PRIVACY, SECURITY AND THE VOLLY SERVICE



Similar documents
FileCloud Security FAQ

redcoal SMS for MS Outlook and Lotus Notes

Optus SMS for MS Outlook and Lotus Notes

White Paper. BD Assurity Linc Software Security. Overview

Flexible Identity Federation

Security Overview Enterprise-Class Secure Mobile File Sharing

Security Policy Revision Date: 23 April 2009

Data Security and Governance with Enterprise Enabler

Administrator Guide. v 11

Xerox SMart esolutions. Security White Paper

Connectivity to Polycom RealPresence Platform Source Data

NETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9

The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency

The Essential Security Checklist. for Enterprise Endpoint Backup

Avaya G700 Media Gateway Security - Issue 1.0

Workday Mobile Security FAQ

Ensuring Enterprise Data Security with Secure Mobile File Sharing.

WebEx Security Overview Security Documentation

Sync Security and Privacy Brief

SERENA SOFTWARE Serena Service Manager Security

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Complying with PCI Data Security

Security FAQs (Frequently Asked Questions) for Xerox Remote Print Services

ADDING STRONGER AUTHENTICATION for VPN Access Control

Introduction to Endpoint Security

Setup Guide Access Manager 3.2 SP3

Securing the Service Desk in the Cloud

INTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server

ACE Management Server Deployment Guide VMware ACE 2.0

Ensuring the security of your mobile business intelligence

Setup Guide Access Manager Appliance 3.2 SP3

IBM Cognos TM1 on Cloud Solution scalability with rapid time to value

nexus Hybrid Access Gateway

CareGiver Remote Support Information Technology FAQ

Table of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility.

Netwrix Auditor for Active Directory

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

Cornerstones of Security

The increasing popularity of mobile devices is rapidly changing how and where we

McAfee Network Security Platform Administration Course

Copyright Telerad Tech RADSpa. HIPAA Compliance

BMC s Security Strategy for ITSM in the SaaS Environment

INTEGRATION GUIDE. IDENTIKEY Federation Server for Juniper SSL-VPN

Develop HIPAA-Compliant Mobile Apps with Verivo Akula

EMC Data Protection Search

Introduction to Directory Services

Netwrix Auditor for SQL Server

Data Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

Netwrix Auditor for Windows Server

Tableau Online Security in the Cloud

INTEGRATION GUIDE. DIGIPASS Authentication for Cisco ASA 5505

Netwrix Auditor for Exchange

MOBILITY & INTERCONNECTIVITY. Features SECURITY OF INFORMATION TECHNOLOGIES

Data Protection: From PKI to Virtualization & Cloud

Leveraging Dedicated Servers and Dedicated Private Cloud for HIPAA Security and Compliance

NETWRIX EVENT LOG MANAGER

Requirements Collax Security Gateway Collax Business Server or Collax Platform Server including Collax SSL VPN module

Administering the Web Server (IIS) Role of Windows Server

Projectplace: A Secure Project Collaboration Solution

Simone Brunozzi, AWS Technology Evangelist, APAC. Fortress in the Cloud

Security Considerations

Cisco TelePresence Manager

Famly ApS: Overview of Security Processes

Alliance Key Manager Solution Brief

CA Performance Center

Achieving PCI-Compliance through Cyberoam

Novell Access Manager SSL Virtual Private Network

Windows Server 2003 default services

Security Overview Introduction Application Firewall Compatibility

Using Entrust certificates with VPN

WHITE PAPER. HIPAA-Compliant Data Backup and Disaster Recovery

F5 and Microsoft Exchange Security Solutions

PortWise Access Management Suite

OVERVIEW. DIGIPASS Authentication for Office 365

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

"Charting the Course... Implementing Citrix NetScaler 11 for App and Desktop Solutions CNS-207 Course Summary

Microsoft Azure. White Paper Security, Privacy, and Compliance in

Global Client Access Managed Communications Solutions. JPMorgan - Global Client Access. Managed Internet Solutions (EC Gateway)

Avaya TM G700 Media Gateway Security. White Paper

CNS-207 Implementing Citrix NetScaler 10.5 for App and Desktop Solutions

SAML Security Option White Paper

Our Key Security Features Are:

Netwrix Auditor for SQL Server

Secret Server Qualys Integration Guide

Monitoring Hybrid Cloud Applications in VMware vcloud Air

StreamServe Persuasion SP5 StreamStudio

How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications

Architecture Guidelines Application Security

Cyberoam Perspective BFSI Security Guidelines. Overview

Effective End-to-End Cloud Security

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

Introduction to the EIS Guide

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

Apigee Gateway Specifications

Transcription:

PRIVACY, SECURITY AND THE VOLLY SERVICE Delight Delivered by

EXECUTIVE SUMMARY The Volly secure digital delivery service from Pitney Bowes is a closed, secure, end-to-end system that consolidates and delivers transaction statements, marketing promotions, catalogs and other rich media digitally from businesses to consumers based on the consumer s physical street address. Pitney Bowes brings years of experience at the convergence of physical and digital communications to the Volly service. Based on Pitney Bowes innovations, the Volly service creates a new consumer experience, allowing your customers to help manage their lifestyles with greater convenience and control. This new communications channel benefits mailers by providing a low-cost yet trusted and secure electronic distribution platform, with minimal expense in switching from existing mailing processes. The benefit to consumers is the ability to aggregate mail digitally from multiple providers, to enjoy secure remote access from a single log-in, and to choose from a wealth of options for sorting, prioritizing, processing, paying, archiving, retrieving, discarding and reporting on all their mail-based activities across numerous electronic platforms (e.g., iphone, ipad, or browser). The Volly service also handles user-uploaded documents for secure storage and record keeping. Additionally, it offers consumers opt-in control over how they will be marketed and communicated to, and in what format. Security and data privacy for consumers and mailers throughout the Volly platform are fundamental to its success. The Volly service provides a secure and trusted platform with data security, data privacy and a seal of trust that builds on 90 years of Pitney Bowes expertise. 1

SECURITY FEATURES The Volly secure digital delivery service: Leverages Pitney Bowes core competency around security with public/private key infrastructure (PKI) Supports document and data privacy and encryption with RSA 2048 bits PKI and AES 256 bits Pairs the right mail with the right mailbox using superior Pitney Bowes address quality technologies Relies on consumer opt-in-based delivery preferences Uses a public cloud-based infrastructure by turning it into a virtualized closed, private network Protects all privacy data with strong encryption Provides multi-tenant mailer support in the Volly platform to ensure that mailers data is isolated logically at different levels Implements role-based access and Federated Access Control using industry standards (SAML 2.0) KEY SECURITY CHARACTERISTICS Encryption of all personally identifiable information (PII) Strong one-way encryption of log-in credentials Automatic account log-out after a period of inactivity Security image to prevent phishing attacks Additional security questions System-generated alerts and notifications for increased security Secure data storage in a separate database protected with hardware and software encryption techniques Protection of every customer statement and bill using a unique key protected by a hardware security module Automatic backup of database servers for added dataprotection User control over who can deliver mail to the account Adopts a PCI compliant payment system Deploys cloud-based security standards around the infrastructure, network, application and data security Provides multilevel authentication for consumers with passwords, random security questions, site keys and secret phrases Centralizes mailer-level authentication with role-based access to mailer users HOW IT WORKS: A CLOSED, SECURE, END-TO-END SYSTEM 2

Public access: Basic requirements Any secure public website has three main requirements: Security Data privacy Trust The Volly secure digital delivery service fulfills these requirements by being PCI compliant for payments, and by having trust seals from TRUSTe (pending) and Verisign (pending). Core mailer security requirements There are three core mailer security requirements for digital statement delivery: Protecting confidentiality/privacy/integrity of customer data Protecting sensitive data around customers businesses Compliance with industry standards The Volly service resolves these concerns as well, through the features and standards outlined below. PLATFORM SECURITY Cloud security The Volly service is built on an integrated solution using a hybrid of both a public and a private cloud structure. Private cloud. The private cloud is a PCI compliant and SAS 70 Certified environment that ensures that all data is secure. Application data is stored only in the private cloud; no application data is ever stored in the public cloud. The data store installed in the private cloud further masks or encrypts any fields related to PCI or HIPAA compliance. Public cloud. Effectively, the public cloud is being used as a virtual private cloud with no external interface being exposed to the outside world. To safeguard the Volly service from intrusion from within the public cloud, the internal network interfaces of the machine instances in the public cloud are also secured for pointto-point access only. This helps ensure that no intruder from within the cloud can access any Volly public cloud instance. While the data is being transferred to the public cloud it cannot be accessed because of the closed point-to-point network. Moreover, all the privacy/security fields are encrypted/masked for enhanced security. The cloud orchestration framework, responsible for managing and auto-scaling the cloud infrastructure, is itself deployed in a secure private cloud with all system configurations being stored in a secure LDAP store. Network security The private cloud is a closed network, as previously mentioned, and all public access by consumers happens through the private cloud. Strong firewall support in the private cloud helps ensure a secure and safe environment. The public cloud itself is secured and closed using strong iptables based firewall strategies. The public cloud is never exposed, and all the calls from and to the public cloud go through the secure private cloud. Thus, the combined implementation of iptables, secure system configuration, effective closed-load balancing and secure proxy being used for IP and port control caters to all the security aspects required for network security. Data security All PCI or HIPAA compliant data fields are encrypted/ masked in the data store, file system and messaging queues, as well as during data transfer across the network. 3

Services security The Volly secure digital delivery service was developed with a services-oriented architecture. All consumer services are developed using REST and all mailer services are developed using SOAP/ WSDL. All the services use token-based authentication and authorization mechanisms to make sure that only valid, authenticated systems/processes can communicate with the Volly platform. Application security The application access is highly secure, using a Secure Sockets Layer (SSL) Certificate based public access. The public interface uses trust seals providing the user with the level of trust meant for a payment site as well as ensuring that privacy is completely covered. MAILER SECURITY Address quality The Volly core value proposition is based on physical address delivery. The Volly service uses certified addresses to verify address accuracy during customer on-boarding. Volly capabilities automatically pair the street address of the bill or statement with the digital mailbox address during the production run. The Volly service keeps track of address changes and moves for consumers and handles the delivery of mail to the current address. This ensures that mail will not be delivered to the wrong address when a consumer moves, protecting privacy and also reducing mailer liability. The Volly service also geocodes each address for further verification. Digital document delivery The Volly platform ensures that only the owner of the document has access to the document. The document itself is encrypted and stored by an AES 256-bit security mechanism, where the signing key is itself encrypted using public/private key infrastructure. The public/private keys are stored in a hardware security module. This module is typically used for very highsecurity applications. The document encryption happens at the document production site, so effectively the document is encrypted at the source and is opened only at the destination. This also signifies that the document s rest state throughout the Volly engagement is both encrypted and secured. The Volly document retrieval process passes through an application-level check to authorize the user, for which the user s credentials are provided and validated against the secure SSO framework. DOCUMENT ENCRYPTION AND KEY STORE 4

Secure mailer gateway The Secure Mailer Gateway (SMG) is installed at the service provider site and connects to the Volly service using a secure VPN. This ensures that all data being transferred from the mailer to the Volly service is secure and encrypted in the transfer mode. The decision for electronic/physical split is handled at the mailer site based on delivery preference lookup using the mailing address data extracted from statements during the production run. The Secure Mailer Gateway also ensures that all electronic documents are individually encrypted at the mailer site prior to transmission. Payments Volly offers PCI compliant payment capability for billing statements using ACH (Automated Clearing House) and credit cards. All the payment account data is encrypted and stored in a private database. In order to facilitate payments, the payment-centric details are extracted from statements during the production run. Web seals The Volly service uses TRUSTe privacy seals (pending) and Verisign SSL Certificates (pending) to signal that all consumers can confidently use the system, since these are the most recognized and trusted security brands on the Internet. Access control The Volly service uses a role-based access protocol whereby every user including consumers and mailers is assigned a role that decides the operation/functionality a user can access. The role-based access protocol is built using an authorization component of Single Sign On (SSO) and uses secure LDAP as the underlying data store. All access points including service endpoints and user interfaces are controlled by this role-based access system. Every change made to this access control system is logged for security audits. CONSUMER SECURITY Document security A very strong 2048-bit RSA public/private keys document encryption/decryption mechanism ensures that the document is sealed at the mailer end and can be opened only by the owner of the document. This replicates virtually the physical experience of opening mail privately. The document is never stored un-encrypted in the Volly system. All the encryption keys are stored in the security appliance and all the communication between the security appliance and the public cloud will use Secure Sockets Layer (SSL). 5

CONSUMER ON-BOARDING Volly access to all consumers, whether Web-based or through mobile devices, is via industry standard HTTPS (HTTP over 128-bit SSL) encryption. All consumers are on-boarded using a secure registration form, with authentication and authorization handled using SSO. The SSO internally uses a very secure LDAP-based data store that maintains password encryption. The Volly service uses a strong CAPTCHA mechanism to protect against automated attacks. Address verification, e-mail verification and identity verification help to ensure that all consumers are validated and that they are the actual residents at the designated street address before they become operational users. This means that the mailer does not have to manage email identity. Site keys and security questions further provide a secure way of validating and managing users. All consumer access to the Volly service is logged and audited for possible resolution of security issues. The unique address sanitization process helps ensure that mailers can use the Volly service with high confidence. GLOSSARY ACH AES CAPTCHA HIPAA LDAP Mailer PCI DSS PII PKI REST SAML 2.0 Service Provider SMG SOAP/WSDL SSL Automated Clearing House Advanced Encryption Standard User text entry security verification Health Insurance Portability and Accountability Act Lightweight Directory Access Protocol Owns the mail Payment Card Industry Data Security Standard Personally Identifiable Information Public Key Infrastructure Representational State Transfer Security Assertion Markup Language 2.0 Processes the mail Secure Mailer Gateway Simple Object Access Protocol/Web Services Description Language Secure Sockets Layer SSO Single Sign On VPN Virtual Private Network LEARN MORE AT www.volly.com email vollysales@pb.com by Volly, Pitney Bowes, the corporate logo are trademarks of Pitney Bowes Inc. All other trademarks are the property of the respective owners. All other trademarks. 2012 Pitney Bowes Software Inc. All rights reserved. An Equal Opportunity Employer.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information