WALKME WHITEPAPER. WalkMe Architecture

Transcription

1 WALKME WHITEPAPER WalkMe Architecture

2 Introduction WalkMe - the Enterprise Class Guidance and Engagement Platform - drives users to action as they use software or websites. WalkMe is used by Enterprises from a wide range of industries and verticals to increase sales and conversion rates, boost UX, reduce support costs, and improve employee productivity. Comprehensive step-by-step guidance, delivered through a sequence of tip balloons, is delivered without requiring the user to leave the screen, to watch video tutorials or to read tedious manuals or FAQ pages. WalkMe is a cloud-based platform designed to help professionals customer service managers, user experience managers, training professionals, SaaS providers and sales managers guide and engage prospects, customers, employees and partners through any online experience. WalkMe s human-like algorithm delivers contextual guidance, so that the right people receive the right guidance - specific to each employee s role, tasks, actions and device. WalkMe accurately adapts to any screen size and resolution. All of this is accomplished without any changes or integration to the underlying software. Using WalkMe does not require download. WalkMe has received wide industry recognition and acclaim - Cool Vendor by Gartner, Red Herring Top 100 Award, Top Apps That Will Change Your Business by CIO Magazine, Silicon Valley's TiE50 Award, and more. 1

3 What is WalkMe? WalkMe s mission is to make using the web as easy as possible for every person by reinventing the learning curve for any website, online service or software. WalkMe s easy-to-use tool requires no integration. A Walk-Thru can be built in minutes, and a launcher placed on your site with the click of a button. WalkMe offers a secure, reliable, and scalable platform. As a pure software-asa-service (SaaS) company, all of WalkMe's servers, databases, and storage are located in a top tier and secure cloud network. In order to provide customers with the greatest flexibility, WalkMe utilizes Amazon Web Services (AWS). Due to WalkMe's architecture, clients can be confident that WalkMe will not affect site performance. WalkMe Modules 1. WalkMe Editor The Editor is a Firefox extension that enables website and application owners to create Walk-Thrus for their websites. Walk- Thrus are saved on our database and stored there as drafts. In this state, Walk- Thrus are not seen or available to any of the end-users until publication. 2. WalkMe Player The WalkMe Player is responsible for playback of all published Walk-Thrus. The WalkMe player is displayed in the form of a widget on top of the website pages. Once the original website page content is loaded completely in the end-users' browser, the WalkMe Player downloads the WalkMe files from Amazon Cloudfront CDN to the browser's cache 3. Analytics Module The analytics module is designed to help understand and improve the way the users are navigating your site. Using WalkMe s analytics and goals, you will better understand your site s flow and how to mitigate common problem areas. 2

4 Pure SaaS Implentation The WalkMe SaaS solution model is based on Amazon Web Services (AWS). WalkMe s servers are located on Amazon EC2, while the Walk-Thru details are stored on Amazon RDS. The published content thereafter is saved on Amazon S3 and is instantly deployed to Amazon CloudFront CDN for fast download rates for all WalkMe end-users. End users send analytics data from their browser directly to WalkMe EC2 Servers. In this architecture our clients have zero implementation required and only need to add the WalkMe snippet into the website HTML pages as required (similar to Google Analytics). 3

5 Self-Hosted Model Internet Intranet / Internet WalkMe Servers Customer Web Servers (hosting WalkMe static files) DB Transfer WalkMe Package Walk- Thru Editing, Analytics Reading WalkMe Static files Access website to create the walk- thrus on Original Website content WalkMe usage data End Users Editor User A Self-Hosted model does not require any on premise installation, and is the most simple solution. This package is comprised of static files only and can be installed on any web server. If WalkMe is used on an intranet website, at least one workstation must be able to connect to both the intranet site and the Internet. Walk-Thru creation can occur only from this workstation. End users need internet access to collect data for WalkMe analytics; however this is not necessary for WalkMe usage. Note that WalkMe analytics does not collect any sensitive data. 4

6 Self-Hosted Model, Proxy PlayerServer The Self Hosted Proxy PlayerServer differs from the standard Self Hosted option in that the proxy server is installed on premise. The proxy will send data to WalkMe's PlayerServer, and data will be stored on WalkMe's database. Thus, there is no direct communication between end users and WalkMe's servers. The proxy server is an application server and does not need a database. 5

7 Infrastructure Security (AWS) WalkMe's network infrastructure works and communicates with Amazon AWS, Amazon EC2, Amazon S3, Amazon Cloudfront, and Amazon RDS. Amazon Web Services (AWS) delivers a highly scalable cloud computing platform with high availability and reliability. In order to provide end-to-end security and privacy, AWS provides a wide range of security features that ensures confidentiality, integrity, and availability of its data. 6

8 SOC 1/SSAE 16/ISAE 3402 Amazon Web Services publishes the Service Organization Controls 1 (SOC 1), Type 2 report. The audit for this report is conducted in accordance with the Statement on Standards for Attestation Engagements No. 16 (SSAE 16) and the International Standards for Assurance Engagements No (ISAE 3402) professional standards. This dual report can meet a broad range of auditing requirements for U.S. and international auditing bodies. The SOC 1 report audit attests that AWS control objectives are appropriately designed and that the individual controls defined to safeguard customer data are operating effectively. Our commitment to the SOC 1 report is ongoing and we plan to continue our process of periodic audits. This audit replaces the Statement on Auditing Standards No. 70 (SAS 70) Type II report. FISMA Moderate AWS complies with the Federal Information Security Management Act (FISMA). FISMA requires federal agencies to develop, document, and implement an information security system for its data and infrastructure based on the National Institute of Standards and Technology Special Publication , Revision 3 standard. FISMA Moderate Authorization and Accreditation requires AWS to implement and operate an extensive set of security configurations and controls. This includes documenting the management, operational, and technical processes used to secure the physical and virtual infrastructure, as well as the third-party audit of the established processes and controls. AWS has received a three-year FISMA Moderate authorization for Infrastructure as a Service from the General Services Administration. AWS has also successfully achieved other ATOs at the FISMA Moderate level by working with government agencies to certify their applications and workloads. 7

9 ISO AWS has achieved ISO certification for Information Security Management System (ISMS) covering infrastructure, data centers, and services including Amazon Elastic Compute Cloud (Amazon EC2), Amazon Simple Storage Service (Amazon S3) and Amazon Virtual Private Cloud (Amazon VPC). ISO 27001/27002 is a widely-adopted global security standard that sets out requirements and best practices for a systematic approach to managing company and customer information that s based on periodic risk assessments. In order to achieve this certification, a company must show it has a systematic and ongoing approach to managing information security risks that affect the confidentiality, integrity, and availability of company and customer information. AWS s ISO certification includes all AWS data centers in all regions worldwide, and AWS has established a formal program to maintain the certification. 8

10 WalkMe Security WalkMe was built as a third-party application to seamlessly work inside websites and Web applications. WalkMe has implemented a multi-tiered approach to provide the highest security services within the platform. WalkMe's application and network are tested for security vulnerabilities by independent security experts as part of the secure development lifecycle. These tests include an array of penetration scenarios independent of those tested by AWS, In addition, WalkMe's security team ensures that all aspects of security adhere to the highest standards. 9

11 Login and Authentication All users, creators, and administrators of WalkMe s platform are assigned a unique user account and authorization level. All users authenticate to WalkMe with an and password of at least eight characters. Authentication is established over a 128bit SSL V3 HTTPS encrypted protocol where passwords are subsequently stored in databases with a SHA-2 algorithm + SALT. To prevent brute-force attacks, after multiple failed login attempts WalkMe will require the user to use a CAPTCHA test in order to login. Users have the capability to change their password upon request if they forgot their username or password. They are sent confidential s that are provided during signup. WalkMe Cookies Like other Web-based applications, WalkMe uses first-party cookies for authentication purposes when users log into the editor. The WalkMe player stores data to maintaining WalkMe's player state: monitoring compilation of Walk-Thru playback and analytics.to this end WalkMe uses first party cookies, third party cookies (local storage), first party local storage.no personal data is saved and no information about user usage of the website is monitored. 10

12 Content Filtering Walk-Thru balloons contain user-generated data. WalkMe prevents attempts of Cross Site Scripting (XSS). This form of attack injects malicious content into balloons on the users browser. WalkMe prevents this kind of attack with an advanced content-filtering mechanism that is embedded on WalkMe's content servers. Therefore, any attempts to insert scripts are automatically blocked from the server before Walk-Thrus are published. 11

13 Data Collected by the WalkMe Player Application WalkMe does not collect any data regarding the end-users information or actions, or any information about the website itself. In order to deliver the highest quality statistics to the website owner, information about Walk-thru usage is collected and displayed on WalkMe s analytics platform on analytics.walkme.com. All data is transferred via HTTPS protocol. Secure Storage WalkMe does not store any sensitive or classified information, the only information that is stored on WalkMe's servers is the Walk-Thru text, HTML parameters for identifying the correct location of balloons, and WalkMe analytics data. This information is kept private and safe on WalkMe s database servers, which are secured by a firewall. Each WalkMe customer is assigned a unique user ID which prevents unauthorized access. Although data may be stored on shared database servers, it is strictly protected and segregated in a way that ensures that only authorized users have access. 12

14 Uptime, Business Continutiy, and Disaster Recovery Capacity and Uptime WalkMe strives to provide the best possible service to our clients: as such our architecture is designed with durability in mind. Walk-Thru files and information are globally spread to minimize latency and increase performance. Disaster Recovery and BCP WalkMe's disaster recovery plan, which resides on Amazon's disaster recovery plan, ensures that customers experience no interruption of service in the event of a loss of data occurring at Amazon's data centers. WalkMe's primary components are the Walk-Thrus which are stored on Amazon's Cloudfront CDN, supporting the most advanced methods of DRP. WalkMe's other and less crucial components are the WalkMe Editor and WalkMe Analytics, which resides on Amazon EC2 and Amazon RDS and are both supported by DRP. 13