Security Practices, Architecture and Technologies

Similar documents
KeyLock Solutions Security and Privacy Protection Practices

Famly ApS: Overview of Security Processes

Simone Brunozzi, AWS Technology Evangelist, APAC. Fortress in the Cloud

Table of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility.

AWS Security. Security is Job Zero! CJ Moses Deputy Chief Information Security Officer. AWS Gov Cloud Summit II

Security, Risk, and Compliance: Engine Yard

Question 5: We inquire into whether the new dependent is the first child, as this give the advisor more context and avenues to assist the client.

319 MANAGED HOSTING TECHNICAL DETAILS

White Paper How Noah Mobile uses Microsoft Azure Core Services

Cloud Security Overview

A Guide to Common Cloud Security Concerns. Why You Can Stop Worrying and Start Benefiting from SaaS

Understanding Sage CRM Cloud

Live Guide System Architecture and Security TECHNICAL ARTICLE

Security Whitepaper: ivvy Products

Security Whitepaper. NetTec NSI Philosophy. Best Practices

Cloud S ecurity Security Processes & Practices Jinesh Varia

The Education Fellowship Finance Centralisation IT Security Strategy

Secure and control how your business shares files using Hightail

Secure, Scalable and Reliable Cloud Analytics from FusionOps

Level I - Public. Technical Portfolio. Revised: July 2015

SMS. Cloud Computing. Systems Management Specialists. Grupo SMS option 3 for sales

Security & Infra-Structure Overview

twilio cloud communications SECURITY ARCHITECTURE

Anypoint Platform Cloud Security and Compliance. Whitepaper

Amazon Web Services: Overview of Security Processes May 2011

PROTECTING YOUR VOICE SYSTEM IN THE CLOUD

John Essner, CISO Office of Information Technology State of New Jersey

Building Energy Security Framework

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

StratusLIVE for Fundraisers Cloud Operations

Ensuring the Security of Your Company s Data & Identities. a best practices guide

Druva Phoenix: Enterprise-Class. Data Security & Privacy in the Cloud

With Eversync s cloud data tiering, the customer can tier data protection as follows:

BMC s Security Strategy for ITSM in the SaaS Environment

Tableau Online Security in the Cloud

FMCS SECURE HOSTING GUIDE

Application Security Best Practices. Matt Tavis Principal Solutions Architect

Security Controls for the Autodesk 360 Managed Services

FormFire Application and IT Security. White Paper

A Decision Maker s Guide to Securing an IT Infrastructure

Apteligent White Paper. Security and Information Polices

Security Overview Enterprise-Class Secure Mobile File Sharing

IBX Business Network Platform Information Security Controls Document Classification [Public]

Ensuring Enterprise Data Security with Secure Mobile File Sharing.

PRIVATE, TRUSTWORTHY AND SCALEABLE Providing Secure Remote Service and Support. white paper

Cloud Contact Center. Security White Paper

APIs The Next Hacker Target Or a Business and Security Opportunity?

Security. TestOut Modules

Keyfort Cloud Services (KCS)

Birst Security and Reliability

Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness

Projectplace: A Secure Project Collaboration Solution

Autodesk PLM 360 Security Whitepaper

Amazon Web Services: Overview of Security Processes March 2013

Tenzing Security Services and Best Practices

WALKME WHITEPAPER. WalkMe Architecture

Xerox Digital Alternatives Security and Evaluation Guide. May 2015 Version 1.1

SITECATALYST SECURITY

Securing Amazon It s a Jungle Out There

Security Policy JUNE 1, SalesNOW. Security Policy v v

全 球 資 安 剖 析, 您 做 確 實 了 嗎? Albert Yung Barracuda Networks

A GUIDE TO SECURITY AND PRIVACY IN A HOSTED EXCHANGE ENVIRONMENT TECHNICAL DOCUMENT

Security Essentials & Best Practices

custom hosting for how you do business

Hosted Testing and Grading

Clever Security Overview

Security Information & Policies

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin

Cloud IaaS: Security Considerations

White Paper: Librestream Security Overview

Remote Voting Conference

The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency

Delivering peace of mind in digital optimization: Clicktale's security standards and practices

ClickTale Security Standards and Practices: Delivering Peace of Mind in Digital Optimization

Security Overview. BlackBerry Corporate Infrastructure

Secure VidyoConferencing SM TECHNICAL NOTE. Protecting your communications VIDYO

CMS Operational Policy for Firewall Administration

University of Pittsburgh Security Assessment Questionnaire (v1.5)

IBM Cognos TM1 on Cloud Solution scalability with rapid time to value

White Paper. BD Assurity Linc Software Security. Overview

Firewall Rulebase Analysis Tool

Digi Device Cloud: Security You Can Trust

A Rackspace White Paper Spring 2010

SECURITY in the RACKSPACE CLOUD An overview of our best practices

GiftWrap 4.0 Security FAQ

Microsoft Azure. White Paper Security, Privacy, and Compliance in

BOLDCHAT ARCHITECTURE & APPLICATION CONTROL

HIPAA Privacy & Security White Paper

Transcription:

Security Practices, Architecture and Technologies CONTACT: 36 S. Wall Street Columbus, OH 43215 1-800-VAB-0300 www.viewabill.com 1

CONTENTS End-to-End Security Processes and Technologies... 3 Secure Architecture... 5 Secure Platform... 9 Network Security and Environmental Safeguards... 10 2

End-to-End Security Processes and Technologies The Viewabill solution enables seamless access to information between clients and the firms they hire, and the confidentiality, integrity and availability of these systems is of paramount importance to Viewabill. From the initial planning stages of a feature thru architectural design, development, implementation and support, security is the cornerstone of the Viewabill solution. In utilizing best practices in people, processes and technology, Viewabill s multi-faceted secure development approach includes: Secure Development Environment and Systems. The computer systems used in the development process meet stringent security requirements and are secured by industryleading security systems and certified personnel to ensure the integrity of the development process Secure Development Professionals. Each developer and architect involved in the creation and augmentation of the solution is a highly-seasoned and experienced professional who is well-versed in all aspects of security and incorporates secure coding best practices 3

Robust Security Program. Viewabill s process starts with background checks for all employees and detailed training on security and privacy standards as part of new employee orientation. Security training and updates continue throughout the year with detailed annual reviews and signed acknowledgement and adherence to the standards. Comprehensive Review and Release Process. At each critical phase of planning and development, a formal review process is implemented, assessed and approved to ensure adherence to company security standards and industry best practice. Secure Code Review. Prior to releasing a new version of any portion of the Viewabill solution, a comprehensive assessment of the code is performed using manual, static and dynamic testing processes. Security Oversight. All development, implementation and support processes are overseen by security experts having achieved Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH) and Certified Hacking Forensic Investigator (CHFI) credentials. 4

Secure Architecture The Viewabill architecture was specifically designed to implement best-in-breed security measures within each component. The Viewabill architecture consists of two core components: Transmitter. Communicates with a firm s time entry system data and transmits the data to the Viewabill Cloud-based system. Viewabill Cloud-based System. Stores and presents data via database and web front-end, configures policies, runs reports. The role of the transmitter is to act as a proxy to securely send client, matter, time and associated data to the cloud and this data is not stored within the transmitter. The transmitter is an on-premise.net application that is specifically configured to obtain and send only specified data and does not have the capability to write to the database. To securely communicate to the cloud, the transmitter uses SSL encryption over port 443. The transmitter is a highly secure, limited functionality component that was specifically designed to act as a secure intermediary between the time entry system data and the Viewabill cloud. This component resides behind the firewall and receives the same firewall and IDS/IPS benefits afforded the time entry system itself. 5

For companies where an on-premise transmitter is not prudent, or the data is stored in another cloud-based system, API s within the Viewabill Cloud-based System are used to directly communicate with the data repository. Viewabill Architecture Directly Connecting to Billing System Database 6

Companies have the option to implement a shadow database to communicate with the transmitter, whereby only specific data that is to be processed by the Viewabill system is obtained from the primary time entry system database and is shadowed to a different database. Viewabill Architecture Connecting to Shadow Database 7

The Viewabill Cloud-based system is hosted within Amazon Web Services and runs on the Heroku Ruby platform-as-aservice. This system is the interface used by clients and firms to perform all relevant tasks associated with the functionality offered by the Viewabill systems. Administrators are able to assign roles to specific individuals and subsequently, implement granular controls for user access to the data. Users are authenticated via username and password stored within the Viewabill cloud-based system, with Active Directory, LDAP and two-factor authentication available via Viewabill Professional Services. 8

Secure Platform The confidentiality and integrity of data processed by the Viewabill solution is protected by numerous layers of security technologies and processes. By using a cloud computing platform, Viewabill customers are able to directly receive all of the security benefits from frequent and immediate updates to systems, the agility to meet evolving demands and the scalability to seamlessly expand to meet growth requirements. Viewabill utilizes Heroku s Ruby application platform-as-aservice running on Amazon Web Services (AWS) to power the solution. Each is highly-secure and has obtained numerous security and process certifications including: SOC 1/SSAE 16/ISAE 3402 SOC 2 FISMA DIACAP FedRAMP PCI DSS Level 1 ISO 27001 9

Network Security and Environmental Safeguards The Viewabill platform is secured by numerous security and environmental controls to protect Viewabill customer data. Firewalls. Firewalls are utilized to restrict access to systems from external networks and between systems internally. By default all access is denied and only explicitly allowed ports and protocols are allowed based on business need. Each system is assigned to a firewall security group based on the system s function. Security groups restrict access to only the ports and protocols required for a system s specific function to mitigate risk. Host-based firewalls restrict customer applications from establishing localhost connections over the loopback network interface to further isolate customer applications. Host-based firewalls also provide the ability to further limit inbound and outbound connections as needed. DDoS Mitigation. The infrastructure provides DDoS mitigation techniques including TCP Syn cookies and connection rate limiting in addition to maintaining multiple backbone connections and internal bandwidth capacity that exceeds the Internet carrier supplied bandwidth. Personnel work closely with our providers to quickly respond to events and enable advanced DDoS mitigation controls when needed. 10

Spoofing and Sniffing Protections. Managed firewalls prevent IP, MAC, and ARP spoofing on the network and between virtual hosts to ensure spoofing is not possible. Packet sniffing is prevented by infrastructure including the hypervisor which will not deliver traffic to an interface which it is not addressed to. The Viewabill platform is secured by numerous security and environmental controls to protect Viewabill customer data. Port Scanning. Port scanning is prohibited and every reported instance is investigated by our infrastructure provider. When port scans are detected, they are stopped and access is blocked. Fire Detection and Suppression. Automatic fire detection and suppression equipment has been installed to reduce risk. The fire detection system utilizes smoke detection sensors in all data center environments, mechanical and electrical infrastructure spaces, chiller rooms and generator equipment rooms. These areas are protected by either wet-pipe, doubleinterlocked pre-action, or gaseous sprinkler systems. Power. The data center electrical power systems are designed to be fully redundant and maintainable without impact to operations, 24 hours a day, and seven days a week. Uninterruptible Power Supply (UPS) units provide back-up power in the event of an electrical failure for critical and essential loads in the facility. Data centers use generators to provide backup power for the entire facility. 11

Climate and Temperature Control. Climate control is required to maintain a constant operating temperature for servers and other hardware, which prevents overheating and reduces the possibility of service outages. Data centers are conditioned to maintain atmospheric conditions at optimal levels. Monitoring systems and data center personnel ensure temperature and humidity are at the appropriate levels. Management. Data center staff monitor electrical, mechanical and life support systems and equipment so issues are immediately identified. Preventative maintenance is performed to maintain the continued operability of equipment. Data Retention and Destruction. Further to securing the systems hosting Viewabill data, daily data backups are conducted and can be easily and seamlessly restored to prevent data loss. Data backups are kept for 90 days and decommissioned hardware is destroyed using the standards defined in DoD 5220.22-M ( National Industrial Security Program Operating Manual ) and NIST 800-88 ( Guidelines for Media Sanitization ). Additional details on the security practices implemented by Heroku and AWS can be found at: https://aws.amazon.com/security https://policy.heroku.com/security 12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information