CLOUD FRAMEWORK & SECURITY OVERVIEW



Similar documents
Collaborate on your projects in a secure environment. Physical security. World-class datacenters. Uptime over 99%

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

THE BLUENOSE SECURITY FRAMEWORK

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

IBX Business Network Platform Information Security Controls Document Classification [Public]

Security Controls for the Autodesk 360 Managed Services

BMC s Security Strategy for ITSM in the SaaS Environment

BKDconnect Security Overview

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

GoodData Corporation Security White Paper

KeyLock Solutions Security and Privacy Protection Practices

White Paper: Librestream Security Overview

How does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1

Enterprise level security, the Huddle way.

The Education Fellowship Finance Centralisation IT Security Strategy

Client Security Risk Assessment Questionnaire

ProjectManager.com Security White Paper

Famly ApS: Overview of Security Processes

Securing the Service Desk in the Cloud

Birst Security and Reliability

Secure, Scalable and Reliable Cloud Analytics from FusionOps

White Paper How Noah Mobile uses Microsoft Azure Core Services

Autodesk PLM 360 Security Whitepaper

OCTOBER 2015 TAULIA SUPPLIER ARCHITECTURE OVERVIEW TAULIA 201 MISSION STREET SAN FRANCISCO CA 94105

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Table of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility.

PROTECTING YOUR VOICE SYSTEM IN THE CLOUD

Security & Infra-Structure Overview

AWS Security. Security is Job Zero! CJ Moses Deputy Chief Information Security Officer. AWS Gov Cloud Summit II

StratusLIVE for Fundraisers Cloud Operations

FileRunner Security Overview. An overview of the security protocols associated with the FileRunner file delivery application

CloudDesk - Security in the Cloud INFORMATION

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

Secure and control how your business shares files using Hightail

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Security in the Sauce Labs Cloud. Practices and protocols used in Sauce s infrastructure and Sauce Connect

Security in the Sauce Labs Cloud

White Paper The simpro Cloud

Building Energy Security Framework

Security from a customer s perspective. Halogen s approach to security

Las Vegas Datacenter Overview. Product Overview and Data Sheet. Created on 6/18/2014 3:49:00 PM

by New Media Solutions 37 Walnut Street Wellesley, MA p f Avitage IT Infrastructure Security Document

APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST

Ellucian Cloud Services. Joe Street Cloud Services, Sr. Solution Consultant

Information Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis

Payment Card Industry Data Security Standard

Dooblo SurveyToGo: Security Overview

Assuria can help protectively monitor firewalls for PCI compliance. Assuria can also check the configurations of personal firewalls on host devices

SAP Product and Cloud Security Strategy

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting

PCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst Page 1 of 7

PCI Requirements Coverage Summary Table

Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np

Central Agency for Information Technology

Understanding Sage CRM Cloud

SECURITY OVERVIEW FOR MY.ENDNOTE.COM. In line with commercial industry standards, Thomson Reuters employs a dedicated security team to protect our

GoodData Security Overview

Where every interaction matters.

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

PCI Requirements Coverage Summary Table

Passing PCI Compliance How to Address the Application Security Mandates

3rd Party Audited Cloud Infrastructure SOC 1, Type II SOC 2, Type II ISO Annual 3rd party application Pen Tests.

TOP SECRETS OF CLOUD SECURITY

How To Manage Security On A Networked Computer System

SaaS Security for the Confirmit CustomerSat Software

System Security Plan University of Texas Health Science Center School of Public Health

Cisco Advanced Services for Network Security

Keyfort Cloud Services (KCS)

Our Cloud Offers You a Brighter Future

Security aspects of e-tailing. Chapter 7

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS

Features Security. File Versioning. Intuitive User Interface. Fast and efficient Backups

The Elephant in the Room

Our Key Security Features Are:

Information Security Services

Symphony Plus Cyber security for the power and water industries

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

Security + Certification (ITSY 1076) Syllabus

Security Whitepaper: ivvy Products

Blue Jeans Network Security Features

Threat Modelling for Web Application Deployment. Ivan Ristic (Thinking Stone)

ClickTale Security Standards and Practices: Delivering Peace of Mind in Digital Optimization

Information Security Policy

Network Security Administrator

Ayla Networks, Inc. SOC 3 SysTrust 2015

Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture

Criteria for web application security check. Version

FormFire Application and IT Security. White Paper

Global ediscovery Client Data Security. Managed technology for the global legal profession

Security Threat Risk Assessment: the final key piece of the PIA puzzle

CONTENTS. PCI DSS Compliance Guide

Transcription:

CLOUD FRAMEWORK & OVERVIEW From small businesses to the largest Fortune 500 Enterprises, customers trust the irise cloud infrastructure when collaborating to define and design their applications. This document explains why... US: +1 800-556-0399 UK: +44 20 3574 4066 info@irise.com www.irise.com irise Los Angeles 2301 Rosecrans Ave Suite 4100 El Segundo, CA 90245 irise New York 545 Madison Avenue 9th Floor New York, NY 10022 irise London 7-8 Stratford Place 3rd Floor London W1C1AY

PHYSICAL World-Class Data Centers irise uses Amazon EC2 to host most of its cloud infrastructure. In some cases, we can't use Amazon EC2. For example, a client may require that its data reside in the UK due to local privacy laws. (Amazon EC2 has no data center in the UK.) When a client s specific requirements disallow use of Amazon EC2, we host that client at Rackspace. All data centers selected by irise comply with SOC1 / ISAE 3402, SOC2, SOC3 and ISO 9001, among other key compliance standards/programs. This means that the facilities feature 24/7 manned security, physical and biometric access controls, extensive seismic bracing, the latest in early detection smoke and fire alarms, and digital surveillance systems. Access to each system, network device, and application is limited to authorized personnel, and logged in detail. Event logs are reviewed on a regular basis. Details can be found here: Amazon Rackspace Uptime of over 99% In more than seven years of continuous service, irise s uptime has consistently exceeded 99%. irise offers options for clients who require a level of uptime greater than 99%. Your Data is Separated from Other clients' data On Amazon EC2, a client s data is stored on a dedicated EBS volume. On Rackspace, a client s data is stored on a dedicated CBS volume. Optionally, data may be stored on a physically distinct hard drive. Your Data is Automatically Backed Up Automatic data backup is included as part of your irise cloud service. The backup data is physically separated from your data to ensure fault tolerance. Encrypted backup sets are optional. 2

NETWORK & SYSTEM Network Security irise uses industry-standard network protection procedures, including firewall and router technologies, network intrusion detection/prevention systems, and alert mechanisms that allow us to detect and immediately prevent malicious traffic and network attacks. Regular internal network security audits and scanning give us an overview for quick identification of outdated systems and services. Regular Updates and Patch Management Operating systems, software, frameworks, and libraries used in irise infrastructure are updated to the latest stable versions on a regular basis. Whenever a vulnerability (e.g., a zero-day vulnerability) in a product used by irise is publicly reported, immediate action is taken to mitigate any potential risks for our customers. We apply hot fixes and patches as soon as they become available. System Integrity Protection irise uses cloud service provider built-in operating systems that are hardened according to NSA specification to minimize the threat vector and ensure the integrity of all system files. 2

APPLICATION Data Privacy and Sharing Users can have one of three levels of access to an irise project on the Definition Center. A role can be assigned directly to users who have been added individually to a project, or a role can be inherited from a user group that has been given access and to which the user belongs. In cases where a user has been assigned two separate roles (one as an individual user and one as a member of a group), the higher permission level will apply. The project activities in which users can engage are determined by their role on the project. Authentication and Access Control Each irise user in a cloud instance has a unique account with a verified email address, protected with a password. Passwords must comply with password policy. irise does not store passwords. Authentication data (secured per industry standards) is stored either on the cloud instance on the client s LDAP server. Your irise administrator manages individual user rights by granting specific privileges (roles). Data Encryption in Transit & At Rest irise uses 256-bit Transport Layer Security (TLS) with a preferred AES algorithm in CBC mode and 2048-bit server key length. When you access the irise Definition Center, technology protects your information using both server authentication and data encryption. This is equivalent to network security methods used in banking and leading e-commerce sites. All users of irise get the same in-transit encryption reliability so that passwords, cookies, and sensitive information are protected from eavesdropping. irise offers encryption at rest as an option for clients who require that their data be encrypted on disk. On EC2, Amazon typically manages the cryptographic keys. irise provides an option that allows the client (or irise) to manage the client s keys. On Rackspace, irise manages the cryptographic keys. Application Security Process The robust application security process that has been fully integrated into irise's software development life cycle (SDLC) includes: Defined in-house security requirements and policies, and well-known security best practices Security review of architectures, design of features, and solutions. Iterative manual source code review (and automated, using static code analyzers) for security weaknesses, vulnerabilities, and code quality. Regular manual assessment and dynamic scanning of pre-production environment. Security trainings conducted for IT teams according to their respective job roles. 3

ORGANIZATIONAL Operational Process Designing and running a cloud infrastructure requires not just technology, but a disciplined approach to processes. This includes policies about escalation, management, knowledge sharing, risk, as well as the day-to-day operations. irise s security team has years of experience in designing and operating cloud services, and we continually improve our processes over time. irise has developed best-in-class practices for managing security and data protection risk. All of these elements are essential pieces of irise s security culture. The Principle of Least Privilege Only our highest clearance-level employees have access to our cloud infrastructure. There are strict security policies for employee access, all security events are logged and monitored. Our authentication methods are strictly regulated. We limit access to customer data to employees with a job-related need, and require all those staff members to sign, and agree to be bound by, our Information Security Policy. Data on an As-Needed Basis Accessing data center information, as well as customer data, is only done on an as-needed basis, and only when approved by the customer (i.e. as part of a support incident), or by senior security management for the purposes of providing support, maintenance, and improving service quality. 4

ENTERPRISE GRADE Collaborate in a Secure Cloud Infrastructure irise is dedicated to providing enterprise grade security to all of it s customers, from small businesses to the largest Fortune 500 Enterprises. We realize it's an ongoing and ever-changing landscape. The job of securing our products and infrastructure is never done. Need More Information? If you have any security questions that are beyond the scope of this document, please contact our Sales team: 1-800-556-0399. Given you enter into an NDA with irise, Sales can 1) arrange for a detailed security discussion, and/or 2) provide you with a copy of irise s Information Security Policy. If you have any questions about this document, please contact our Cloud Operations Security Team any time at security@irise.com. 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information