the dependency on scarce in-house IT resources. The i2o SaaS model provides utilities with a robust and secure platform from which to manage their networks and deliver outstanding service to their customers. World-class security will always lie at the very heart of i2o s business and the service we provide to our customers. 11
SITECATALYST SECURITY
SITECATALYST SECURITY Ensuring the Security of Client Data June 6, 2008 Version 2.0 CHAPTER 1 1 Omniture Security The availability, integrity and confidentiality of client data is of paramount importance
More informationUnderstanding Sage CRM Cloud
Understanding Sage CRM Cloud Data centre and platform security whitepaper Document version 2016 Table of Contents 1.0 Introduction 3 2.0 Sage CRM Cloud Data centre Infrastructure 4 2.1 Site location 4
More informationSecure, Scalable and Reliable Cloud Analytics from FusionOps
White Paper Secure, Scalable and Reliable Cloud Analytics from FusionOps A FusionOps White Paper FusionOps 265 Santa Ana Court Sunnyvale, CA 94085 www.fusionops.com World-class security... 4 Physical Security...
More informationSecurity Whitepaper: ivvy Products
Security Whitepaper: ivvy Products Security Whitepaper ivvy Products Table of Contents Introduction Overview Security Policies Internal Protocol and Employee Education Physical and Environmental Security
More informationCloudDesk - Security in the Cloud INFORMATION
CloudDesk - Security in the Cloud INFORMATION INFORMATION CloudDesk SECURITY IN THE CLOUD 3 GOVERNANCE AND INFORMATION SECURITY 3 DATA CENTRES 3 DATA RESILIENCE 3 DATA BACKUP 4 ELECTRONIC ACCESS TO SERVICES
More informationCONTENTS. Security Policy
CONTENTS PHYSICAL SECURITY (UK) PHYSICAL SECURITY (CHICAGO) PHYSICAL SECURITY (PHOENIX) PHYSICAL SECURITY (SINGAPORE) SYSTEM SECURITY INFRASTRUCTURE Vendor software updates Security first policy CUSTOMER
More informationBlackboard Collaborate Web Conferencing Hosted Environment Technical Infrastructure and Security
Overview Blackboard Collaborate Web Conferencing Hosted Environment Technical Infrastructure and Security Blackboard Collaborate web conferencing is available in a hosted environment and this document
More informationSummary of Technical Information Security for Information Systems and Services Managed by NUIT (Newcastle University IT Service)
Introduction This document provides a summary of technical information security controls operated by Newcastle University s IT Service (NUIT). These information security controls apply to all NUIT managed
More informationSecurity Controls for the Autodesk 360 Managed Services
Autodesk Trust Center Security Controls for the Autodesk 360 Managed Services Autodesk strives to apply the operational best practices of leading cloud-computing providers around the world. Sound practices
More informationStratusLIVE for Fundraisers Cloud Operations
6465 College Park Square Virginia Beach, VA 23464 757-273-8219 (main) 757-962-6989 (fax) stratuslive.com Contents Security Services... 3 Rackspace Multi Layered Approach to Security... 3 Network... 3 Rackspace
More informationDESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE
DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the
More informationSWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE
SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the specific
More informationKeyLock Solutions Security and Privacy Protection Practices
KeyLock Solutions Overview KeyLock Solutions hosts its infrastructure at Heroku. Heroku is a cloud application platform used by organizations of all sizes to deploy and operate applications throughout
More informationGiftWrap 4.0 Security FAQ
GiftWrap 4.0 Security FAQ The information presented here is current as of the date of this document, and may change from time-to-time, in order to reflect s ongoing efforts to maintain the highest levels
More informationWoodcock-Johnson and Woodcock-Muñoz Language Survey Revised Normative Update Technical and Data Security Overview
Houghton Mifflin Harcourt - Riverside (HMH - Riverside) is pleased to offer online scoring and reporting for Woodcock-Johnson IV (WJ IV) and Woodcock-Muñoz Language Survey Revised Normative Update (WMLS-R
More informationAutodesk PLM 360 Security Whitepaper
Autodesk PLM 360 Autodesk PLM 360 Security Whitepaper May 1, 2015 trust.autodesk.com Contents Introduction... 1 Document Purpose... 1 Cloud Operations... 1 High Availability... 1 Physical Infrastructure
More informationRetention & Destruction
Last Updated: March 28, 2014 This document sets forth the security policies and procedures for WealthEngine, Inc. ( WealthEngine or the Company ). A. Retention & Destruction Retention & Destruction of
More informationIBX Business Network Platform Information Security Controls. 2015-02- 20 Document Classification [Public]
IBX Business Network Platform Information Security Controls 2015-02- 20 Document Classification [Public] Table of Contents 1. General 2 2. Physical Security 2 3. Network Access Control 2 4. Operating System
More informationOur Cloud Offers You a Brighter Future
Our Cloud Offers You a Brighter Future Qube Global Software Cloud Services are used by many diverse organisations including financial institutions, international service providers, property companies,
More informationBirst Security and Reliability
Birst Security and Reliability Birst is Dedicated to Safeguarding Your Information 2 Birst is Dedicated to Safeguarding Your Information To protect the privacy of its customers and the safety of their
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationA Decision Maker s Guide to Securing an IT Infrastructure
A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose
More informationSupplier Information Security Addendum for GE Restricted Data
Supplier Information Security Addendum for GE Restricted Data This Supplier Information Security Addendum lists the security controls that GE Suppliers are required to adopt when accessing, processing,
More informationFMCS SECURE HOSTING GUIDE
FMCS SECURE HOSTING GUIDE October 2015 SHG-MNL-v3.0 CONTENTS INTRODUCTION...4 HOSTING SERVICES...4 Corporate Secure Hosting... 4 Hosting Partner... 4 Hosting Location... 4 Physical Security... 4 Risk and
More informationData Management Policies. Sage ERP Online
Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...
More informationSecurity Policy JUNE 1, 2012. SalesNOW. Security Policy v.1.4 2012-06-01. v.1.4 2012-06-01 1
JUNE 1, 2012 SalesNOW Security Policy v.1.4 2012-06-01 v.1.4 2012-06-01 1 Overview Interchange Solutions Inc. (Interchange) is the proud maker of SalesNOW. Interchange understands that your trust in us
More informationSystem Security. Your data security is always our top priority
Your data security is always our top priority Data security is an important factor for every client, our continued investment in the latest technology methods and world class data centres show our commitment
More informationAltus UC Security Overview
Altus UC Security Overview Description Document Version D2.3 TABLE OF CONTENTS Network and Services Security 1. OVERVIEW... 1 2. PHYSICAL SECURITY... 1 2.1 FACILITY... 1 ENVIRONMENTAL SAFEGUARDS... 1 ACCESS...
More informationUNIFIED MEETING 5 SECURITY WHITEPAPER INFO@INTERCALL.COM INTERCALL.COM 800.820.5855 1
UNIFIED MEETING 5 SECURITY WHITEPAPER INFO@INTERCALL.COM INTERCALL.COM 800.820.5855 1 As organizations unlock the true potential of meeting over the web as an alternative to costly and timeconsuming travel,
More informationFormFire Application and IT Security. White Paper
FormFire Application and IT Security White Paper Contents Overview... 3 FormFire Corporate Security Policy... 3 Organizational Security... 3 Infrastructure and Security Team... 4 Application Development
More information<cloud> Secure Hosting Services
Global Resources... Local Knowledge Figtree offers the functionality of Figtree Systems Software without the upfront infrastructure investment. It is the preferred deployment solution for organisations
More information1 Introduction 2. 2 Document Disclaimer 2
Important: We take great care to ensure that all parties understand and appreciate the respective responsibilities relating to an infrastructure-as-a-service or self-managed environment. This document
More informationFamly ApS: Overview of Security Processes
Famly ApS: Overview of Security Processes October 2015 Please consult http://famly.co for the latest version of this paper Page 1 of 10 Table of Contents 1. INTRODUCTION TO SECURITY AT FAMLY... 3 2. PHYSICAL
More informationManaged Hosting & Datacentre PCI DSS v2.0 Obligations
Any physical access to devices or data held in an Melbourne datacentre that houses a customer s cardholder data must be controlled and restricted only to approved individuals. PCI DSS Requirements Version
More informationFrankfurt Data Centre Overview
Technical Services Briefing Document Frankfurt Data Centre Overview Version 2.1 Contents Introduction... 3 TelecityGroup Data Centre in Frankfurt... 4 Data Centre Characteristics... 4 Technologies in Use
More informationby New Media Solutions 37 Walnut Street Wellesley, MA 02481 p 781-235-0128 f 781-235-9408 www.avitage.com Avitage IT Infrastructure Security Document
Avitage IT Infrastructure Security Document The purpose of this document is to detail the IT infrastructure security policies that are in place for the software and services that are hosted by Avitage.
More informationHosted Testing and Grading
Hosted Testing and Grading Technical White Paper July 2014 www.lexmark.com Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or
More informationSmall Business IT Risk Assessment
Small Business IT Risk Assessment Company name: Completed by: Date: Where Do I Begin? A risk assessment is an important step in protecting your customers, employees, and your business, and well as complying
More informationTHE BLUENOSE SECURITY FRAMEWORK
THE BLUENOSE SECURITY FRAMEWORK Bluenose Analytics, Inc. All rights reserved TABLE OF CONTENTS Bluenose Analytics, Inc. Security Whitepaper ISO 27001/27002 / 1 The Four Pillars of Our Security Program
More informationmodules 1 & 2. Section: Information Security Effective: December 2005 Standard: Server Security Standard Revised: Policy Ref:
SERVER SECURITY STANDARD Security Standards are mandatory security rules applicable to the defined scope with respect to the subject. Overview Scope Purpose Instructions Improperly configured systems,
More informationBKDconnect Security Overview
BKDconnect Security Overview 1 Introduction 1.1 What is BKDconnect 1.2 Site Creation 1.3 Client Authentication and Access 2 Security Design 2.1 Confidentiality 2.1.1 Least Privilege and Role Based Security
More informationKeyfort Cloud Services (KCS)
Keyfort Cloud Services (KCS) Data Location, Security & Privacy 1. Executive Summary The purposes of this document is to provide a common understanding of the data location, security, privacy, resiliency
More informationDATA SECURITY POLICY. Data Security Policy
Data Security Policy Contents 1. Introduction 3 2. Purpose 4 3. Data Protection 4 4. Customer Authentication 4 5. Physical Security 5 6. Access Control 6 7. Network Security 6 8. Software Security 7 9.
More informationEnterprise level security, the Huddle way.
Enterprise level security, the Huddle way. Security whitepaper TABLE OF CONTENTS 5 Huddle s promise Hosting environment Network infrastructure Multiple levels of security Physical security System & network
More informationTONAQUINT DATA CENTER, INC. CLOUD SECURITY POLICY & PROCEDURES. Tonaquint Data Center, Inc Cloud Security Policy & Procedures 1
TONAQUINT DATA CENTER, INC. CLOUD SECURITY POLICY & PROCEDURES Tonaquint Data Center, Inc Cloud Security Policy & Procedures 1 Table of Contents 1. Operational Security 2. Physical Security 3. Network
More informationWhy SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)?
SaaS vs. COTS Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)? Unlike COTS solutions, SIMCO s CERDAAC is software that is offered as a service (SaaS). This offers several
More informationOracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0
Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0 Unless otherwise stated, these Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies
More informationQuestion Name C 1.1 Do all users and administrators have a unique ID and password? Yes
Category Question Name Question Text C 1.1 Do all users and administrators have a unique ID and password? C 1.1.1 Passwords are required to have ( # of ) characters: 5 or less 6-7 8-9 Answer 10 or more
More informationOPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE
OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the specific documents requested,
More informationQvidian Hosted Customer Technical Portfolio
Introduction The presents a description of Qvidian s Software as a Service (SaaS) deployment model, providing information on the Qvidian architecture and security practices. This document includes descriptions
More informationHealthcareBookings.com Security Set Up
HealthcareBookings.com Security Set Up Introduction... 2 Overview of the process for using HealthcareBookings.com... 2 Professionals... 2 Patients... 3 Passwords... 4 Hosting Security... 4 Overview of
More informationA GUIDE TO SECURITY AND PRIVACY IN A HOSTED EXCHANGE ENVIRONMENT TECHNICAL DOCUMENT
A GUIDE TO SECURITY AND PRIVACY IN A HOSTED EXCHANGE ENVIRONMENT TECHNICAL DOCUMENT TECHNICAL DOCUMENT SECURITY AND PRIVACY IN A HOSTED EXCHANGE ENVIRONMENT 2 OVERVIEW When it comes to deploying Microsoft
More informationMarket Data + Services. Advanced outsourcing solutions. IT Hosting and Managed Services
Market Data + Services Advanced outsourcing solutions IT Hosting and Managed Services Table of Contents 3 Table of Contents Introduction Market Data + Services powers the financial community with a range
More informationSNAP WEBHOST SECURITY POLICY
SNAP WEBHOST SECURITY POLICY Should you require any technical support for the Snap survey software or any assistance with software licenses, training and Snap research services please contact us at one
More informationSECURITY OVERVIEW FOR MY.ENDNOTE.COM. In line with commercial industry standards, Thomson Reuters employs a dedicated security team to protect our
ENDNOTE ONLINE SECURITY OVERVIEW FOR MY.ENDNOTE.COM In line with commercial industry standards, Thomson Reuters employs a dedicated security team to protect our servers from attacks and other attempts
More informationSystem Security Plan University of Texas Health Science Center School of Public Health
System Security Plan University of Texas Health Science Center School of Public Health Note: This is simply a template for a NIH System Security Plan. You will need to complete, or add content, to many
More informationProduct Overview. UNIFIED COMPUTING Managed Hosting Compute
Product Overview Interoute provide our clients with a diverse range of compute options delivered from our 10 carrier-class data centre facilities. Leveraging our extensive and diverse next generation IP
More informationCentral Agency for Information Technology
Central Agency for Information Technology Kuwait National IT Governance Framework Information Security Agenda 1 Manage security policy 2 Information security management system procedure Agenda 3 Manage
More informationDISASTER RECOVERY. Omniture Disaster Plan. June 2, 2008 Version 2.0
DISASTER RECOVERY Omniture Disaster Plan June 2, 2008 Version 2.0 CHAPTER 1 1 Disaster Recovery Plan Overview In the event that one of our data collection environments are unavailable due to an event,
More informationMAXIMUM DATA SECURITY with ideals TM Virtual Data Room
MAXIMUM DATA SECURITY with ideals TM Virtual Data Room WWW.IDEALSCORP.COM ISO 27001 Certified Account Settings and Controls Administrators control users settings and can easily configure privileges for
More informationSecurity & Infra-Structure Overview
Security & Infra-Structure Overview Contents KantanMT Platform Security... 2 Customer Data Protection... 2 Application Security... 2 Physical and Environmental Security... 3 ecommerce Transactions... 4
More informationInformation Security Policy September 2009 Newman University IT Services. Information Security Policy
Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms
More informationTRADITIONAL ENTERPRISE SCIENTIFIC SOFTWARE
TRADITIONAL ENTERPRISE SCIENTIFIC SOFTWARE deployments have been complicated and expensive. They require a data center with office space, power, cooling, bandwidth, networks, servers, and storage. They
More informationTENDER NOTICE No. UGVCL/SP/III/608/GPRS Modem Page 1 of 6. TECHNICAL SPECIFICATION OF GPRS based MODEM PART 4
TENDER NOTICE No. UGVCL/SP/III/608/GPRS Modem Page 1 of 6 TECHNICAL SPECIFICATION OF GPRS based MODEM PART 4 Cloud services (Data Centre) and related Functional requirement Cloud services as a Control
More informationHosted Exchange. Security Overview. Learn More: Call us at 877.634.2728. www.megapath.com
Security Overview Learn More: Call us at 877.634.2728. www.megapath.com Secure and Reliable Hosted Exchange Our Hosted Exchange service is delivered across an advanced network infrastructure, built on
More informationCreated By: 2009 Windows Server Security Best Practices Committee. Revised By: 2014 Windows Server Security Best Practices Committee
Windows Server Security Best Practices Initial Document Created By: 2009 Windows Server Security Best Practices Committee Document Creation Date: August 21, 2009 Revision Revised By: 2014 Windows Server
More informationLAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES
LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable
More informationDOBUS And SBL Cloud Services Brochure
01347 812100 www.softbox.co.uk DOBUS And SBL Cloud Services Brochure enquiries@softbox.co.uk DOBUS Overview The traditional DOBUS service is a non-internet reliant, resilient, high availability trusted
More informationInfor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security
Technical Paper Plain talk about security When it comes to Cloud deployment, security is top of mind for all concerned. The Infor CloudSuite team uses best-practice protocols and a thorough, continuous
More informationSTRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction
Policy: Title: Status: 1. Introduction ISP-S12 Network Management Policy Revised Information Security Policy Documentation STRATEGIC POLICY 1.1. This information security policy document covers management,
More informationTenzing Security Services and Best Practices
Tenzing Security Services and Best Practices OVERVIEW Security is about managing risks and threats to your environment. The most basic security protection is achieved by pro-actively monitoring and intercepting
More informationTroux Hosting Options
Troux Hosting Options Introducing Troux Hosting Options Benefits of a Hosted Troux Environment...3 Convenience...3 Time-to-Value...3 Reduced Cost of Ownership...3 Scalability and Flexibility...3 Security...4
More informationSMS. Cloud Computing. Systems Management Specialists. Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales
SMS Systems Management Specialists Cloud Computing Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales Cloud Computing The SMS Model: Cloud computing is a model for enabling ubiquitous, convenient,
More informationSecurity Features: Lettings & Property Management Software
Security Features: Lettings & Property Management Software V 2.0 (23/02/2015) Table of Contents Introduction to Web Application Security... 2 Potential Security Vulnerabilities for Web Applications...
More informationIntel Enhanced Data Security Assessment Form
Intel Enhanced Data Security Assessment Form Supplier Name: Address: Respondent Name & Role: Signature of responsible party: Role: By placing my name in the box above I am acknowledging that I am authorized
More informationNetop Environment Security. Unified security to all Netop products while leveraging the benefits of cloud computing
Netop Environment Security Unified security to all Netop products while leveraging the benefits of cloud computing Contents Introduction... 2 AWS Infrastructure Security... 3 Standards - Compliancy...
More informationCHIS, Inc. Privacy General Guidelines
CHIS, Inc. and HIPAA CHIS, Inc. provides services to healthcare facilities and uses certain protected health information (PHI) in connection with performing these services. Therefore, CHIS, Inc. is classified
More informationGoodData Corporation Security White Paper
GoodData Corporation Security White Paper May 2016 Executive Overview The GoodData Analytics Distribution Platform is designed to help Enterprises and Independent Software Vendors (ISVs) securely share
More informatione2e Secure Cloud Connect Service - Service Definition Document
e2e Secure Cloud Connect Service - Service Definition Document Overview A cloud connectivity service that connects users, devices, offices and clouds together over the Internet. Organisations can choose
More informationInfrastructure & Software
Managed Services We can provide you with a fully managed service more than simply hosting or co-location but a full end-to-end and single point of contact service. Infrastructure & Software Datacentres
More informationSecurity Practices, Architecture and Technologies
Security Practices, Architecture and Technologies CONTACT: 36 S. Wall Street Columbus, OH 43215 1-800-VAB-0300 www.viewabill.com 1 CONTENTS End-to-End Security Processes and Technologies... 3 Secure Architecture...
More informationLas Vegas Datacenter Overview. Product Overview and Data Sheet. Created on 6/18/2014 3:49:00 PM
Las Vegas Datacenter Overview Product Overview and Data Sheet Product Data Sheet Maintaining a Software as a Service (SaaS) environment with market leading availability and security is something that Active
More informationTASK -040. TDSP Web Portal Project Cyber Security Standards Best Practices
Page 1 of 10 TSK- 040 Determine what PCI, NERC CIP cyber security standards are, which are applicable, and what requirements are around them. Find out what TRE thinks about the NERC CIP cyber security
More informationInjazat s Managed Services Portfolio
Injazat s Managed Services Portfolio Overview Premium Managed Services to Transform Your IT Environment Injazat s Premier Tier IV Data Center is built to offer the highest level of security and reliability.
More informationWhite Paper How Noah Mobile uses Microsoft Azure Core Services
NoahMobile Documentation White Paper How Noah Mobile uses Microsoft Azure Core Services The Noah Mobile Cloud service is built for the Microsoft Azure platform. The solutions that are part of the Noah
More informationPayment Card Industry Self-Assessment Questionnaire
How to Complete the Questionnaire The questionnaire is divided into six sections. Each section focuses on a specific area of security, based on the requirements included in the PCI Data Security Standard.
More informationSecure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation
Secure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation Rev 5058-CO900C Agenda Control System Network Security Defence in Depth Secure Remote Access Examples
More informationInterCall Streaming Services Security Planning and Testing
InterCall Streaming Services Security Planning and Testing In the U.S.: 800.374.2441 www.intercall.com info@intercall.com In Canada: 877.333.2666 www.intercall.ca Application InterCall Streaming Services
More informationWHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY?
WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? Contents Introduction.... 3 What Types of Network Security Services are Available?... 4 Penetration Testing and Vulnerability Assessment... 4 Cyber
More informationExternal Supplier Control Requirements
External Supplier Control Requirements Cyber Security For Suppliers Categorised as High Cyber Risk Cyber Security Requirement Description Why this is important 1. Asset Protection and System Configuration
More informationNetwork Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting
Network Security: 30 Questions Every Manager Should Ask Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting Network Security: 30 Questions Every Manager/Executive Must Answer in Order
More information¼ããÀ ããè¾ã ¹ãÆãä ã¼ãîãä ã ããõà ãäìããä ã½ã¾ã ºããñ à Securities and Exchange Board of India
CIRCULAR CIR/MRD/DP/13/2015 July 06, 2015 To, All Stock Exchanges, Clearing Corporation and Depositories. Dear Sir / Madam, Subject: Cyber Security and Cyber Resilience framework of Stock Exchanges, Clearing
More informationSaaS Security for the Confirmit CustomerSat Software
SaaS Security for the Confirmit CustomerSat Software July 2015 Arnt Feruglio Chief Operating Officer The Confirmit CustomerSat Software Designed for The Web. From its inception in 1997, the architecture
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationCisco Advanced Services for Network Security
Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs
More informationDATA CENTRE DATA CENTRE MAY 2015
DATA CENTRE DATA CENTRE MAY 2015 CONCERTHOUSE MUSIC Concerthouse Music Data Centre services are located in the Equinix Internet Business Exchange (IBX ) Centre at Mascot. This IBX offers the highest level
More informationIT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:
IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225
More informationRisk Assessment Guide
KirkpatrickPrice Assessment Guide Designed Exclusively for PRISM International Members KirkpatrickPrice. innovation. integrity. delivered. KirkpatrickPrice Assessment Guide 2 Document Purpose The Assessment
More informationFive keys to a more secure data environment
Five keys to a more secure data environment A holistic approach to data infrastructure security Compliance professionals know better than anyone how compromised data can lead to financial and reputational
More informationensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster
Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)
More information