Security in the Sauce Labs Cloud. Practices and protocols used in Sauce s infrastructure and Sauce Connect



Similar documents
Security in the Sauce Labs Cloud

GiftWrap 4.0 Security FAQ

Famly ApS: Overview of Security Processes

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

Security Whitepaper: ivvy Products

UNIFIED MEETING 5 SECURITY WHITEPAPER INFO@INTERCALL.COM INTERCALL.COM

FINAL DoIT v.8 APPLICATION SECURITY PROCEDURE

Security & Infra-Structure Overview

Dooblo SurveyToGo: Security Overview

Privacy + Security + Integrity

Cloud Security Overview

KeyLock Solutions Security and Privacy Protection Practices

SECURITY DOCUMENT. BetterTranslationTechnology

ArcGIS Server Security Threats & Best Practices David Cordes Michael Young

Passing PCI Compliance How to Address the Application Security Mandates

Introduction to Cyber Security / Information Security

CLOUD FRAMEWORK & SECURITY OVERVIEW

Criteria for web application security check. Version

Security Whitepaper. NetTec NSI Philosophy. Best Practices

DiamondStream Data Security Policy Summary

Appendix to; Assessing Systemic Risk to Cloud Computing Technology as Complex Interconnected Systems of Systems

A Decision Maker s Guide to Securing an IT Infrastructure

join.me architecture whitepaper

PCI-DSS and Application Security Achieving PCI DSS Compliance with Seeker

Useful Tips for Reducing the Risk of Unauthorized Access for Network Cameras Important

BeBanjo Infrastructure and Security Overview

White Paper How Noah Mobile uses Microsoft Azure Core Services

Guidelines for Website Security and Security Counter Measures for e-e Governance Project

Security Policy JUNE 1, SalesNOW. Security Policy v v

Keyword: Cloud computing, service model, deployment model, network layer security.

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

Retention & Destruction

Security Controls for the Autodesk 360 Managed Services

Sophisticated Password Policy

FileCloud Security FAQ

Our Key Security Features Are:

1. Introduction. 2. Web Application. 3. Components. 4. Common Vulnerabilities. 5. Improving security in Web applications

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

BM482E Introduction to Computer Security

Sitefinity Security and Best Practices

Autodesk PLM 360 Security Whitepaper

IBX Business Network Platform Information Security Controls Document Classification [Public]

Administration Guide NetIQ Privileged Account Manager 3.0.1

modules 1 & 2. Section: Information Security Effective: December 2005 Standard: Server Security Standard Revised: Policy Ref:

Simone Brunozzi, AWS Technology Evangelist, APAC. Fortress in the Cloud

Five keys to a more secure data environment

What is Web Security? Motivation

Developing ASP.NET MVC 4 Web Applications MOC 20486

WEB SECURITY. Oriana Kondakciu Software Engineering 4C03 Project

MaaS360 Mobile Enterprise Gateway

Question Name C 1.1 Do all users and administrators have a unique ID and password? Yes

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting

Collaborate on your projects in a secure environment. Physical security. World-class datacenters. Uptime over 99%

JK0 015 CompTIA E2C Security+ (2008 Edition) Exam

Secure and control how your business shares files using Hightail

MIGRATIONWIZ SECURITY OVERVIEW

Developing ASP.NET MVC 4 Web Applications

Securing Data in Oracle Database 12c

CONTENTS. PCI DSS Compliance Guide

Cloud Contact Center. Security White Paper

SERENA SOFTWARE Serena Service Manager Security

Sophistication of attacks will keep improving, especially APT and zero-day exploits

Web Application Security

How to complete the Secure Internet Site Declaration (SISD) form

Repeater. BrowserStack Local. browserstack.com 1. BrowserStack Local makes a REST call using the user s access key to browserstack.

Cloud Security Framework (CSF): Gap Analysis & Roadmap

3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management

LIVE CHAT CLOUD SECURITY Everything you need to know about live chat and communicating with your customers securely

by New Media Solutions 37 Walnut Street Wellesley, MA p f Avitage IT Infrastructure Security Document

Creating Stronger, Safer, Web Facing Code. JPL IT Security Mary Rivera June 17, 2011

How To Control Vcloud Air From A Microsoft Vcloud (Vcloud)

APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST

Projectplace: A Secure Project Collaboration Solution

Attack and Penetration Testing 101

Basics of Internet Security

Integrating Single Sign-on Across the Cloud By David Strom

DRAFT Standard Statement Encryption

How To Secure Your Data Center From Hackers

Security Information & Policies

Recommended IP Telephony Architecture

MaaS360 Mobile Enterprise Gateway

Xerox Digital Alternatives Security and Evaluation Guide. May 2015 Version 1.1

Hosted SharePoint: Questions every provider should answer

Web Security School Entrance Exam

Web Application Report

How To Secure An Rsa Authentication Agent

12 Security Camera System Best Practices - Cyber Safe

Enterprise Application Security Workshop Series

FileRunner Security Overview. An overview of the security protocols associated with the FileRunner file delivery application

Transcription:

Security in the Sauce Labs Cloud Practices and protocols used in Sauce s infrastructure and Sauce Connect

Table of Contents page 2 page 4 page 6 page 8 page 9 page 10 page 11 Overview I. Sauce Labs Data Center Security II. System Administration Policies III. Virtual Machine Security IV. Sauce Connect V. Testing Securely on Sauce: Best Practices Conclusion We secure your data Our state-of-the-art data center offers enhanced security, flexibility and reliability We employ industry standard best practices We spin up a fresh, never-used VM for tests, which is destroyed after the test is completed We offer Sauce Connect to provide users with a secure way to test behind their firewall saucelabs.com How Sauce Labs secures your data 1

Overview It s impossible to deny that in this day and age internet security should be of high concern to businesses of all sizes, particularly those which rely heavily on the web to operate. According to the Ponemon Institute s 2012 study on cyber crime on US companies, cyber attacks rose 42% between 2011 and 2012, with an average annualized cost of cyber crime for companies in the study of $8.9 million per year. The study found that the most costly cyber crimes are caused by denial of service, malicious insiders, and web-based attacks, accounting for 58% of all cyber crime costs per organization annually. All this means that companies should take as many measures as possible to guard against cyber attacks. At Sauce Labs, we take security very seriously. We have built many industry standard security measures into our products and infrastructure to make them as secure as possible. You can test with confidence, knowing your data and code are safe in our cloud. Cyber attacks rose 42% between 2011 and 2012, with an average annualized cost of cyber crime for companies in the study of $8.9 million per year. saucelabs.com How Sauce Labs secures your data 2

Sauce Connect FIREWALL VMs ADMIN POLICIES DATA CENTER SECURITY CUSTOMER INFRASTRUCTURE This graphic shows the different structures, both physical and virtual, that users data flows through when connecting securely to the Sauce cloud from inside a firewall. At each step, we ve taken actions to ensure that your data is secure against attack. Read on to learn how we secure your data, from our data center to the architecture of Sauce Connect. saucelabs.com How Sauce Labs secures your data 3

SAUCE CONNECT ADMIN POLICIES DATA CENTER SECURITY CUSTOMER INFRASTRUCTURE I. Sauce Labs Data Center Security Sauce Labs security starts with our data center itself and its machines. Our data center, located in Silicon Valley, employs many physical security measures to protect the center from intrusion, including restricted access to the premises, surveillance, and a secure cage for our machines with access restricted to select personnel. We re also expanding our data center to a new facility that maintains advanced security and reliability measures. The center has undergone independent audits to assess its design and operational effectiveness. We chose this data center specifically because the facility employs measures that ensure it is flexible, reliable, and secure. The enterprise-grade facility allows us saucelabs.com How Sauce Labs secures your data 4

to make fiber connections to companies in the network, which is more secure than a standard internet connection. The data center gives us enhanced flexibility and reliability in several ways. First, the center is powered by Silicon Valley Power, which, according to an ongoing nationwide survey by PA Consulting Group, ranks in the top quartile for several measures of reliability. Backup power can be supplied, with three backup Caterpillar generators on site, along with uninterruptable power supply, giving the facility N+1 redundancy. Climate control keeps the data center s environment stable, with two 1100 ton cooling towers and 18 million total BTUs for the facility. Dry-pipe and pre-action sprinkler systems provide fire protection. Physical security is also of high priority for the facility, with 62 cameras throughout the data center, on-site guards, proximity card readers, and biometric and keypad access control. Our data center is very reliable Restricted access to the Silicon Valley premises 24-hour surveillance Powered by the highly-ranked Silicon Valley Power Backup power generators Climate control to keep the data center s environment stable saucelabs.com How Sauce Labs secures your data 5

SAUCE CONNECT ADMIN POLICIES DATA CENTER SECURITY CUSTOMER INFRASTRUCTURE II. Administration Policies The next area where we ve designed security measures is our network system itself. The Sauce system uses Ubuntu LTS, an operating system that s well-known for being fast and secure. Ubuntu LTS is designed to be enterprise focused, well-tested, and provides a Mandatory Access Control (MAC) system. We chose Ubuntu LTS specifically because it receives regular security patches & upgrades, so we can be confident that it remains secure over time. The Sauce network also uses the Secure Shell (SSH) network protocol, the industry standard for secure data communication over insecure channels such as the internet, with access by individual private keys assigned to a limited number of Sauce developers. SSH provides strong security by saucelabs.com How Sauce Labs secures your data 6

authenticating both the client and server ends of communication using RSA key pairs, and encrypting all traffic. We also use good web development practices in our code to secure our website. We employ industry best practices to minimize cross-site scripting, which can present a serious vulnerability to website security. Some of these include using safely escaping templates, setting domain policy to avoid CORS, architecting code to avoid SQL injection by using prepared statements and parameterized queries, performing data validation, and using known and vetted JavaScript libraries. In spring of 2012 we conducted a 3rd party security assessment of our site and application, and made recommended adjustments based on the findings. A few of the adjustments implemented included further securing password storage, ensuring debugging features are disabled in production, implementing secure cookies, and disabling auto-complete. We employ industry best practices Use safely escaping templates Set domain policy to avoid CORS Architect code to avoid SQL injection by using prepared statements and parameterized queries Perform data validation Use known and vetted JavaScript libraries saucelabs.com How Sauce Labs secures your data 7

SAUCE CONNECT ADMIN POLICIES DATA CENTER SECURITY CUSTOMER INFRASTRUCTURE III. Virtual Machine Security Sauce Labs also maintains very high standards for our VM security. Every time you run a test through Sauce Labs, we spin up a fresh, never-used VM for your test, which is destroyed immediately after you complete your test. VM s are never reused for multiple tests or users, and all data is only recorded to RAM, never to disk. Our strategy of never allowing your data to be written to disk greatly reduces the threat that it could be accessed by unauthorized parties. We also feel very strongly that spinning up new VMs for every test is the only truly reliable way to ensure that a 3rd party cannot access your internal network and that your data cannot be captured and sent to a 3rd party. By avoiding the unsolvable problem of saucelabs.com How Sauce Labs secures your data 8

guaranteeing a system secure across anonymous use, we instead guarantee a system that has never and will never be used by any customer besides you. Our VMs are also configured not to allow any outside inbound connections. As for assets recorded from tests, such as screenshots, videos, and logs, we store them in an Amazon S3 private bucket, and delete them after 30 days. Users who are concerned about the existence of test assets can choose to disable recording of test assets, in which case they will not be recorded at all. Our VMs are secure We spin up a fresh, never-used VM for your test VMs are destroyed after your test runs VMs are never reused for multiple tests or users All data is only recorded to RAM, never to disk Our VMs are configured not to allow any outside inbound connections. saucelabs.com How Sauce Labs secures your data 9

SAUCE CONNECT ADMIN POLICIES DATA CENTER SECURITY CUSTOMER INFRASTRUCTURE IV. Sauce Connect All of these security measures, though, would be for naught if our tunneling system to connect your firewalled servers to our cloud were not secure. This is why we designed Sauce Connect specifically to provide users with a secure way to test behind their firewall, using enterprise-grade security to proxy browser traffic between your local servers and Sauce VMs. Sauce Connect can also be configured to use a customer web proxy. Security begins with the protocols and policies we employ for Sauce Connect. All data is encrypted and transmitted via industry-standard SSL, using the AES-256 cipher, which is saucelabs.com How Sauce Labs secures your data 10

considered among the top ciphers. Sauce Connect also uses a caching web proxy to minimize data transfer. When you connect to the Sauce cloud using Sauce Connect, a tunnel is opened between your local server and a Sauce VM. During test runs, cached images are served to browsers running tests. Anything remaining in the cache at the end of a test run is completely destroyed when Sauce Connect is stopped. Additionally, we designed Sauce Connect with server-side measures meant to protect users networks. Sauce Connect creates a dynamically controlled firewall that only allows VMs currently running a user s test access to the server-side of Sauce Connect, which prevents any outside connection and any other VMs in the Sauce cloud from connecting to a local server. We make it safe for you to test behind the firewall Employ enterprise-grade security to proxy browser traffic between local servers and Sauce VMs Configure Sauce Connect to use a customer web proxy as well Encrypt all data and transmit it via industry-standard SSL Destroy anything remaining in the cache at the end of a test run when Sauce Connect stops Sauce Connect prevents any outside connection and any other VMs in the Sauce cloud from connecting to a local server saucelabs.com How Sauce Labs secures your data 11

V. Testing Securely on Sauce: Best Practices We ve built many security measures into our data center, VMs, and Sauce Connect, but we ve also developed best practices for how to properly use Sauce Connect for the most secure connection possible. We recommend allocating a machine just for running Sauce Connect, and firewalling that machine according to your company s standard. This way, you are in full control of the security of that machine, and can meet your own policies and standards for securing the machine. We also recommend firewalling the application under test from your internal infrastructure, so it retains as much separation from your internal systems as possible. Furthermore, we encourage you to follow testing best practices and use no production data in your testing environment, or anonymize all sensitive information such as PII. No real data should be used in your testing environments. One last best practice for using Sauce Connect is to make sure you are writing your tests as if you are testing locally, as opposed to connecting to the Sauce cloud itself. We recommend allocating a machine just for running Sauce Connect, and firewalling that machine according to your company s standard. saucelabs.com How Sauce Labs secures your data 12

Conclusion Testing your apps behind a firewall is safe and secure thanks to Sauce Connect. Setting it up is easy, and testing using its secure tunnels is even easier. From our data center to Sauce Connect itself, we ve designed all our systems to be safe and reliable. For enterprise users who want the capacity and ease of testing in the cloud, Sauce Connect and the Sauce cloud present a secure solution that gives you a pristine, unused, and protected environment for testing your apps. saucelabs.com How Sauce Labs secures your data 13

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information