Data safety at UXprobe. White Paper Copyright 2015 UXprobe bvba

Similar documents
Security Considerations

Why can you trust Google?

Hans Bos Microsoft Nederland.

Office Exchange SharePoint Lync

Security Information & Policies

Transparency. Privacy. Compliance. Security. What does privacy at Microsoft mean? Are you using my data to build advertising products?

Enterprise level security, the Huddle way.

Dropbox for Business. Secure file sharing, collaboration and cloud storage. G-Cloud Service Description

WHITEPAPER XMEDIUSFAX CLOUD FOR HEALTHCARE AND HIPAA COMPLIANCE

TONAQUINT DATA CENTER, INC. CLOUD SECURITY POLICY & PROCEDURES. Tonaquint Data Center, Inc Cloud Security Policy & Procedures 1

Dean Bank Primary and Nursery School. Secure Storage of Data and Cloud Storage

SECURITY AND REGULATORY COMPLIANCE OVERVIEW

Security and Data Protection for Online Document Management Software

Our security philosophy. Our team of experts

BeBanjo Infrastructure and Security Overview

With Eversync s cloud data tiering, the customer can tier data protection as follows:

White Paper How Noah Mobile uses Microsoft Azure Core Services

Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture

Welcome & Introductions

ClickTale Security Standards and Practices: Delivering Peace of Mind in Digital Optimization

Feliciano Intini Responsabile dei programmi di Sicurezza e Privacy Microsoft Italia

Blue Jeans Network Security Features

THE BLUENOSE SECURITY FRAMEWORK

A Sumo Logic White Paper. Sumo Logic Security Model. Secure by Design

Projectplace: A Secure Project Collaboration Solution

Druva Phoenix: Enterprise-Class. Data Security & Privacy in the Cloud

Cloud Security Trust Cisco to Protect Your Data

PCI Compliance for Cloud Applications

How Microsoft is taking Privacy by Design to Work. Alan Chan National Technology Officer Microsoft Hong Kong 7 May 2015

The Anti-Corruption Compliance Platform

<Choose> Addendum Windows Azure Data Processing Agreement Amendment ID M129

Security Controls for the Autodesk 360 Managed Services

How To Get A Cloud Security System To Work For You

The data which you put into our systems is yours, and we believe it should stay that way. We think that means three key things.

Cloud Computing and Data Protection Compliance - Experiences from Norway

GoodData Corporation Security White Paper

Type of Personal Data We Collect and How We Use It

Cloud Security and Managing Use Risks

INFORMATION SECURITY GUIDE. Cloud Computing Outsourcing. Information Security Unit. Information Technology Services (ITS) July 2013

The Education Fellowship Finance Centralisation IT Security Strategy

Evaluation criteria for Google Apps backup

ZOOMIN.TV PRIVACY POLICY Last updated: 5 August 2014

Helping people make better decisions DATA SECURITY POLICY. Kiilakiventie 1, Oulu, Finland tel:

Salesforce & HIPAA Compliance

Hosted Exchange. Security Overview. Learn More: Call us at

How does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1

Sikkerhet i skytjenester; hva bør en tenke på? Ole Tom Seierstad National Security Officer Microsoft Norway oles@microsoft.com

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

Cloud Computing: The atmospheric jeopardy. Unique Approach Unique Solutions. Salmon Ltd 2014 Commercial in Confidence Page 1 of 5

Google Apps for Education (GAFE) Data Privacy

MANAGED MICROSOFT AZURE SERVICES

Using AWS in the context of Australian Privacy Considerations October 2015

Office 365 Data Processing Agreement with Model Clauses

Wrapping Audit Arms around the Cloud Georgia 2013 Conference for College and University Auditors

Auditing Cloud Computing and Outsourced Operations

A Flexible and Comprehensive Approach to a Cloud Compliance Program

LogMeIn HIPAA Considerations

PROTECTING YOUR VOICE SYSTEM IN THE CLOUD

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation

KUIDAS KAITSTA ANDMEID EMC TARKVARAGA?

Keeping up with the World of Cloud Computing: What Should Internal Audit be Thinking About?


Splunk Enterprise Log Management Role Supporting the ISO Framework EXECUTIVE BRIEF

Data Processing Agreement for Oracle Cloud Services

IT Cloud / Data Security Vendor Risk Management Associated with Data Security. September 9, 2014

Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit

CANADIAN PAYMENTS ASSOCIATION ASSOCIATION CANADIENNE DES PAIEMENTS STANDARD 012 IMAGE SECURITY STANDARD

John Essner, CISO Office of Information Technology State of New Jersey

Cloud Contact Center. Security White Paper

Cloud services: Security, Compliance and Privacy. Nasos Kladakis Solutions Specialist Microsoft Hellas

DRUVA SECURITY OVERVIEW ICT AFRICA CAPE TOWN LEE MEPSTED EMEA CHANNEL MANAGER

Cloud Contact Center. Security White Paper

Ellucian Cloud Services. Joe Street Cloud Services, Sr. Solution Consultant

Securing the Cloud Infrastructure

Cloud Security Panel: Real World GRC Experiences. ISACA Atlanta s 2013 Annual Geek Week

Oracle Cloud Update November 2, Eric Frank Oracle Sales Consultant. Copyright 2014 Oracle and/or its affiliates. All rights reserved.

ProjectManager.com Security White Paper

Hot Topics in IT. CUAV Conference May 2012

Cloud Courses Description

Amazon Web Services: Risk and Compliance May 2011

Secure, Scalable and Reliable Cloud Analytics from FusionOps

Cloud Computing Risks & Reality. Sandra Liepkalns, CRISC sandra.liepkalns@netrus.com

Clever Security Overview

Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer

Information Security: Cloud Computing

Securing the Microsoft Cloud Infrastructure. Reto Häni Chief Security Officer Microsoft Western Europe MEET SWISS INFOSEC!

Cloud Computing: Contracting and Compliance Issues for In-House Counsel

WALKME WHITEPAPER. WalkMe Architecture

insync Benefits & Comparison

Cloud Courses Description

Securing Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits

Cloud Computing Risks in Financial Services Companies: How Attorneys Can Best Help In An Increasingly SaaS-ified World

Qualification Guideline

Birst Security and Reliability

Privacy Statement. What Personal Information We Collect. Australia

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation

Cloud Computing. Cloud Computing An insight in the Governance & Security aspects

CONTENTS. PCI DSS Compliance Guide

Cloud Security Case Study Amazon Web Services. Ugo Piazzalunga Technical Manager, IT Security

Transcription:

Data safety at UXprobe White Paper Copyright 2015 UXprobe bvba

Table of contents Executive summary.... 3 1. Google App Engine... 4 2. Security at Google... 4 2.1. Data Access and identity... 4 2.2. Storage... 4 Highly protected data centres... 4 Custom machines... 4 Security of data... 4 2.3. Security... 5 High availability... 5 Secure connection... 5 Data ownership... 5 3. Compliance.... 5 3.1. Standards Compliance of the App Engine Platform.... 5 3.2. European Compliance of the App Engine platform... 6 Conclusion.... 6

DATA SAFETY AT Executive summary At UXprobe, the security and integrity of your data, your customers experience data, is critically important to us. It is because of this that we have built and operate UXprobe in a highly secure environment with industry s best practices to secure and guard data privacy and integrity. UXprobe operates its service in world leading secure data centers, which are managed and operated under highly secure and audited processes. The security of the UXprobe platform begins with highly secure physical premises and continues up through it s security of the base hardware, operating systems, system software, and application software including best practices such as two factor authentication for access to UXprobe reporting. 3

DATA SAFETY AT the highest industry standards and support leading practices Pic 1. Google App Engine 1. Google App Engine The UXprobe service (SaaS) runs on the Google App engine platform which is hosted and managed by Google. SEE PIC 1. All customer data is stored and secured on this platform. This allows UXprobe to take advantage of all physical and logical security elements enjoyed by Google. The data we collect are physically stored within Google s own data centres and enjoy the high level of security Google applies to all of it s operations. 2. Security at Google 2.1. Data Access and identity Access to UXprobe reports are through Google accounts which are guarded by the highest industry standards and support leading practices such as two factor authentication. 2.2. Storage All data is stored within the Google infrastructure and so the same levels of security that apply to all of Google s data also applies to UXprobe. Highly protected data centres Restricted physical access, escalating level of security when approaching the core of the data centre, different types of security technologies used for each level (badges, secure chamber, biometric identification, etc.), security guards on site 24/7, video cameras with threat detection, etc Custom machines Hardware and Operating system are designed and built by and for Google, making the computing environment less prone to vulnerability and zero day threats. Security of data Data randomization. Data of the same company is stored in multiple locations to help ensure relliability. The files which store the data are given random file names and are not stored in clear text, so they re not humanly readable. Strict process around hard drive life cycle management. Hard drives are constantly tracked for location and status. When one fails or begins to show performance problems, it s brought to a specific area where it s reformatted. 4

DATA SAFETY AT Data collected by UXprobe on behalf of clients remains the property of our clients Pic 2. The Google hard drive crusher If it s not proven 100% working, it s removed and overwritten, then destroyed. First with the crusher, then through a shredder. SEE PIC 2. All data is backed up to tape archives 2.3. Security High availability UXprobe runs on the Google App Engine and utilises High replication Datastores (HDR). This provides high availability for all reads and writes by storing data synchronously in multiple data centres. Secure connection UXprobe uses HTTPS to provide secure connection between the UXprobe system and the customer application system. Data transmitted to UXprobe is protected end to end by TLS encryption. Data ownership Data collected by UXprobe on behalf of clients remains the property of our clients - we never use our clients data for any other purposes, than feeding our clients own reports. It is and remains your property. 3. Compliance 3.1. Standards Compliance of the App Engine Platform The Google App Engine platform and environment is subject to independent verification of security, privacy and compliance controls. Google undergoes several independent third party audits on a regular basis to provide this assurance. This means that an independent auditor has examined the controls present in our data centers, infrastructure and operations. Google solutions have regular audits for the following standards: (SOC1) (SSAE-16/ISAE-3402): Google Apps, Google Compute Engine, Google Cloud Storage, Google App Engine (SOC2): Google Apps, Google Compute Engine, Google Cloud Storage, Google App Engine (SOC3): Google Apps, Google Compute Engine, Google Cloud Storage, Google App Engine ISO27001: Google Apps, Google Compute Engine, Google Cloud Storage, Google Application Engine, Google DataStore, Google Big Query, Google CLoud SQL HIPAA: Google Apps, Google Compute Engine, Google Cloud Storage, Google Big Query, Google Cloud SQL 5

DATA SAFETY AT security and integrity of your customers experience data FISMA: Google App Engine, Google Apps for Government Conclusion 3.2. European Compliance of the App Engine platform Google provides capabilities and contractual commitments created to meet data protection recommendations provided by the Article 29 Working Party. Google offers to sign EU Model Contract Clauses and a Data Processing Amendment. It is a participant in the U.S.-EU Safe Harbor Framework. Along with independent third-party audits of our data protection practices and our ISO 27001 certification, these provide our customers with several compliance options to address EU data protection regulations At UXprobe, the security and integrity of your customers experience data, is critically important to us. It is because of this that we have built and operate UXprobe in a highly secure environment with industry s best practices to secure and guard data privacy and integrity. We welcome feedback and input of how to improve the security and integrity of UXprobe. Please do not hesitate to share your requirements with us at happy@uxpro.be Call us +32 (0)485 71 48 36 or +32 (0)485 69 78 35 Send us an email happy@uxpro.be Check our Website www.uxpro.be Watch our video http://youtu.be/xryurvhlwvq Follow us on Twitter @uxprobe Facebook Look for UXprobe Google+ Look for UXprobe 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information