White Paper: Librestream Security Overview



Similar documents
Famly ApS: Overview of Security Processes

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

Secure, Scalable and Reliable Cloud Analytics from FusionOps

WHITE PAPER. HIPPA Compliance and Secure Online Data Backup and Disaster Recovery

CHIS, Inc. Privacy General Guidelines

KeyLock Solutions Security and Privacy Protection Practices

IBX Business Network Platform Information Security Controls Document Classification [Public]

Security Policy JUNE 1, SalesNOW. Security Policy v v

Table of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility.

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

Application Note. Onsight Connect Network Requirements v6.3

Security Controls for the Autodesk 360 Managed Services

Collaborate on your projects in a secure environment. Physical security. World-class datacenters. Uptime over 99%

WHITE PAPER. HIPAA-Compliant Data Backup and Disaster Recovery

Birst Security and Reliability

Enterprise level security, the Huddle way.

Small Business IT Risk Assessment

GiftWrap 4.0 Security FAQ

How to setup NovaBACKUP DataCenter to backup data to Amazon S3 using Amazon s AWS Storage Gateway

Application Note. Onsight TeamLink And Firewall Detect v6.3

CLOUD FRAMEWORK & SECURITY OVERVIEW

Service Overview CloudCare Online Backup

Acano solution. Security Considerations. August E

Alliance Key Manager Cloud HSM Frequently Asked Questions

Las Vegas Datacenter Overview. Product Overview and Data Sheet. Created on 6/18/2014 3:49:00 PM

For more information on how to build a HIPAA-compliant wireless network with Lutrum, please contact us today!

Remote Disaster Recovery Services Suite (nvision Edition)

SECURITY OVERVIEW FOR MY.ENDNOTE.COM. In line with commercial industry standards, Thomson Reuters employs a dedicated security team to protect our

Service Organization Controls 3 Report. Report on Hyland Software, Inc. s OnBase Online Cloud Platform, relevant to Security and Availability

Complying with PCI Data Security

HIPAA Privacy & Security White Paper

FormFire Application and IT Security. White Paper

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

Minimizing Computer Data Loss Risks With Online Backup. Seven Devastating but Common Computer Backup Mistakes

Woodcock-Johnson and Woodcock-Muñoz Language Survey Revised Normative Update Technical and Data Security Overview

Altus UC Security Overview

Enterprise Backup Overview Protecting Your Most Important Asset

VMware vcloud Air HIPAA Matrix

Information Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis

White Paper How Noah Mobile uses Microsoft Azure Core Services

Media Shuttle s Defense-in- Depth Security Strategy

Hosted File Backup for business. Keep your data safe with our cloud backup service

Online Business Continuity Solutions for Small Businesses Comparison Report: A Sampling of Online Business Continuity, Disaster Recovery, and Backup

Features Security. File Versioning. Intuitive User Interface. Fast and efficient Backups

HIPAA Security Matrix

Security aspects of e-tailing. Chapter 7

Security in Space: Intelsat Information Assurance

Projectplace: A Secure Project Collaboration Solution

SNAP WEBHOST SECURITY POLICY

Application Note. Onsight Connect Network Requirements V6.1

System Security Plan University of Texas Health Science Center School of Public Health

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

Blackboard Collaborate Web Conferencing Hosted Environment Technical Infrastructure and Security

How To Backup Your Hard Drive With Pros 4 Technology Online Backup

EOH Cloud Services - EOH Cloud Backup - Server

BKDconnect Security Overview

Security and Data Protection for Online Document Management Software

Privacy + Security + Integrity

FAQ Answers to frequently asked questions relating to the security, protection and redundancy of images stored in the Eclipse Data Center

SMS. Cloud Computing. Systems Management Specialists. Grupo SMS option 3 for sales

Keyfort Cloud Services (KCS)

techsafe Features Technology Partners th Street - Vero Beach, FL (772) Page 1/

Using etoken for SSL Web Authentication. SSL V3.0 Overview

DISASTER RECOVERY WITH AWS

How To Use Attix5 Pro For A Fraction Of The Cost Of A Backup

eztechdirect Backup Service Features

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Online Backup Frequently Asked Questions

Evolved Backup Features Computer Box 220 5th Ave South Clinton, IA

SVA Backup Plus Features

IBM Cognos TM1 on Cloud Solution scalability with rapid time to value

INFORMATION SECURITY PROGRAM

Security Threat Risk Assessment: the final key piece of the PIA puzzle

Information Technology General Controls Review (ITGC) Audit Program Prepared by:

Hosted File Back-up for business. Keep your data safe with our cloud back-up service

Online Backup Plus Frequently Asked Questions

PROTECTING YOUR VOICE SYSTEM IN THE CLOUD

HIPAA Security Alert

Security Policy Revision Date: 23 April 2009

This policy is not designed to use systems backup for the following purposes:

Managing internet security

Online Backup Solution Features

Cloud Computing: What needs to Be Validated and Qualified. Ivan Soto

anomaly, thus reported to our central servers.

A HELPING HAND TO PROTECT YOUR REPUTATION

StratusLIVE for Fundraisers Cloud Operations

White Paper. Prepared by: Neil Shah Director, Product Management March, 2014 Version: 1. Copyright 2014, ezdi, LLC.

Transcription:

White Paper: Librestream Security Overview

TABLE OF CONTENTS 1 SECURITY OVERVIEW... 3 2 USE OF SECURE DATA CENTERS... 3 3 SECURITY MONITORING, INTERNAL TESTING AND ASSESSMENTS... 4 3.1 Penetration Testing Procedures... 4 3.2 Scan Results and Risk Mitigation... 4 4 SECURE TRANSMISSION AND SESSIONS... 4 5 DISASTER RECOVERY... 5 6 BACKUP AND RECOVERY... 6 White Paper: Librestream Security Overview - 2-2014 Librestream

1 Security Overview The confidentiality, integrity, and availability of customer information are vital to Librestream s business operations and success. The Onsight mobile video collaboration system includes a range of security provisions to safeguard and control content. Librestream also takes a multi-layered approach to protect customer information through constant monitoring, review and updates to the applications, hosted systems, and processes to meet the growing demands and challenges of security. This approach includes the following components. 2 Use of Secure data centers The hosted service is collocated in dedicated spaces at the high availability Amazon Web Services (AWS) and Rackspace data centers. This infrastructure is designed and managed according to security best practices as well as a variety of security compliance standards. With both data centers, customers can be assured that Librestream has built the web architecture on top of some of the most secure computing infrastructure in the world. These facilities provide carrier-level support, including: Physical security and access control Environmental controls Fire detection and suppression Power Redundancy Secure Network Architecture Transmission Protection Automated Backup White Paper: Librestream Security Overview - 3-2014 Librestream

3 Security Monitoring, Internal Testing and Assessments The Information Security group constantly monitors notification from various sources and alerts from internal systems to identify and manage threats. Librestream tests all code for security vulnerabilities before release and regularly scans the network and systems for the following: Application vulnerability threat assessments Network vulnerability threat assessments Selected penetration testing and code review Security control framework review and testing 3.1 Penetration Testing Procedures The Onsight servers are subjected to network penetration testing procedures on a regular monthly basis using the Nessus Vulnerability Scan software. Every Server Instance type is mirrored and then used as the target for security scanning. A designated Engineer is responsible for ensuring that the scans are performed as per documented work instructions as well as verifying that that the scan process itself is sufficiently complete and effective. 3.2 Scan Results and Risk Mitigation Scan results are reviewed by the Engineer once the scan is complete. If the scan results identify a new or unknown risk, the results are logged in the internal issue tracking system and reviewed by the Software Engineering security panel. The Software Engineering group is responsible for addressing identified issues. If patches are required to mitigate risks, they shall be scheduled according to risk severity and in a manner as to minimize service outages. Solutions shall be implemented if vulnerabilities are discovered with a rating of Medium or higher, as defined in the Nessus Report. 4 Secure transmission and sessions All components, including Librestream s Onsight video endpoints, can be centrally configured and controlled to enforce security policies over transmission media. The supported security measures include: Cloud connectivity supports access via HTTPS using Secure Sockets Layer (SSL), a cryptographic protocol that is designed to protect against eavesdropping, tampering, and message forgery. White Paper: Librestream Security Overview - 4-2014 Librestream

SIP-TLS signaling encryption to secure call setup between endpoints AES128 bit media encryption to provide end to end security over the Onsight content. Privacy mode to restrict the ability to take pictures or record sessions Wireless security protocols for WLAN network and 802.1x authentication such as WPA2-PSK and PEAP-GTC with certificate support Central management tools to configure and enforce these security policies 5 Disaster Recovery There are many potential disruptive threats which could occur at any time and affect the normal business process. Librestream has considered a wide range of potential threats with the focus being on the level of business disruption which could arise from each type of disaster. The internal disaster recovery plans include policies and procedures for technology disaster recovery, as well as process-level plans for recovering critical technology platforms and infrastructure. In the event of a potential disaster/emergency situation, the Disaster Recovery Team shall decide on the appropriate actions to be taken, as guided by the full internal Disaster Recovery document. The Disaster Recovery Team is responsible for: Responding immediately to a potential disaster/emergency situation and calling emergency services (fire, ambulance, police) if appropriate Assessing the extent of the disaster and its impact on business activities, facilities, services, etc. Deciding which elements of this procedure are required for the situation Ensuring necessary personnel are notified and updating a recorded message to relay information to employees as it is available Managing the resources necessary and allocating responsibilities and activities as required to restore/maintain vital services Documenting actions taken and ensuring that records are maintained Periodic disaster recovery tests verify the projected recovery times and the integrity of the customer data. A full verification of disaster recovery processes is conducted annually at a minimum. White Paper: Librestream Security Overview - 5-2014 Librestream

6 Backup and Recovery In the event of a disaster/emergency situation where Librestream business systems and/or data are affected, Librestream shall: Establish an emergency level of service Restore critical services Recover to normal operation At the secure data centers, the back-up and recovery process includes: All data are backed up to tape at each data center, on a rotating schedule of incremental and full backups The backups are cloned over secure links to a secure tape archive Tapes are not transported offsite and are securely destroyed when retired White Paper: Librestream Security Overview - 6-2014 Librestream

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information