StratusLIVE for Fundraisers Cloud Operations



Similar documents
GiftWrap 4.0 Security FAQ

Understanding Sage CRM Cloud

Birst Security and Reliability

Secure, Scalable and Reliable Cloud Analytics from FusionOps

A Decision Maker s Guide to Securing an IT Infrastructure

Colocation, Hot Seat Services, Disaster Recovery Services, Secure and Controlled Environment

SNAP WEBHOST SECURITY POLICY

Project Management and Data Security

Tenzing Security Services and Best Practices

Security Policy JUNE 1, SalesNOW. Security Policy v v

KeyLock Solutions Security and Privacy Protection Practices

Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)?

Security & Infrastructure White Paper

HEC Security & Compliance

PCI Requirements Coverage Summary Table

Payment Card Industry Data Security Standard

Blackboard Collaborate Web Conferencing Hosted Environment Technical Infrastructure and Security

Projectplace: A Secure Project Collaboration Solution

White Paper How Noah Mobile uses Microsoft Azure Core Services

GoodData Corporation Security White Paper

SAS 70 Type II Audits

PROTECTING YOUR VOICE SYSTEM IN THE CLOUD

The PCI DSS Compliance Guide For Small Business

Security & Infra-Structure Overview

Client Security Risk Assessment Questionnaire

G-Cloud Framework. Page 1. Document for Service Definition Audit management System. In response to G Cloud 6 Requirements

PCI Requirements Coverage Summary Table

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

SMS. Cloud Computing. Systems Management Specialists. Grupo SMS option 3 for sales

FormFire Application and IT Security. White Paper

Cloud Contact Center. Security White Paper

Security Whitepaper: ivvy Products

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

74% 96 Action Items. Compliance

What is the Cloud, and why should it matter?

Infrastructure as a Service (IaaS) Dancik International and Peak 10

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

Enterprise level security, the Huddle way.

Level I - Public. Technical Portfolio. Revised: July 2015

Injazat s Managed Services Portfolio

Tenzing Security Services and Best Practices

Las Vegas Datacenter Overview. Product Overview and Data Sheet. Created on 6/18/2014 3:49:00 PM

Cisco Advanced Services for Network Security

System Security. Your data security is always our top priority

Data Management Policies. Sage ERP Online

SECURITY IN A HOSTED EXCHANGE ENVIRONMENT

Managed IT Secure Infrastructure Flexible Offerings Peace of Mind

Keyfort Cloud Services (KCS)

ACI ON DEMAND DELIVERS PEACE OF MIND

SRA International Managed Information Systems Internal Audit Report

Five keys to a more secure data environment

IBX Business Network Platform Information Security Controls Document Classification [Public]

Anypoint Platform Cloud Security and Compliance. Whitepaper

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

A Rackspace White Paper Spring 2010

Private Clouds & Hosted IT Solutions

Table of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility.

Perceptive Software Platform Services

Data Center Infrastructure & Managed Services Outline

<cloud> Secure Hosting Services

Troux Hosting Options

CONTENTS. PCI DSS Compliance Guide

The Education Fellowship Finance Centralisation IT Security Strategy

Autodesk PLM 360 Security Whitepaper

Becoming PCI Compliant

SaaS Security for the Confirmit CustomerSat Software

CloudDesk - Security in the Cloud INFORMATION

Qvidian Hosted Customer Technical Portfolio

Retention & Destruction

VMware vcloud Air Security TECHNICAL WHITE PAPER

APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST

Digi Device Cloud: Security You Can Trust

Secure and control how your business shares files using Hightail

Security aspects of e-tailing. Chapter 7

Security. CLOUD VIDEO CONFERENCING AND CALLING Whitepaper. October Page 1 of 9

BKDconnect Security Overview

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

RMS. Privacy Policy for RMS Hosting Plus and RMS(one) Guiding Principles

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

Mule Enterprise Service Bus (ESB) Hosting

Colocation Hosting Primer Making the Business and IT Case for Colocation

SECURITY OVERVIEW FOR MY.ENDNOTE.COM. In line with commercial industry standards, Thomson Reuters employs a dedicated security team to protect our

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

The Elephant in the Room

PCI DSS COMPLIANCE DATA

twilio cloud communications SECURITY ARCHITECTURE

HOW SECURE IS YOUR PAYMENT CARD DATA?

TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series

Transcription:

6465 College Park Square Virginia Beach, VA 23464 757-273-8219 (main) 757-962-6989 (fax) stratuslive.com

Contents Security Services... 3 Rackspace Multi Layered Approach to Security... 3 Network... 3 Rackspace DDoS Mitigation Services... 3 Hardware and Operating Systems... 3 Anti-Virus Protection... 3 Security Patching... 3 Applications... 3 Business Processes... 4 Certified Engineers and Security Teams... 4 StratusLIVE Rackspace Hosted Infrastructure... 4 Physical Security... 4 Precision Environment... 4 Conditioned Power... 5 Core Routing Equipment... 5 Network Technicians... 5 Business Continuity... 5 Server Backup Policy... 5 Database Backup Policy... 6 Disaster Recovery... 6 Rackspace Global Datacenter Locations:... 6 Rackspace Certifications... 6 ISO 27001:2005 (Information Security)... 6 ISAE 3402 Type II Service Organization Control... 7 PCI Data Security Standard (DSS)... 7 ISO 14001:2004 (Environmental Management)... 7 Page 2

Security Services Rackspace Multi Layered Approach to Security Network Security threats - from Internet-born worms and viruses to Distributed Denial of Service (DDoS) attacks, internal data losses, natural disasters and terror-related risks - pose a multi-billion pound threat to organizations. Rackspace takes a comprehensive approach by providing customers with industry-standard security tools and techniques, enabling customers to effectively manage and protect their hosted assets. Security tools and techniques include physically secure data centers, firewalls, Malware protection, server and network monitoring, intrusion detection systems, server hardening techniques and many more controls to provide a multi-layered approach to security. Rackspace has a 100% Cisco Powered Network, built on hardened routers and switches, to help ensure maximum security protection for every customer. Rackspace has several products available for customers to further protect their hosting solution, including: Alert Logic Threat Manager The Alert Logic Threat Manager offers intrusion detection, vulnerability scans and monitoring 24x7x365, ensuring our hosted solution is protected from malicious intruders and vulnerabilities. All StratusLIVE Hosted sites are secured through a dedicated Cisco firewall utilizing a 2048 bit trusted root providing 256 bit encryption ensuring your data in transit remains secure. Rackspace DDoS Mitigation Services Rackspace proprietary technology is designed to offer protection from Distributed Denial of Service (DDoS) attacks. Hardware and Operating Systems All server Operating Systems are built using Rackspace best practices. Anti-Virus Protection To protect our servers against malicious software programs, Rackspace provides Managed Anti- Virus service. This is an advanced technology powered by industry-recognized Sophos. Security Patching Rackspace tests and installs Operating System and selected application security patches and updates on a monthly basis to ensure optimum protection for customers. Applications Rackspace specialists are also able to provide advice on securing applications and keeping them updated to protect from online threats. Page 3

Business Processes The specialists at Rackspace provide advice on internal policies and processes that might affect regulatory compliance. Certified Engineers and Security Teams To ensure a fast and appropriate response to any security event, qualified Rackspace personnel are available on a 24x7x365 basis. StratusLIVE Rackspace Hosted Infrastructure Physical Security Keycard protocols, biometric scanning protocols and round-the-clock interior and exterior surveillance monitor access to every one of Rackspace data centers. Only authorized data center personnel are granted access credentials to Rackspace data centers. No one else can enter the production area of the datacenter without prior clearance and an appropriate escort. Every data center employee undergoes multiple and thorough background security checks before they're hired. Precision Environment Every data center's HVAC (Heating Ventilation Air Conditioning) system is N+1 redundant. This ensures that a duplicate system immediately comes online should there be an HVAC system failure. Every 90 seconds, all the air in Rackspace data centers are circulated and filtered to remove dust and contaminants. Page 4

Our advanced fire suppression systems are designed to stop fires from spreading in the unlikely event one should occur. Conditioned Power Should a total utility power outage ever occur, all of the Rackspace data centers power systems are designed to run uninterrupted, with every server receiving conditioned UPS (Uninterruptible Power Supply) power. Rackspace UPS power subsystem is N+1 redundant, with instantaneous failover if the primary UPS fails. If an extended utility power outage occurs, Rackspace routinely tested, on-site diesel generators can run indefinitely. Core Routing Equipment Only fully redundant, enterprise-class routing equipment is used in Rackspace data centers. Fiber carriers enter Rackspace data centers at disparate points to guard against service failure. Network Technicians Rackspace requires the networking and security teams working in the data centers be certified. Rackspace requires they be thoroughly experienced in managing and monitoring enterprise level networks and Certified Network Technicians are trained to the highest industry standards. Business Continuity Server Backup Policy Fiber carriers enter Rackspace data centers at disparate points to guard against service failure. All StratusLIVE servers hosted within Rackspace are backed up daily as a full machine image with the ability to restore a full server image to the existing hosting locality within 10 minutes of a restoration event. StratusLIVE utilizes multiple external DNS services in conjunction with Rackspace cloud files to mitigate the possibility of a failure. Rackspace cloud operations are configured for a warm state restore in an alternate Rackspace Datacenter. In the event of a catastrophic failure of the redundant Rackspace data center, Rackspace files are stored between locations to allow for a full restore of Rackspace server images to be made within 24 hours of an unrecoverable event. Page 5

Database Backup Policy All cloud databases that reside on StratusLIVE servers have full backups taken nightly as well as every 3 hours throughout the day. All database backups are moved to the StratusLIVE Cloud storage for retention up to 3 months. Disaster Recovery StratusLIVE utilizes multiple external DNS services in conjunction with Rackspace cloud files to manage the possibility of a failure. Rackspace cloud operations are configured for a warm state restore in an alternate Rackspace Datacenter. In the event of a catastrophic failure of the redundant Rackspace data center Rackspace files are stored between locations to allow for a full restore of Rackspace server images to be made within 24 hours of an unrecoverable event. Rackspace Global Datacenter Locations: Rackspace Certifications ISO 27001:2005 (Information Security) Rackspace two data centers are certified to the international standard for information security, ISO 27001. This standard provides a framework for managing a business security responsibilities and provides external assurance for customers as to the scope and scale of Rackspace secure environment via Rackspace Business Security Management System. Page 6

Since 2009 Rackspace system has provided the foundation for integrated and sustainable security model working in tandem with Rackspace other security controls such as PCI-DSS. It is subject to on-going external assessment by Rackspace certification body, Certification Europe with a full re-assessment every three years. ISAE 3402 Type II Service Organization Control Rackspace utilizes this globally recognized standard for reporting on service organization controls to demonstrate that selected Rackspace processes, procedures and controls have been formally evaluated and tested by an independent accounting and auditing company (service auditor) for Rackspace managed hosting customers, cloud servers & cloud files customers and all Rackspace data centers. The examination includes controls relating to security monitoring, change management, service delivery, support services, back-up, environmental controls, logical and physical access and provides detailed descriptions of Rackspace controls and the effectiveness of those controls. Rackspace Hosting has competed an examination in conformity with the International Standard for Assurance Engagements (ISAE) No 3402 Type II Service Organization Control (SOC) 1 for the period October 1, 2012 through September 30, 2011. This is repeated on an annual basis for each reporting period. Rackspace recognizes the needs of Rackspace global customers and has worked with the service auditor to have the report issued with a joint opinion that satisfies the requirements of both the ISAE 3402 and the SSAE 16 (created by AICPA (American Institute of Certified Public Accountants) for use in the US mirroring ISAE 3402). PCI Data Security Standard (DSS) The Payment Card Industry Data Security Standard (PCI DSS) is a global information security standard defined by the Payment Card Industry Security Standards Council (PCI SSC). The Payment Card Industry Data Security Standard (PCI DSS) is a global information security standard defined by the Payment Card Industry Security Standards Council (PCI SSC). The purpose of the standard is to reduce credit card fraud. This is achieved throgh increased controls around data and its exposure to compromise. The standard applies to all organizations which process, store, or transmit cardholder information. In June 2009, Rackspace was approved by Visa as a Compliant Level 1 Payment Card Industry (PCI) Service Provider and continues to be audited annually to ensure control ed adherence to the requirements of the standard. For more information on PCI DSS please visit PCI Security Standards. ISO 14001:2004 (Environmental Management) Rackspace Limited takes its environmental responsibilities seriously, from ensuring we provide a safe and healthy working environment for Rackspace Rackers through to Rackspace Page 7

commitments to the wider world: legally and morally. Rackspace policy attests to these commitments. In support of this, Rackspace UK data center and head offices are certified to the international environmental management standard, ISO 14001, which provides a framework for managing Rackspace environmental responsibilities, including energy and waste management. It is subject to on-going external assessment by Rackspace certification body, BSI, with a full re-assessment every three years. Page 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information