Our security philosophy. Our team of experts



Similar documents
Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture

Security Considerations

Data safety at UXprobe. White Paper Copyright 2015 UXprobe bvba

SURVEY RESULTS CYBER-SECURITY PRACTICES OF MINNESOTA REGISTERD INVESTMENT ADVISERS

Strengthen security with intelligent identity and access management

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

Log Management Standard 1.0 INTRODUCTION 2.0 SYSTEM AND APPLICATION MONITORING STANDARD. 2.1 Required Logging

NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT

SRG Security Services Technology Report Cloud Computing and Drop Box April 2013

Securing Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits

Empowering Your Business in the Cloud Without Compromising Security

Securing the Microsoft Cloud

Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)?

Trust. The essential ingredient for innovation. Thomas Langkabel National Technology Officer Microsoft Germany

Preemptive security solutions for healthcare

Compliance Management, made easy

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

ProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

Virtualization Impact on Compliance and Audit

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution

INFORMATION SECURITY SPECIFIC VENDOR COMPLIANCE PROGRAM (VCP) ACME Consulting Services, Inc.

Automation Suite for. 201 CMR Compliance

SYMMETRY PRODUCT OVERVIEW

Why Consider Cloud-Based Applications?

SYMMETRY. DATASHEET ACCESS CONTROL Product Overview

Cybersecurity Practices of Ohio Investment Advisers; A Summary of Survey Responses

Bellevue University Cybersecurity Programs & Courses

plantemoran.com What School Personnel Administrators Need to know

Tableau Online Security in the Cloud

Securing SharePoint 101. Rob Rachwald Imperva

Security aspects of e-tailing. Chapter 7

INFORMATION SECURITY GUIDE. Cloud Computing Outsourcing. Information Security Unit. Information Technology Services (ITS) July 2013

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

How does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1

HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER

Logging and Auditing in a Healthcare Environment

Microsoft s cybersecurity commitment

Cloud Security Who do you trust?

White Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA

White Paper Achieving PCI Data Security Standard Compliance through Security Information Management. White Paper / PCI

Information Security & Privacy Solutions Enabling Information Governance

Best Practices in Data Protection Survey of U.S. IT & IT Security Practitioners

Collaborate on your projects in a secure environment. Physical security. World-class datacenters. Uptime over 99%

HIPAA Security Alert

PROVIDING IT SOLUTIONS FOR THE HEALTHCARE INDUSTRY

Security Controls for the Autodesk 360 Managed Services

Paxata Security Overview

Manage and secure your workplace by controlling who, what, when, why, where and how people are allowed in your facility. Marquee

HIPAA Security Rule Changes and Impacts

Sarbanes-Oxley Compliance for Cloud Applications

Mobile Security Without Barriers

The types of personal information we collect and share depend on the product or service you have with us. This information can include:

Privacy Policy. Effective Date: November 20, 2014

SHS Annual Information Security Training

Compliance in 5 Steps

How cloud computing can transform your business landscape.

The Protection Mission a constant endeavor

Windows Least Privilege Management and Beyond

Healthcare Information Security Today

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs

Solution Brief for HIPAA HIPAA. Publication Date: Jan 27, EventTracker 8815 Centre Park Drive, Columbia MD 21045

Cloud Computing Security: Public vs. Private Cloud Computing

What s New in Centrify DirectAudit 2.0

Cloud Contact Center. Security White Paper

Injazat s Managed Services Portfolio

How To Manage Security On A Networked Computer System

AlienVault for Regulatory Compliance

UNIFIED THREAT MANAGEMENT SOLUTIONS AND NEXT-GENERATION FIREWALLS ADMINISTRATION TOOLS NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

Dartmouth College Merchant Credit Card Policy for Managers and Supervisors

Security Manual Template Policy and Procedure Manual Compliance Management Made Easy ISO / HIPAA / SOX / CobiT / FIPS 199 Compliant

Chapter 3 HIPAA Cost Considerations

HIPAA PRIVACY AND SECURITY AWARENESS. Covering Kids and Families of Indiana April 10, 2014

Addressing Cloud Computing Security Considerations

Cloud Contact Center. Security White Paper

Information Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis

Privileged. Account Management. Accounts Discovery, Password Protection & Management. Overview. Privileged. Accounts Discovery

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

Insert Partner logo here. Financial Mobility Balancing Security and Success

Dropbox for Business. Secure file sharing, collaboration and cloud storage. G-Cloud Service Description

Cloud Security Who do you trust?

Cloud Security. Peter Jopling IBM UK Ltd Software Group Hursley Labs. peterjopling IBM Corporation

Table of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility.

SECURITY OVERVIEW FOR MY.ENDNOTE.COM. In line with commercial industry standards, Thomson Reuters employs a dedicated security team to protect our

How To Secure Your Business

Data Storage that Looks at Business the Way You Do. Up. cloud

Solution Brief for ISO 27002: 2013 Audit Standard ISO Publication Date: Feb 6, EventTracker 8815 Centre Park Drive, Columbia MD 21045

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

Ecom Infotech. Page 1 of 6

How cloud computing can transform your business landscape

theguard! SmartChange Intelligent SAP change management think big, change SMART!

IBM Security Privileged Identity Manager helps prevent insider threats

BeBanjo Infrastructure and Security Overview

whitepaper 4 Best Practices for Building PCI DSS Compliant Networks

Secure, Scalable and Reliable Cloud Analytics from FusionOps

DETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD

PRIVACY NOTICE. Last Updated: March 24, 2015

Securely Outsourcing to the Cloud: Five Key Questions to Ask

Transcription:

Security at Work

Our security philosophy A critical part of our mission to make the world more open and connected is providing a secure community for everyone who uses Facebook. Ensuring the security of information on Facebook is at the very heart of what we do. Decisions we make always involve answering questions upfront about how a new product, feature, or process impacts security and privacy. Every decision we make is reviewed with this lens. It s simply part of our culture at Facebook. From day one, when Facebook employees come on board, they attend training on security, ethics, and confidentiality. Instilling a security mindset from the start is how we ensure that all of our employees no matter their function understand the importance of protecting the information entrusted to us. We also believe that people using our services have a role to play when it comes to protecting information. That s why we give you the controls to manage your Facebook at Work community. We re always working to create the best tools and controls for companies to create the work environment that meets their needs. Our team of experts Security is a top priority and we invest considerable resources to create a safe and secure Facebook experience. We have dozens of teams working around the clock to keep your information safe. Your connection to Facebook is protected with the same kind of strong encryption technology that banks use to keep financial data secure. A combination of advanced automated systems, techniques like machine learning, and teams of dedicated engineers defend your information. And when it comes to physical security, we re serious about protecting our data centers, offices, and employees. Physical access restrictions are implemented and administered so that only authorized individuals have the ability to access Facebook facilities. 2 Security at Work

Access to all Facebook facilities is restricted through badge access and monitored by guard staff 24x7 that follows up on any alarms. In addition, Facebook is responsible for authorizing and approving all access requests from Facebook staff to the owned and leased data centers and server rooms. All data center locations employ badge readers and/or biometric fingerprint devices. Our infrastructure Facebook data centers are top-of-the line facilities that house our core infrastructure that runs and delivers Facebook to the world. We own or directly lease all of our facilities so we have end-to-end control over the grounds, the buildings, the servers, the operations, and maintenance for each center. We also utilize a distributed network of equipment that increases the resiliency and speed at which people experience Facebook. In total, we maintain hundreds of thousands of servers that are serving our communities and customers. Always looking ahead The Facebook at Work product is designed to safeguard company data with controls in place to help prevent and detect unauthorized access to enterprise data. We combine comprehensive threat intelligence and specialized tools to monitor the Facebook at Work environment. Facebook also augments traditional prevention and detection systems with more subtle ways of enforcing data confidentiality and uncovering potential issues, including the operational health of our systems, changes to systems and configurations, and employee access policies and procedures. We have a dedicated security incident response team and are members of industry best practice groups such as FIRST. Facebook employs detailed incident response procedures that follow industry best practices. In addition to strict data access controls and incident management, our day-to-day processes continually assess risk across Facebook. Management conducts several compliance audits (SOX, PCI and FTC) and other security assessments such as technical security reviews, third-party risk 3 Security at Work

assessments, and product security evaluations to ensure that appropriate controls are in place and are operating effectively to mitigate identified risks. Bug Bounty Program No single company can detect all potential bugs on their own, and Facebook has been a leader in supporting the security researcher community with our Bug Bounty program to make our products and systems safer. Submissions into the program may qualify to receive a monetary bounty, which helps drive high-quality security research while making our products more secure. It s your data Your Facebook at Work data is contained within a boundary that is associated with a unique Enterprise ID. These boundaries restrict the ability to access and view your company s information to only those enterprise users who belong to the community. Any activities associated with people who work at your company are also contained by the boundary. The information contained within your Facebook at Work instance can only be associated with your Enterprise ID and people who work at your company. As a result, no content is publicly accessible. We offer ways to secure your data further, using integrations to third-party identity services. Plus, you have ownership of your data. Facebook at Work allows companies to export and capture all their Facebook at Work data via an administrative API. You can choose how best to store this exported archive. If we receive a legal request for information about your Enterprise ID, we will ask the requesting party to contact you directly whenever possible. This approach is standard in enterprise SaaS offerings. Company administrators can also monitor and delete data. If you are no longer a Facebook at Work customer, we will delete your company data from our servers. 4 Security at Work

The bigger picture As Facebook works to make the world and workplace more connected, it is clear that our collective security depends heavily on one another. That s why Facebook invests considerable resources into making sure that not only Facebook is secure, but that the rest of the internet is, too. THREATEXCHANGE In 2015, Facebook released ThreatExchange, an online sharing platform for security threat information. Bitly, Dropbox, Pinterest, Tumblr, Twitter, and Yahoo are among the companies that have joined. OSQUERY - OPEN-SOURCE TOOL Facebook built osquery, a popular open-source tool that makes it easier for security teams to monitor their operating systems for suspicious behavior and threats. SECURITY@SCALE CONFERENCE Facebook brings together a range of security experts in a series of day-long conferences designed to share the latest in security technology and ideas for future innovations and collaborations. 2015 Facebook, Inc Revised November 2015 5 Security at Work

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information