MIGRATIONWIZ SECURITY OVERVIEW



Similar documents
Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Security Controls for the Autodesk 360 Managed Services

FileCloud Security FAQ

Web Plus Security Features and Recommendations

HIPAA Privacy & Security White Paper

05.0 Application Development

Attachment D System Hardware & Software Overview & Recommendations For IRP System

Stephen Coty Director, Threat Research

Securing the Service Desk in the Cloud

Kaseya IT Automation Framework

GoodData Corporation Security White Paper

Security Whitepaper. NetTec NSI Philosophy. Best Practices

BMC s Security Strategy for ITSM in the SaaS Environment

Blue Jeans Network Security Features

Clarizen Security White Paper

White Paper. BD Assurity Linc Software Security. Overview

SHARPCLOUD SECURITY STATEMENT

System Security Plan University of Texas Health Science Center School of Public Health

REPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB

White Paper How Noah Mobile uses Microsoft Azure Core Services

Global Partner Management Notice

Security Information & Policies

3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management

UNIFIED MEETING 5 SECURITY WHITEPAPER INFO@INTERCALL.COM INTERCALL.COM

Network Security Policy

Security Whitepaper: ivvy Products

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

What is Web Security? Motivation

Criteria for web application security check. Version

Information Security Program Management Standard

Release Notes for Websense Security v7.2

Cloud Security:Threats & Mitgations

QuickBooks Online: Security & Infrastructure

Question Name C 1.1 Do all users and administrators have a unique ID and password? Yes

Autodesk PLM 360 Security Whitepaper

Salesforce & HIPAA Compliance

ShareFile Security Overview

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

74% 96 Action Items. Compliance

Thick Client Application Security

Top 7 Tips for Better Business Continuity

Application Security Policy

FileRunner Security Overview. An overview of the security protocols associated with the FileRunner file delivery application

SANS Top 20 Critical Controls for Effective Cyber Defense

HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

Security Architecture Whitepaper

Sitefinity Security and Best Practices

A Decision Maker s Guide to Securing an IT Infrastructure

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

External Vulnerability Assessment. -Technical Summary- ABC ORGANIZATION

F5 and Microsoft Exchange Security Solutions

RAYSAFE S1 SECURITY WHITEPAPER VERSION B. RaySafe S1 SECURITY WHITEPAPER

March

The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance

Projectplace: A Secure Project Collaboration Solution

Privileged. Account Management. Accounts Discovery, Password Protection & Management. Overview. Privileged. Accounts Discovery

Security White Paper The Goverlan Solution

PCI DSS 3.0 Compliance

The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency

CHIS, Inc. Privacy General Guidelines

Data Security and Governance with Enterprise Enabler

Guidance Regarding Skype and Other P2P VoIP Solutions

Secure, Scalable and Reliable Cloud Analytics from FusionOps

Data Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

KeyLock Solutions Security and Privacy Protection Practices

GFI White Paper PCI-DSS compliance and GFI Software products

Network Security Guidelines. e-governance

Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture

University of Pittsburgh Security Assessment Questionnaire (v1.5)

Healthcare Compliance Solutions

Georgia Institute of Technology Data Protection Safeguards Version: 2.0

Collaborate on your projects in a secure environment. Physical security. World-class datacenters. Uptime over 99%

Famly ApS: Overview of Security Processes

DHHS Information Technology (IT) Access Control Standard

Common Remote Service Platform (crsp) Security Concept

PCI DSS Requirements - Security Controls and Processes

SMS. Cloud Computing. Systems Management Specialists. Grupo SMS option 3 for sales

Information Technology Branch Access Control Technical Standard

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

Did you know your security solution can help with PCI compliance too?

TOP SECRETS OF CLOUD SECURITY

Security Overview Introduction Application Firewall Compatibility

Kaseya Server Instal ation User Guide June 6, 2008

Vendor Questionnaire

Ensuring the security of your mobile business intelligence

The Security Behind Sticky Password

CloudCheck Compliance Certification Program

A SURVEY OF CLOUD COMPUTING: NETWORK BASED ISSUES PERFORMANCE AND ANALYSIS

Transcription:

MIGRATIONWIZ SECURITY OVERVIEW Table of Contents Introduction... 2 Shared Security Approach... 2 Customer Best Practices... 2 Application Security... 4 Database Level Security... 4 Network Security... 4 Business Continuity... 5 Definitions... 5 1 of 5

Introduction MigrationWiz is a web-based data migration platform that uses patented cloud infrastructure to efficiently and costeffectively move your data across a large variety of environments. We take security, confidentiality, privacy, and compliance very seriously. This document is intended to help you understand what measures we use to safeguard your Data andto recommend certain Customer Best Practices to optimize your security approach for each migration. Shared Security Approach BitTitan designed the Application to work in the cloud. Using advanced and proprietary cloud infrastructure technologies, we enable scalable network throughput by connecting diverse and powerful networks across the solution. As such, our security practices are linked with networks to which we connect. We implement thorough and detailed due diligence procedures when selecting any service providers within our network. Additionally, because we rely on the security of your network to safeguard your migration, our security model is a shared approach. Throughout this Security Overview, we will refer to Customer Best Practices to implement a customized security approach. Due to the highly customizable features of our Application, by implementing all or some of the below Customer Best Practices you are able to adjust your security approach for each type of migration whether you are performing a migration for a financial institution, healthcare entity, or small law firm. Customer Best Practices Creating Strong Passwords. Creating strong passwords applies to both the password to your BitTitan account and the credentials of your source and destination data servers. BitTitan maintains password complexity requirements designed to prevent brute forcing of your BitTitan account in accordance with industry standards, but understands that some users require streamlined use and access. For those users requiring additional security, we recommended extending the length of your password beyond 8 characters, including special characters, and avoiding guessable passwords. We also recommend regularly changing your account and data server passwords and credentials (e.g., every 90 days) and avoiding recycling any old passwords. 2 of 5

Credential Handling and Storage during and after Migration. We enable users to streamline the process of migrations by using administrative-level credentials (including Office 365 impersonation for increased bandwidth capabilities). Accordingly, we recommend that you create temporary credentials during each migration and change these temporary credentials after the completion of your project. Note that temporary passwords should adhere to standard password policies and should not include any data relevant to your organization or project. Source Sanitization. MigrationWiz migrates your data as-is meaning that anything currently infected will remain infected even after the migration. Accordingly, we recommend that you run an appropriate anti-virus scanner on your source prior to migrating any contents to ensure sanitization. This practice has the added-benefit of ensuring that your data is easily migrated without corruption errors. Customizing Your Data Purge. MigrationWiz allows you to configure a custom purge policy by setting the days after which your project will be auto-deleted if unused. We recommend that you delete a project after completion. By deleting the project, you delete the connection between MigrationWiz and your source and destination messaging servers. You should carefully review your account activity to ensure that the project is indeed complete. Note that you can use the Maintenance section in MigrationWiz Advanced Options to configure a custom purge policy for each migration project. Source Maintenance Period. Even after a successful migration, we recommend maintaining your source data server to prevent any data loss resulting from failure to migrate, whether as a result of infected or corrupted data. By maintaining some redundancy, you also ensure that mail forwarding is working properly. Account Review Practices. You should regularly review your account activity to prevent unauthorized use. We enable you to set notifications to ping an email address of your choice in the event of a successful/failed migration. We further enable you to log subject lines of failed items, which provides better support visibility but may not adhere to your own internal privacy policies. Understanding your CVEs. Data platforms are not always invulnerable. For example, Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 does not properly validate redirection tokens, which allows remote attackers to redirect users to arbitrary web sites and spoof the origin of e-mail messages via unspecified vectors, aka "Exchange URL Redirection Vulnerability." A list of common software vulnerabilities is available at https://web.nvd.nist.gov/view/vuln/search and should be reviewed regularly and at least as often as new software updates are installed. Least-Privileged Access Controls. Be mindful that your biggest security vulnerability is often your internal team. We provide security training to all of our employees. We recommend that you do the same. We also recommend that you adhere to the least-privileged access control protocol. This means giving people the lowest level of user rights with which to do their job. 3 of 5

Selecting Appropriate Licenses. BitTitan offers additional security precautions for protected or sensitive information, including as it relates to HIPAA and the HITECH Act. Contact a BitTitan sales representative for more information. Application Security Overview. BitTitan implements best industry practices regarding the security of your Data. BitTitan s security practices may be improved and updated by BitTitan from time to time with notice of updates available upon request. Please note that this Security Overviewmay not convey all of the security practices maintained for the protection of your Data. All Application endpoints that interact with a backend data store have been tested for injection vulnerabilities. All Application endpoints that accept user input have been tested for cross-site scripting vulnerabilities. All Application endpoints have been tested for unvalidated redirects. All Application endpoints that pass authentication credentials or session tokens are only accessible via HTTPS, using SSLv3 or above. Any Application endpoint that requires the user to enter their credentials is protected from clickjacking via the use of the 'X-FRAME-OPTIONS header. Any passwords stored by the Application are hashed with a standard hashing algorithm and an appropriate salt. User logins enforce password complexity and are protected from brute forcing. BitTitan scans its Network perimeter, disables any unnecessary services, and patches any critical CVEs in its infrastructure. Logging. Usage of Application End User accounts is logged so that activities performed with the accounts can be tied back to the individual End User that performed the activities. Except to the extent related to the secure purging of data, user logs do not roll. Logs are reviewed at the discretion of BitTitan, including upon notice or knowledge of a potential Security Event. Database Level Security Strong Security through Infrastructure. BitTitan s security practices continue deep throughout our cloud infrastructure. We authenticate internal users through strong password complexity and change requirements Further, we store all data in our databases with web endpoints using an AES 256-bit encryption (with ISO 10126 padding and proper random IV initialization). Our databases undergo a SSAE-16 Type II audit at least annually. Advanced Security Measures. We restrict direct access to databases and limit queries of databases to administrators and for non-data warehouse systems only. Importantly, we automate the process there is no human interaction with the servers, software, or migration process. We connect outside of the firewall and never save any data to physical disk. Data processed on virtual machines may be cached temporarily to optimize throughput, depending on the type and duration of your migration project. Network Security Optimize Your Migration Network. MigrationWiz enables geographically dispersed, locally-deployable, fault-tolerant cloud computing infrastructure to customize the network handling your migration. Select from a variety of data center locations and implementation methods to optimize your network security. Networks are monitored on a 24 x 7 x 365 basis over all Application endpoints, and Network layer ports are monitored on 5 minute intervals. Our patented technology allows you to scale your network to migrate large quantities of data over diverse and distinct technologies. 4 of 5

Logging. Log files are reviewed regularly for security events (failed actions, administrative access, etc.). Logging to a syslog or log sever is enabled, and log files are reviewed on an ad hoc basis if suspicious activities are experienced. Notably, if a potential Security Event is suspected during log review, it is reported immediately to the Operations Team. External Networks. Every connection to an external network is terminated at a firewall and devices are configured to deny all traffic by default. Business Continuity BitTitan maintains and tests an effective business continuity plan (including disaster recovery and crisis management procedures) to provide continuous access to, and support for, the Application. Such back up storage and systems are located at a secure physical location other than the location of BitTitan s primary system(s) and are updated and tested at least annually. Definitions In this Security Overview, the following definitions will apply. All other capitalized terms will have the meaning set out in the User Agreement: User Agreement means the applicable User Agreement at www.bittitan.com/legal Application means the web-based data migration software hosted by BitTitan and made available at www.bittitan.com or any subdirectory or successor site. Network means the BitTitan-controlled environment including tables, databases, architecture and topology, local desktop or devices used and controlled by BitTitan employees or contractors (including employee intranet), and any other internet-enabled zone used to support the Application and that handles the Data. Customer Environments means the Customer or its affiliates environment including any tables, applications, network, security measures (e.g., firewalls), databases, machines, servers, architecture and topology, local desktop or devices used by Customer employees or contractors (including employee intranet), and any other system used by Customer, excluding the Network and Application. Security Event means any event attributable to the Application or Network that results in harm or an unauthorized disclosure in breach of the User Agreement concerning the Data. Best Industry Practices means methods or techniques to prevent a Security Event as aligned with ISO 27002:2005. 5 of 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information