TOP SECRETS OF CLOUD SECURITY Protect Your Organization s Valuable Content Table of Contents Does the Cloud Pose Special Security Challenges?...2 Client Authentication...3 User Security Management...3 Transport Security...4 Data and Physical Security...5 Security Monitoring...4 Disaster Recovery...4 Compliance...5 Summary...5
DOES THE CLOUD POSE SPECIAL SECURITY CHALLENGES? Cloud adoption is highest in applications that support simplifi ed, common business processes or large, distributed virtual workforce teams, according to the analyst fi rm Gartner. Gartner reports that ease of use, rapid deployment, limited up-front investment in capital and staffi ng plus a reduction in software management responsibility all make cloud plaforms a desirable alternative to many on-premises solutions. These advantages will continue to act as drivers of growth. But does the cloud pose special challenges or risks to the organization? And what best practices can be put in place to resolve the challenges and reduce any risks? When you are dealing with your organizations valuable content (documents, contracts, employee documents, images, databases, etc.) executive management must be aware of what makes a credible cloud security strategy. As you evaluate content management, document sharing and collaboration platforms - the many consumer-focused applications as well as the enterpriseready solutions (such as SpringCM ), look for additional security engineered into the solution where other typical enterprise content management (ECM ) products cannot. The defi nition of Cloud (purpose-built Web technology) implies modularity. Because auditing and securing small modules is the cornerstone of many security architectures, a real business-ready cloud content management model provides customers with additional security benefi ts beyond the limits of most traditional applications. Client authentication provides a method to identify a user accessing a system and determines which actions are authorized. Through the use of cloud technology the solution should be more agile and better prepared to respond to new security requirements, customer demands and changes. The cloud model must be built upon industry-standard tools, protocols and frameworks such as Microsoft.NET that contain a wide variety of pre-existing security enhancements such as SSL, two-factor authentication and strong access control. The vendor should leverage, embrace and extend these existing security technologies to all customers, thereby dramatically increasing the overall security of your content. 2012 SpringCM SM 2
Data integrity extends beyond the transit of the data to include the data storage. CLIENT AUTHENTICATION Client authentication provides a method to identify a user accessing a system and determines which actions are authorized. SpringCM s client authentication uses Microsoft.NET s built-in authentication routines a proven method for effective and secure authentication. SpringCM doesn t store plain-text passwords and uses a one-way encryption algorithm coupled with a cryptographically random hash to guarantee that a customer s password is never decrypted. All authentications between the SpringCM and the customer s Web browser are encrypted via SSL. In addition to the authentication transport mechanism s security, a customer can select strong password requirements for all applicable users. This requirement forces users to create passwords comprising a minimum of eight characters that contain three of the following: one or more numeric characters, one or more uppercase characters and one or more symbols. Following our defense in-depth strategy, if SpringCM did incur a data breach, the complex passwords in addition to the secure authentication framework from Microsoft would severely limit the chance of a customer s password being compromised. SERVER AUTHENTICATION AND DATA INTEGRITY The most common way to provide data integrity during data transit within a hypertext transfer protocol (HTTP) environment is through SSL or its successor, Transport Layer Security (TLS). (TLS is the successor to SSL version 2 and addresses transport security with additional security features; however, TLS is not currently as widely supported by common client software.) Both SSL and TLS can secure any TCP connection. SpringCM supports both SSL versions because clients and servers can automatically negotiate the most secure shared version between them. SSL and TLS are almost always used for two purposes: To encrypt all traffic over the TCP connection in both directions. This method secures all data that is transferred from integrity attacks and protects the privacy of all data. To authenticate servers in order to certify that client systems are sending passwords and data only to the correct server. This method is commonly referred to as a man-inthe-middle attack. Data integrity extends beyond the transit of the data to include the data storage. We store all data on redundant file servers and database servers that are configured for automatic failover in case of a disaster. Our backend database technology is deployed within a clustered environment, enabling automatic failover, improved capacity and ease of logging. USER SECURITY MANAGEMENT Adding users to your SpringCM account is as easy as entering a few pieces of contact information and valid email addresses. Users can be anyone with email addresses, including vendors, contractors, consultants and others outside your organization. You can easily deliver documents to internal and remote users and include them in workflow and collaboration. A number of user roles that include different privileges for accessing and managing documents are available. Full subscribers the default choice for most team members enable users to view, edit and send documents, and to initiate workflow and collaboration. You can designate user administrators to manage and create users and to ensure that everyone in your SpringCM account has the internal support they need. The chief SpringCM overseer can serve as the super administrator to have access to all documents regardless of security settings, to unlock checked-out documents and more. All of these functions are available in an uncomplicated environment that won t require intervention from an outside programmer saving you time and money. Look for cloud applications that provide protection from denial-of-service attacks by using firewalls and load-balancing software to mitigate and spread the requests across their infrastructures. 2012 SpringCM SM 3
TRANSPORT SECURITY HTTP AND WEBDAV SECURITY CHARACTERISTICS SpringCM s data input servers interact with Web browsers and WebDAV clients using HTTP. Because WebDAV is an extension of HTTP, all the same security mechanisms apply: HTTP connections can use transport-layer security (SSL or its successor, TLS) to provide data integrity HTTP implementations must support both basic and digest authentication, two standard mechanisms for authenticating users via passwords Many HTTP implementations support advanced authentication mechanisms Further precautions include firewalls, reverse proxies and other advanced Web security techniques and software solutions. PROTECTION AGAINST DENIAL- OF-SERVICE AND OTHER ATTACKS Denial-of-service attacks typically attempt to debilitate a server by compromising its ability to respond to legitimate requests within a reasonable time. For example, on any Web server a denial-of-service attack may be a number of clients which all ask for the same large Web page at roughly the same time, thus hampering the server s ability to respond to legitimate requests. SpringCM provides protection from denial-of-service attacks by using firewalls and load-balancing software to mitigate and spread the requests across our infrastructure. Both the firewalls and load balancers can limit requests of certain file types or traffic from certain addresses. DATA AND PHYSICAL SECURITY SpringCM provides a secure environment for documents through use, transfer and storage. Strong passwords, access control, audit trails and data encryption ensure a high level of security at the application level. All web transactions use VeriSign secure, 128-bit RSA encryption (SSL) for secure data transfer. Main servers are monitored 24/7/365 and only accessible via biometric authentication. Access to a customer s data stored in the database is controlled through the SpringCM core application Web services and acts as a security middleman, ensuring complete confidentiality of information within our multitenant architecture. SpringCM follows a strict physical and virtual access control policy that limits access production servers and data. Authorized personnel must document each visit to the production systems and provide duration for their access. Each visit is monitored and correlated with our access control logging system. SECURITY MONITORING SpringCM s IT security program follows an underlying principle that if we cannot prevent it, we must detect it. This mantra forms the foundation for all security monitoring at SpringCM. Our IT staff monitors access of all servers, routers, switches and any other devices that interact with customer data. Our security team routinely reviews the centralized logging and analysis architecture. The security of SpringCM is just as critical as its infrastructure. Both undergo an annual in-depth assessment accompanied by quarterly audits of new functionality or areas of risk. Application assessment, penetration test and configuration assessment to analyze the strength of our system s configuration. DISASTER RECOVERY SpringCM has a structured disaster recovery plan to ensure all operations continue in case of a disaster and/or loss of key personnel. A portion of our disaster recovery procedures include our backup procedures. Backup procedures ensure regular and secure backup of data and software. They are essential in protecting against the loss of data and 2012 SpringCM SM 4
software and facilitating a rapid recovery from any failure. All backups conform to universal best practices procedures: All data, operating systems and utility files must be adequately and systematically backed up. Records of what is backed up and to where are maintained. At least three generations of backup data are retained at any one time. The backup media is precisely labeled, and accurate records are maintained of when backups are completed and to which back-up set they belong. Copies of the backup media, together with the backup record, are securely stored for one calendar year in a remote location a sufficient distance away from the main site that is provided by Iron Mountain. Regular testing of data and software restoration from the backup copies ensures all backup files can be relied upon for use in an emergency. COMPLIANCE SpringCM itself is not regulated by any specific laws or regulations, but many of our customers are. Therefore, we take great measures to ensure our security controls meet the compliance needs of our customers. Internally, all policies, processes and development follow a strict framework that adheres to ISO 27002 standards and the Control Objectives for Information and related Technology (COBIT) framework. Leveraging COBIT s success as an increasingly internationally accepted set of guidance materials for IT governance enables our products to meet our customer s various compliance requirements. For example, our access control policies map directly to HIPAA, GLBA and SOX requirements. In addition we use the IT Information Library (ITIL) service management framework to ensure continuous security monitoring and improvement. For specific compliance needs, please contact us. We are happy to work with you to make SpringCM meet your compliance requirements. SUMMARY SpringCM s investment in standardsbased security frameworks and implementation of security controls throughout the entire development and production environments process ensures our level of security will exceed that required by our customers. Our commitment to data confidentiality, integrity and availability starts at the network port and extends to the customer environment. We work with trusted third-party security vendors to verify and enhance our security program SpringCM, as the leader in mobilized business content, provides the freedom, power, and control businesses need to go beyond simple file storage and document sharing to connect teams and those they work with to powerful content management applications that make content available anytime, anywhere and from any mobile device with complete synchronicity and security. SpringCM unleashes the power of anytime, anywhere content to change the way you work. 2012 SpringCM All rights reserved www.springcm.com www.springcm.com 2012 SpringCM SM 5