Astaro Mail Archiving Service Version 1.0

Similar documents
Astaro Services AG Rheinweg 7, CH-8200 Schaffhausen. Supplementary data protection agreement. to the license agreement for license ID: between

Evolved Backup Features Computer Box 220 5th Ave South Clinton, IA

eztechdirect Backup Service Features

Cloud Computing: Legal Risks and Best Practices

How To Backup Your Hard Drive With Pros 4 Technology Online Backup

Security Is Everyone s Concern:

Who Controls Your Information in the Cloud?

Introduction. Ease-of-Use

Article 29 Working Party Issues Opinion on Cloud Computing

Autodesk PLM 360 Security Whitepaper

SVA Backup Plus Features

Online Backup Solution Features

Dionseq Uatummy Odolorem Vel Layered Security Approach

White Paper DocuWare Cloud. Version 2.0

SAP HANA Cloud Platform Frequently Asked Questions - Business

techsafe Features Technology Partners th Street - Vero Beach, FL (772) Page 1/

HIPAA Privacy & Security White Paper

HIPAA Security Matrix

PROTECTING YOUR VOICE SYSTEM IN THE CLOUD

Enterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH. White Paper February

Solutions for Encrypting Data on Tape: Considerations and Best Practices

New Relic EU Data Protection Whitepaper

Using AWS in the context of Australian Privacy Considerations October 2015

STREAD CLOUD BACKUP MILITARY-GRADE ONLINE BACKUP BUILT FOR YOUR BUSINESS

Exposing the Cloud: It It s More than a Buzzword Tim Connors, Director, AT&T AT&T

Security and Data Protection for Online Document Management Software

Dean Bank Primary and Nursery School. Secure Storage of Data and Cloud Storage

CallRail Healthcare Marketing. HIPAA and HITECH Compliance for Covered Entities using Call Analytics Software

Security, trust and assurance

Minimizing Computer Data Loss Risks With Online Backup. Seven Devastating but Common Computer Backup Mistakes

RAYSAFE S1 SECURITY WHITEPAPER VERSION B. RaySafe S1 SECURITY WHITEPAPER

CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES:

egistics Document & Data Management for Banks and Third-party Processors

COMLINK Cloud Technical Specification Guide CLOUD DESKTOP

Storage Guardian Remote Backup Restore and Archive Services

Comprehensive Archiving as a Service

Data Processing Agreement for Oracle Cloud Services

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

Access Control & Surveillance. Business Phone Systems. Data Storage & Recovery. Managed IT Services

BUYER S CHECKLIST Criteria for selecting an archiving solution

Deduplication and Beyond: Optimizing Performance for Backup and Recovery

General Disposal Authority. For encrypted records created in online security processes

Druva Phoenix: Enterprise-Class. Data Security & Privacy in the Cloud

Cloud Software Services for Schools

Newcastle University Information Security Procedures Version 3

Designing, Optimizing and Maintaining a Database Administrative Solution for Microsoft SQL Server 2008

Solution Brief for ISO 27002: 2013 Audit Standard ISO Publication Date: Feb 6, EventTracker 8815 Centre Park Drive, Columbia MD 21045

The EVault Portfolio

Dartmouth College Merchant Credit Card Policy for Processors

Alliance AES Key Management

Things You Need to Know About Cloud Backup

DEMO ONLY VERSION. Easy CramBible Lab C90-02A. SOA Cloud Technology Concepts. ** Single-user License **

Information Security Policies. Version 6.1

DESTINATION MELBOURNE PRIVACY POLICY

Zmanda Cloud Backup Frequently Asked Questions

INFORMATION SECURITY GUIDE. Cloud Computing Outsourcing. Information Security Unit. Information Technology Services (ITS) July 2013

MS Design, Optimize and Maintain Database for Microsoft SQL Server 2008

Data Protection: From PKI to Virtualization & Cloud

Why You Should Consider Cloud- Based Archiving. A whitepaper by The Radicati Group, Inc.

Enterprise Backup Overview Protecting Your Most Important Asset

Should You Outsource Your ?

Type of Personal Data We Collect and How We Use It

Product Overview. UNIFIED COMPUTING Managed Load Balancing Data Sheet

Using Data Encryption to Achieve HIPAA Safe Harbor in the Cloud

ImageMaster. ECM Solutions.

Your Content refers to the information that you wish to transfer using our Services.

Ensuring Enterprise Data Security with Secure Mobile File Sharing.

Service Level Agreement (SLA)

Pierce County Policy on Computer Use and Information Systems

Frequently Asked Questions

DGPeterson, LLC. HIPAA Security Auditors Report. Prepared for: Vigilant Medical, LLC Date: January 28, HIPAA Privacy & Security Consulting

TABLE OF CONTENTS. pg. 02 pg. 02 pg. 02 pg. 03 pg. 03 pg. 04 pg. 04 pg. 05 pg pg. 10. Feature-Benefit Summary How It Works. 1

PRIVACY AND DATA SECURITY MODULE

Cloud Computing Security: Public vs. Private Cloud Computing

Compliance in 5 Steps

Key Considerations and Major Pitfalls

Backup and Archiving Explained. White Paper

HIPAA Compliance for the Wireless LAN

Cloud Relay Solution. Whitepaper

Brochure Achieving security with cloud data protection. Autonomy LiveVault

A Modern Guide to Optimizing Data Backup and Recovery

Corporate Policy. Data Protection for Data of Customers & Partners.

CCBE RESPONSE REGARDING THE EUROPEAN COMMISSION PUBLIC CONSULTATION ON CLOUD COMPUTING

YubiCloud OTP Validation Service. Version 1.2

Microsoft SQL Server 2008 R2 Enterprise Edition and Microsoft SharePoint Server 2010

ADDENDUM TO THE BLACKBERRY SOLUTION LICENSE AGREEMENT FOR BLACKBERRY BUSINESS CLOUD SERVICES FOR MICROSOFT OFFICE 365 ( the ADDENDUM )

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

CU*ANSWERS DISASTER RECOVERY TEST GAP ANALYSIS JUNE 12, 2014

Security Overview Enterprise-Class Secure Mobile File Sharing

Basic knowledge of the Microsoft Windows operating system and its core functionality Working knowledge of Transact-SQL and relational databases

CBIO Security White Paper

WHITE PAPER. HIPPA Compliance and Secure Online Data Backup and Disaster Recovery

ARCHITECTURAL OVERVIEW Availability Service (EAS) with Activ box

Evaluation of Cloud ONTAP and AltaVault using AWS

For more information on how to build a HIPAA-compliant wireless network with Lutrum, please contact us today!

The Nasuni Security Model

Cloud Data Protection for the Masses

Projectplace: A Secure Project Collaboration Solution

Addressing Legal Discovery & Compliance Requirements

Transcription:

Astaro Mail Archiving Service Version 1.0 Process documentation Table of Contents 1. Introduction... 2 2. Overview... 2 2.1 Production Cloud... 3 2.2 Backup Cloud... 3 2.3 Control Cloud... 3 2.4 Access protection... 4 3. Processes... 4 3.1 Data transmission & processing... 4 3.2 Data storage... 4 3.3 Accessing data (User/Export/Deletion)... 5 4. Failure protection & availability... 5 2010 Astaro Archiving AG. 1

1. Introduction Astaro Mail Archiving (AMA) offers to archive e-mails as a service provided by Astaro Archiving AG (Astaro). E-mails to be archived are transmitted in encrypted form to the archiving service which can be accessed centrally via the Internet. The e-mails are then indexed, archived and made available at any time for authorized user inquiries by the Customer. As a cloud-based solution, AMA offers great administration, scalability, availability and security advantages. Astaro has many years of experience in Internet security-related matters. This extensive expertise particularly enables Astaro to safeguard the data protection, access protection and availability of AMA. This document explains the internal processes and structure of AMA, as well as protective measures for comprehensive data and access protection. 2. Overview The AMA infrastructure comprises a number of servers which process different areas of tasks. 2010 Astaro Archiving AG. 2

Astaro differentiates here between Production, Backup and Control Clouds whose operations are separated physically and geographically in separate hosting environments. This separation also serves to divide powers in order to maximize access and data protection. This section will describe the tasks of the different cloud components before examining the individual processes. 2.1 Production Cloud Astaro operates two independent AMA infrastructures in the USA and the European Union (EU). This ensures that data belonging to a customer in the EU is stored in its entirety and exclusively in an EU member state at all times. Customers from the United States or from other non-eu countries use the AMA infrastructure in the USA. The same processes, guidelines and technical measures also apply there. At no point is data exchanged between the regions. There is a complete, redundant production environment in place in each region. The highly scalable server instances in the Production Cloud can be extended any time and are responsible for the acceptance, processing and encrypted storage of e-mails. Data cannot be accessed via the individual physical systems in the IT datacenter within the production environment. All access must take place via the Control Cloud. Customer keys for cryptographic processing of the e-mails which are being archived are saved exclusively in the Control Cloud, and access is only granted temporarily to the system during the processing time. A distinction is made between front-end servers, back-end servers and a separate storage network within the Production Cloud. All servers work with encrypted data partitions whose keys are stored centrally in the Control Cloud and are only transmitted during runtime. When processing customer e-mails, the customer-specific key for encrypting and decrypting e-mails is also required. Astaro ensures that this key is only ever stored on closed back-end servers which are externally inaccessible. Access takes place exclusively in runtime via special program interfaces. 2.2 Backup Cloud The Backup Cloud is operated within the EU, geographically separated from both production regions. All archived e-mails are automatically backed up in this additional stage of security. The data stored here is encrypted at all times. 2.3 Control Cloud The control system is a component which is important for compliance with data protection guidelines. It also works in a separate Control Cloud. Central tasks are access protection, administration and control of data keys, as well as monitoring of the overall system. 2010 Astaro Archiving AG. 3

2.4 Access protection Astaro has implemented extensive mechanisms for protecting both physical access to the cloud systems, as well as data access. Where legally permitted, operators at Astaro, who are contractually bound, have been vetted and been carefully selected. Physical access to the individual systems in the Production Cloud is limited to local operators. Central administration of all data access via the Control Cloud prevents access to the data on site or the release of data to third parties with court authorization. Physical access to the individual systems in the Backup Cloud is limited to local operators. Since this solely involves the backup of data which has already been encrypted, saved data cannot be processed or released to third parties with court authorization. The Control Cloud supports physical access and restricting access to selected Astaro operators. The surrender of data keys or the enabling of third-party data access can only take place exclusively within the scope of legitimate legal means. 3. Processes 3.1 Data transmission & processing E-mails are transmitted from the customer's e-mail server to the AMA Production Cloud in an encrypted form. AMA does not support the acceptance of unencrypted data! During the acceptance process, the data is protected against loss and unauthorized access at any time by a redundant and encrypted queue. During the processing phase, the e-mails are indexed, compressed and are then encrypted individually with the corresponding customer key. It should be noted that each customer is assigned a separate key, which means that data is always filed away in the correct customer archive. It prevents the possibility of accidental, cross-customer access to e-mails. 3.2 Data storage The archived data is stored definitively in encrypted and redundant form in high-availability storage systems in each cloud region. Parallel to storage, an encrypted backup copy of each archived e-mail is created in the Backup Cloud in order to afford customer data optimum protection. 2010 Astaro Archiving AG. 4

3.3 Accessing data (User/Export/Deletion) Once e-mails have been archived, they can be accessed in a variety of ways: By authorized, authenticated end users (for example, for research purposes) By authorized, authenticated auditors (for example, for requesting deletions) Via automatic AMA processes for the reliable deletion of e-mails once the period of compulsory retention has elapsed By way of a request from the customer to export the archive. Users are authenticated either via the customer's login server or alternatively via local user databases in the AMA system. In all cases, the backed-up key for decrypting e-mails is required in order to access archived data. The key can only be requested temporarily on back-end servers and via defined program interfaces. 4. Failure protection & availability All the systems in AMA are redundant in design and distributed geographically. Furthermore, routine, automatic data backups guarantee enhanced protection against unforeseen events. The redundant and highly scalable system architecture provides for constant availability and flexible scaling as requirements increase. Both server and storage resources that are required are adapted automatically and guarantee high-performance access. Maintenance work is generally executed in such a way that archive access is not hindered. Where work requires brief interruptions to the AMA service, this takes place outside main business hours by prior notification, where possible. 2010 Astaro Archiving AG. 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information