Advanced SaaS Security Measures



Similar documents
COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy

Information Services Hosting Arrangements

The Importance Advanced Data Collection System Maintenance. Berry Drijsen Global Service Business Manager. knowledge to shape your future

GUIDANCE FOR BUSINESS ASSOCIATES

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013

The ADVANTAGE of Cloud Based Computing:

Cloud Services Frequently Asked Questions FAQ

HIPAA HITECH ACT Compliance, Review and Training Services

Password Reset for Remote Users

CNS-205: Citrix NetScaler 11 Essentials and Networking

Serv-U Distributed Architecture Guide

POLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014

System Business Continuity Classification

HIPAA Compliance 101. Important Terms. Pittsburgh Computer Solutions

State of Wisconsin. File Server Service Service Offering Definition

Christchurch Polytechnic Institute of Technology Access Control Security Standard

Understand Business Continuity

Session 9 : Information Security and Risk

Mobilizing Healthcare Staff with Cloud Services

Implementing ifolder Server in the DMZ with ifolder Data inside the Firewall

VCU Payment Card Policy

Personal Data Security Breach Management Policy

Completing the CMDB Circle: Asset Management with Barcode Scanning

SPECIFICATION. Hospital Report Manager Connectivity Requirements. Electronic Medical Records DRAFT. OntarioMD Inc. Date: September 30, 2010

Service Level Agreement (SLA) Hosted Products. Netop Business Solutions A/S

MaaS360 Cloud Extender

In addition to assisting with the disaster planning process, it is hoped this document will also::

Improved Data Center Power Consumption and Streamlining Management in Windows Server 2008 R2 with SP1

Welcome to Remote Access Services (RAS)

Data Protection Policy & Procedure

Junos Pulse Instructions for Windows and Mac OS X

Ensuring end-to-end protection of video integrity

AML Internet Manor Court, Manor Farm House, London Road, Derby, Derbyshire, DE72 2GR. Tel: Fax:

MANAGED VULNERABILITY SCANNING

Data Protection Act Data security breach management

Serv-U Distributed Architecture Guide

EA-POL-015 Enterprise Architecture - Encryption Policy

Licensing Windows Server 2012 R2 for use with virtualization technologies

Licensing Windows Server 2012 for use with virtualization technologies

SYSTEM MONITORING PLUG-IN FOR MICROSOFT SQL SERVER

CSC IT practix Recommendations

Administration of SQL Server

ViPNet VPN in Cisco Environment. Supplement to ViPNet Documentation

PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK

Solution Brief. Aerohive and Impulse. Powerful Network Security for Education and Enterprise

JADU DATA PLATFORM SERVICE DEFINITION

How Does Cloud Computing Work?

System Business Continuity Classification

IN-HOUSE OR OUTSOURCED BILLING

A96 CALA Policy on the use of Computers in Accredited Laboratories Revision 1.5 August 4, 2015

White Paper for Mobile Workforce Management and Monitoring Copyright 2014 by Patrol-IT Inc.

First Global Data Corp.

Endpoint Protection Solution Test Plan

SaaS Listing CA Cloud Service Management

CPIT Aoraki ICT Asset and Media Security Standard

ACTIVITY MONITOR Real Time Monitor Employee Activity Monitor

NERC-CIP Cyber Security Standards Compliance Documentation

Help Desk Level Competencies

Research Report. Abstract: The Emerging Intersection Between Big Data and Security Analytics. November 2012

PHYSICAL SECURITY & ENVIRONMENTAL SECURITY

Magenta HR in partnership with breath ehr

Installation Guide Marshal Reporting Console

Research Report. Abstract: Advanced Malware Detection and Protection Trends. September 2013

OFFICIAL JOB SPECIFICATION. Network Services Analyst. Network Services Team Manager

FCA US INFORMATION & COMMUNICATION TECHNOLOGY MANAGEMENT

The Nirvana Phone. Citrix Copyright

Microsoft Certified Database Administrator (MCDBA)

AdminiTrack Security Statement

How To Install An Orin Failver Engine On A Network With A Network Card (Orin) On A 2Gigbook (Orion) On An Ipad (Orina) Orin (Ornet) Ornet (Orn

Monthly All IFS files, all Libraries, security and configuration data

Key Steps for Organizations in Responding to Privacy Breaches

Army DCIPS Employee Self-Report of Accomplishments Overview Revised July 2012

expertise hp services valupack consulting description security review service for Linux

UC4 AUTOMATED VIRTUALIZATION Intelligent Service Automation for Physical and Virtual Environments

Securely Managing Cryptographic Keys used within a Cloud Environment

WEB APPLICATION SECURITY TESTING

BT Applications Assured Infrastructure (AAI) Application Optimisation Service (AOS) Optimising business performance

Transcription:

BlueTie Business Email White Paper Advanced SaaS Security Measures Overview f BlueTie Security

BlueTie, Inc. 220 Kenneth Drive Rchester, NY 14623 USA (800) BLUE TIE www.bluetie.cm TABLE OF CONTENTS Abstract... 3 Backgrund: BlueTie Business Email... 3 The Prblem... 4 The BlueTie Clud... 4 Physical Security... 4 Netwrk Security... 5 System Security... 7 Data Strage... 7 Availability and Disaster Recvery... 7 Security Plicy... 8 Cnclusin... 9 2

Abstract The unique ability fr SaaS cmpanies t deliver mre data, t mre places via mre access methds has had a prfund impact n the ability fr businesses t cmmunicate, cllabrate, and achieve tasks. Businesses can nw access data that nce resided slely behind the crprate firewall and required users t be physically at the ffice r accessing systems thrugh cmplex VPN systems. As the cmputing landscape evlves, cmpanies are leveraging this evlutin t expse mre access methds t data and are entrusting the services f SaaS prviders t prvide this gateway. Cmpanies are demanding access t data in ways never befre imagined, while enlisting prviders t maintain the highest f security measures t prtect their sensitive data. SaaS cmpanies are tasked with the respnsibility f nt nly prtecting data as it mves int and ut f varius web based accessible systems, but are als charged with prtecting that data thrughut its life in the clud. Security threats tday range frm simplistic credential breaches, t mre sphisticated applicatin, prfiling, abuse, hacking and denial f service attacks. This paper fcuses n the security measures that allw BlueTie t prvide secure envirnment fr yur cnfidential data. BlueTie s multi layered and multi faceted apprach t security is designed t nt nly prtect yur data in transit, but t prtect it while at rest in the clud. Backgrund: BlueTie Business Email BlueTie is an industry leading SaaS based Business Email service which prvides webbased services t thusands f businesses and millins f users wrldwide. Our infrastructure prcesses several billin email messages per mnth, systematically mnitring fr, detecting and managing email based security threats fr ur end users. Our prducts and services are designed t eliminate the hassles, cst and management verhead assciated with internal IT Departments by leveraging BlueTie s expertise in the cmmunicatin and cllabratin industry. Our team cnsists f highly skilled messaging experts wrking in cnjunctin with several f the wrld s leading prviders f security slutins t ensure yur Email services remain available. 3

The Prblem The cmprmise f data culd mean the lss f trust and reputatin fr yur business by yur current and future custmers. It culd mean the lss f trade secrets, identity theft, r even wrse, the dwnfall f an entire business. Security threats have mved frm what were primarily netwrk based attacks t sphisticated website and applicatin vulnerability prfiling and eventual explitatin f thse vulnerabilities. Wrse yet undergrund cmmunities and massive btnets are being utilized t launch large scale denial f service attacks against prviders, crippling infrastructure fr hurs and even weeks, leaving custmers unable t access data. N single slutin exists tday t identify, prevent r mitigate these security issues. Instead prviders f clud based services must rely n a multi faceted apprach t security fr bth the physical and lgical architectures f the slutin prvided t end users. Technlgy can assist in the preventin f these attacks, hwever, the rigidity f plicies and prcedures are ften the mst critical pieces t security. The BlueTie Clud BlueTie s clud is perated ut f several facilities in the United States. Here a high perfrmance netwrk infrastructure cnnects BlueTie t the Internet and its end users. These facilities prvide the framewrk fr BlueTie s physical security which is cnsidered equally if nt mre imprtant than netwrk and system security plicies. Physical Security Physical security cnsists f the measures in place t prtect direct, physical access t the pwer, HVAC, netwrk and server infrastructure that perate web based applicatins. Each facility selected t perate a prtin f BlueTie s clud must underg stringent analysis fr the presence, implementatin and nging administratin f physical security infrastructure. BlueTie nly perates its clud infrastructure in facilities which have been audited by industry leading firms fr SAS70 Type II cmpliance. As such, each facility has demnstrated cntrl and accunting measures in place fr physical security and maintains strict security plicies and practices. 4

The physical lcatin and design f these facilities assist in the preventin and mitigatin f bth natural and man made assaults. Facilities have been selected based n natural disaster scenari risk assessment, as well as fld plain screening and evaluatin. T further enhance the security f the infrastructure, n identifiable markings, r signage is visible frm the exterir. All pwer and cling systems are secured behind gated fences and are limited t authrized persnnel. Each facility is equipped with slid blck exterir perimeters and ramming bllards t mitigate ptential damage t the infrastructure frm exterir surces. Security persnnel cntrl access t and frm, including the mnitring f individuals within the facilities. Access t ur facilities is limited t specific individuals fr the purpses f maintaining and managing the infrastructure. Under n circumstances are unauthrized individuals granted privileges t enter. Prtins f BlueTie s data centers utilize state f the art bimetric scanning equipment fr access t highly sensitive and restricted areas. These systems permit nly authrized individuals int these areas, and lg and reprt all access fr histrical reference and review purpses. BlueTie s facilities perate high reslutin, cntinuus surveillance security cameras which mnitr the mvement f individuals thrughut the facilities. These cameras are mnitred by security persnnel and als recrd all feeds t DVR systems which are maintained fr histrical reference and review purpses. BlueTie s physical infrastructure equipment is always segregated frm the cllcatin ppulatin with security cages. These cages require physical key access which is nly prvided t individuals authrized t access these areas. Inside each caged area, several surveillance cameras mnitr the activity and actins within. Netwrk Security Netwrk security cnsists f the measures in place t prtect netwrk based access including unauthrized access t netwrk r system infrastructure, abuse f resurces and r denial f service attacks. The nature f the web has pushed netwrk security further frm just the perimeter f the infrastructure physically running and string data. Netwrk security nw starts at the DNS layer. DNS serves as the telephne directry f the internet. This directry is the first place a client brwser lks when accessing a site. As such, this infrastructure must be heavily prtected and extremely rbust in rder t service brwser requests. Denial f service attacks at the DNS layer are cmmn and if successful, can cause significant utages and slw access t sites. 5

BlueTie has partnered with an industry leading DNS prvider t handle the prcessing f these requests and the security surrunding this infrastructure. The DNS platfrm is currently deplyed n tp f a glbal IP netwrk, cnsisting f 12 facilities and cnnectivity frm a variety f Tier 1 Internet Service Prviders. The DNS platfrm perates n tw diverse Anycast cnstellatins which prvide active active failver between cnstellatins and glbal traffic distributin between data centers. This glbal distributin and massively scalable cnnectivity t the DNS infrastructure guards against denial f service attacks. BlueTie s perimeter is secured utilizing industry leading firewall technlgy frm Juniper Netwrks. T prtect against netwrk level attacks, these systems analyze all incming and utging transmissins using a dynamic packet filtering methd knwn as stateful inspectin. Varius infrmatin is cllected frm incming transmissins and analyzed against the respnding transmissins t ensure the cmmunicatin streams match. This analysis is dne under the cntext f a cnnectin and nt as a cllectin f varius packets, which prvides security at the packet level rather than the cnnectin level. Unmatched transmissins are cnsidered malicius and are drpped. The firewall systems cntinuusly mnitr and reprt these security incidents t ur NOC. In additin t alerts, fr which BlueTie may take actin, all security histry is lgged fr histrical tracking and reference purpses. BlueTie s internal netwrk infrastructure is segmented int VLANs. Each VLAN limits the access and cmmunicatin between systems thrugh a series f ACLs (Access Cntrl Lists) allwing granular cntrl f the cmmunicatin between VLANs. Sensitive systems are placed int VLANs in which nly authrized systems may cmmunicate with them, further enhancing the security f BlueTie s netwrk. Custmers are als permitted t access BlueTie s web based, mbile and desktp client slutins via standard security prtcls including 2048 Bit SSL and TLS. An ptinal parameter set by the user, r enfrced by the administratr f the Custmer s accunt ensures all cmmunicatin transmitted t and frm BlueTie remains secure at all times. In accrdance with BlueTie s Security Plicies, BlueTie emplys granular access cntrls fr administratin which prvide separatin f duties with regards t system management and netwrk security. 6

System Security BlueTie perates primarily n the Linux Operating System. Each system deplyed fr use in ur prductin facilities is imaged t cntain nly the necessary sftware required t perate the BlueTie platfrm. This practice, knwn as hst hardening, reduces the likelihd f hst explits by limiting the sftware, prcesses and pen prts enabled n each system. Peridically, these systems underg an evaluatin f sftware, patches and recmmended updates t ensure prper functin and t patch any security threats. Access t these prcessing systems a limited by BlueTie s Security Plicies and is granted nly t thse which require it fr purpses f administratin and maintenance f the system. Data Strage User data is stred in a finite number f systems within the BlueTie clud. User email data is rganized in a hierarchal fashin which tiers and separates data int lgical partitins acrss an array f strage systems. Other infrmatin, such as cntacts, calendar and tasks data are stred in a similar frmat inside enterprise class databases. T ensure the utmst security as it relates t custmer accunt and credit card infrmatin, data is stred in enterprise grade databases utilizing an encryptin algrithm that stres card data. This data can nly be unencrypted by BlueTie s billing systems which are nt lcated in any publically accessible facilities and d nt have access t the internet. Access t these strage systems is limited by BlueTie s Security Plicies and is granted nly t thse which required it fr purpses f administratin and maintenance f the system. BlueTie s finance and billing department maintains sle cntrl f decryptin keys fr custmer credit card data. These keys are nt accessible t any ther staff within BlueTie. Availability and Disaster Recvery Availability and disaster recvery are an imprtant cnsideratin when selecting a SaaS prvider. Extended utages, dwntime, r data lss can be cstly and damaging fr a business. BlueTie s architecture is built upn a highly available infrastructure designed t withstand the cmmn causes f utages tday. 7

Each layer f BlueTie s netwrk infrastructure perates n active/active r active/passive equipment, meaning the failure f a cmpnent within any piece f this equipment, r the failure f an entire system shuld nt disrupt service fr end users. Latent capacity built int the infrastructure allws fr full failver t redundant systems in the event f a netwrk failure. BlueTie s stateless prcessing systems are gruped int clusters f systems which are managed by intelligent lad balancers. These lad balancers mnitr the state and health f each prcessing system. Systems that fail r are nt perfrming well are autmatically remved, while seamlessly transferring cnnectins t anther prcessing system. This prcess reduces the chance fr custmer impact in the event f a system issue r utage. BlueTie s databases cntain specific accunt infrmatin such as cntacts, calendars, tasks and ther data stred by BlueTie fr its end users. Each database is replicated t a standby unit which will assume respnsibility if the primary unit shuld fail. Databases are mnitred at all times fr integrity, synchrnizatin, and respnsiveness by ur NOC (Netwrk Operatins Center). Daily encrypted snapshts f these databases are stred lcally t the facility and are als transprted ff site t an alternate facility fr disaster recvery purpses. Email is maintained in mail strage systems cnsisting f clusters f stateless accessr systems which access mail frm redundant strage devices. These devices are cnstantly mnitred fr perfrmance and utilizatin by ur NOC. Strage systems are prtected by RAID level disk redundancy, as well as daily snapshts. Email data can be restred t the last knwn snapsht in the event f a strage system failure r accidental deletin by a user. Security Plicy BlueTie has develped internal security plicies specifically designed t address physical, netwrk, system, and data security. These plicies include, but are nt limited t: Access Cntrl (Physical, System, Netwrk and Hardcpy) Centralized Desktp and Laptp Antivirus & Malware Prtectin Desktp and Laptp security plicies which enfrce rules surrunding: 8

Sftware Installatin and Usage Netwrk Accessibility Peridic Passwrd Resets Credential Failure Lckut Idle Screen Lcking Separatin f Respnsibilities (IT and Netwrk Security) Emplyee Backgrund Checks and Drug Screening Emplyee Custmer Data Cnfidentiality Agreements Cnclusin As businesses mve sensitive data t the Clud, SaaS prviders are faced with the grwing challenges assciated with keeping this data safe. Data breach, netwrk intrusin, r denial f service threats are cnstantly evlving and require experienced security prfessinals. BlueTie s multi faceted apprach t security, backed by stringent security plicies, industry leading threat prtectin, and mitigatin slutin deplyments help keep yur data private and safe. 2010. BlueTie, Inc. All rights reserved. BlueTie and the BlueTie lg are trademarks f BlueTie, Inc. Prducts r brand names referenced in this dcument are trademarks r registered trademarks f their respective wners. 9

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information