Introduction The presents a description of Qvidian s Software as a Service (SaaS) deployment model, providing information on the Qvidian architecture and security practices. This document includes descriptions and requirements for system, network, security, and operational and environmental components that comprise Qvidian s hosted product service offering. About Qvidian Qvidian provides cloud-computing applications that improve sales effectiveness. We enable sales organizations to confidently engage prospects and win more often using proven, dynamic tools, and integrated best practices. Qvidian Sales Playbooks and Analytics provide sales people with automated guidance, information, and sales best practices tailored to each unique selling situation all within salesforce.com. Qvidian makes it easier for sales people to close more deals by streamlining sales complexity into a repeatable process and as a result clients are seeing average deal sizes increase by upward of two and a half times. Qvidian Proposal Automation has increased win rates and improved productivity for some of the world s largest and most successful corporations. On average, our customers increase their win rate by 38% and improve productivity by 45%.To discover what Qvidian can do for your sales organization, go to www.qvidian.com. Production Environment The Qvidian production environment is hosted within a datacenter facility which provides a secure, highly reliable environment for the Qvidian offering. The datacenter provider, a global leader in providing companies advanced networking and hosting solutions to help ensure business productivity and continuity, serves customers in over 60 domestic and international datacenters. Features of the facility include: Multiple layers of physical security provided by biometric and card access systems, 24x7 security guards, and video security system Newly constructed with a focus on the latest advances in Green technology to provide a more efficient and environmentally friendly hosting option Fully redundant cooling and environmental control systems Redundant external power sources Redundant generator and UPS power supplies Fire detection and suppression Multiple ISP connections The building is a single-use facility dedicated to colocation and related services. The provider is the sole operator of the facility and its 31,000 square feet of raised floor space. The data center is SASE16 type SOC2 certified. Physical Security The data center s security is monitored via a state of the art security system utilizing CCTV cameras, card access controls, and biometric identification. The systems are monitored 24/7 by on site security personnel. The systems are designed to monitor all access and activity within the facility. 1
Environment Controls The building utilizes its Green Build construction, as well as N+ 1 mechanical system to maintain constant temperature and humidity levels within the data center regardless of outside weather conditions. The building is environmentally segregated into three zones; raised floor space, UPS Systems, and the peopleoccupied areas of the building. Power Management The electrical system is designed to provide clean and reliable AC power. The system can be broken down into three components; the external feed, the distribution system, and the emergency generation system. The external feed is provided via a robust feed with sub-station redundancy. The distribution system consists of four 675KW Three Phase UPS for N+1 redundancy. Each circuit breaker is backed by diverse power distribution units and UPS infrastructures with individual monitoring upon each circuit. The emergency generation is provided by three 2-MW Generators in parallel with 24 hours of on-site fuel and extended fuel contracts with multiple providers. Disaster Recovery Environment The Qvidian backup datacenter is hosted at an offsite facility which provides a secure, highly reliable environment for the Qvidian offering. This data center provider is also a global leader in providing companies managed hosting solutions to help ensure business continuity and serves more than 25,000 customers in over 50 countries. Features of the facility include: Server space secured by a card access system, security guards, and video security system Raised floor for easy access to power connections and superior air flow Fully redundant air conditioning Redundant power sources Uninterrupted power supply (UPS) Diesel Generator Fire Suppression Multiple, redundant, secured router connections to the High-Speed Data Network (HSDN) Geographically remote from primary datacenter (2,600+ miles of separation). The data center facility is 102,000 square feet and comprised of a managed services area in the center of the building surrounded by traditional work area seats. Security on site is 24x7x365 with customers issued badges upon arrival with sole access to assigned work areas. The data center is SASE16 type SOC2 and ISO 9000 certified. 2
Physical Security The data center is monitored by a security system, which consists of two integrated systems: A state of the art security system and closed circuit television cameras (CCTV). Both systems are monitored by a 24/7 security guard service. The systems are designed to monitor all activity in the building and data center facilities. All access doors are monitored and alarmed for tamper protection. All customers are required to sign in at the security desk and to use their access card when entering the building. The access system has multiple security zones and is restricted to what the visitor needs access to. All visitors are required to sign in at the security desk where they will be given a soft ID badge that will automatically expire after 12 hours. Visitors will be escorted through the data center facilities at all times with an authorized representative. The CCTV system records and monitors activity inside and outside the = facilities 24x7x365; this system links the carder reader access and CCTV video clips for certain access doors. HVAC Facility is equipped with a total of 43 CRAC units. Nineteen 30-ton Liebert CRAC units support the main data center floor; 14 30-ton Stultz CRAC uinits for the new floor space, and ten 25-ton Stultz CRAC units support the electrical room, MDF Room and Recovery Services Center. Fire Suppression Protected by VESDA early smoke detection system, FM-200 under-floor fire suppression, a preaction sprinkler system and Intella-Scan graphics annunciator. Power Management The datacenter electrical infrastructure is designed to handle failure at any load-handling device without causing systems upstream or downstream of the load being affected. This system consists of three major components, a diverse route primary feed with substation redundancy, a distribution system and an emergency power generation system. Power Distribution Units These units provide comprehensive power conditioning including deep sag protection, transient voltage protection, single-phase protection, and harmonics protection. All of the PDU s are located within the secured Hosting Center. The data center monitors all electrical conditions in one command center area located at the security desk. All circuits are traced to the security panel, which can identify a failure specific to a client s cabinet, whether in the common or secured suite areas. 3
System Design Performance The production environment is tested for load capacity and scalability prior to deployment into production to ensure that the system can meet the demands for capacity and for load. In the event that environmental thresholds are exceeded and would impact performance, the environment is scalable to allow for system growth to meet demand. Virtualized load balancing is employed at both the web and application tiers. Load is spread over multiple physical servers at both the web and application levels to provide for high level of performance and availability. Additionally, all data repositories are clustered using n+1 to ensure availability. Patching and Upgrades All critical and security patches are applied within 24 hours of qualification if applicable. All bug and fix patches are applied on a regularly scheduled basis when and if applicable. All software and OS update patches, including service packs, are applied on a scheduled basis if applicable. All patches, regardless of criticality, are applied deliberately once testing and validation have been performed in an equivalent test environment. Except for critical security patches, all other patches are applied during normal maintenance windows. Qvidian uses methods that automatically apply operating system and device hot fixes and updates on a regular basis. These patches are qualified in two environments prior to being deployed to the production environment to ensure reliability. Machines report daily to a master server and compare what the Administrator has approved with what is currently installed on the server. Anti-Virus Anti-virus is configured on all hosts. Updates to the antivirus product are done regularly and automatically as the vendor releases new signature files. Regular complete scans take place and issues are investigated and remediated when a virus is detected (notification is immediate to on-call personal). Measures are in place to mitigate the anti-virus outbreak. Qvidian has the ability to limit communication between hosts down to the port level in the event of a virus outbreak. Backup, Media Retention and File Restoration Customer data is backed up regularly as described below, and is stored at an off-site location managed by a third party provider. Backup data is retrievable on demand immediately or within four hours if physical media is needed. Data is backed up via industry standard commercial backup software and exists throughout the completion of the data retention lifecycle, which is 60 days from time of initial backup. Backup Schedules Differential: On any workday, all files created on the server (new or changed since the previous full backup) are backed up in the evening s backup run. Full: On specified days, the backup run will include every file on the server. Full backups occur weekly. Offsite Storage All data is stored on near-line storage in addition to being exported electronically via the network. Data remains stored for the 60 day retention period and deleted. 4
Discontinuation of Backup Service When a customer Instance is terminated, Qvidian deletes the Instance from the hosted environment and no longer performs backup activities on the Instance. The data will exist at Disaster Recovery secure storage location through the completion of the data retention lifecycle. System Monitoring Operations Monitoring is provided on a 24x7x365 basis from an on-site staff of system operators and network analysts. Automated monitoring tools are used to proactively detect potential and actual risks to the environment, and help ensure uninterrupted processing of critical business processes. Automated agents monitor system presence on the network, examine resource utilization, and test functionality. Tools used for remote access to the production environment require encryption and authorization. Auditing is enabled on these processes. In the event that a system becomes degraded or any installed health check identifies a problem, alarms are generated and appropriate notifications are made. Real-time and historical performancetracking statistics are provided on a CPU level, ensuring proper proactive server management. All systems are monitored for network connectivity, server availability, operational health, performance and component utilization using standard network tools. This is further augmented by including monitoring of application processes, such as Web servers and other open standard systems applications. Specific areas of support are: Automated server monitoring: For each server, CPU, memory, disk space thresholds and critical processes are monitored. A trouble ticket is opened within 15 minutes for any critical alarm and a Systems Operator will respond according to the instructions for that server and/or failure type. Backup Monitoring: Backup process and offload of data is monitored to ensure conformance to agreedupon standards. Failures for scheduled backups are monitored, triaged and re-run by the Operations Staff where appropriate. Subsequent failures are ticketed and investigated within one day. Security and Intrusion Monitoring: Various tools and systems are maintained to monitor the security of the systems and networks. These include an Intrusion Detection System (IDS) that monitors for attempts to gain unauthorized access to the systems; Access Control Lists (ACLs) to specify and control access privileges; Redundant Firewall control and packet monitoring; Web Application Firewalls to scan for potential attacks; and Content Integrity Monitoring that establishes baseline profiles of specified files and alarms when an anomaly to those baselines occur. Change Management The following Change Management process is followed by Qvidian to ensure proper modification of resources: Change entry made by opening a Change Request Ticket in response to a request/internal business requirement Change assessment is made to analyze the change for feasibility, risk, and impact to the environment. An impact level is assigned, along with an estimated delivery date, and resource to conduct the change. Changes that have zero impact are implemented as soon as possible. Change preparation of the environment is conducted to ensure the change is ready to be implemented which includes testing and restore activities as needed. 5
Change review occurs weekly or as needed to review the list of changes with technical groups and client management teams (Change Review Board). Changes that are approved during review are scheduled for install. Requests that are denied are documented with reasons for denial. All change schedules are dependent on impact level and Qvidian s authorization. Change install is the actual activation and verification of a change; which may require a service disruption to the component being changed, or completed during scheduled maintenance periods. Network Design Network Management All production networks are secured by firewalls with active content filtering which are monitored real-time. Intrusion Prevention Services (IPS)/Intrusion Detection Services (IDS) devices are employed both by external entities and internal IT. Firewalls are industry standard commercial grade. All security devices are configured for regular alerting if certain events occur. All components are members of an anti-virus system which is monitored real-time for viruses and outbreaks. Specifically the following measures are in place: IDS and IPS devices are in place and are regularly updated with new signatures and classifications automatically from the vendors of said devices. A security team is alerted via email/sms/pager and consoles when a monitored condition is triggered. The IDS and IPS devices(s) may initiate an action dependent upon the condition of the security event. In all instances the security team is activated and specific protocols are put into place following a pre-designated IRP (Incident response plan). Maintenance and monitoring of all network devices up to but not including, the Internet facing routers are conducted by Qvidian. Qvidian conducts regular vulnerability and penetration tests and updates its security posture based upon these regular security assessments. Security Security Management Qvidian has instituted strong security structure and policies to assure that Qvidian and customer data is maintained in a secure environment. All security policies are documented and signed in agreement by all employees and contractors that have access to the production system. Internal security audits (vulnerability and penetration tests) are done on a regular basis. The Qvidian system is used to store sales tools, strategies and content used for both internal company purposes and with external parties. The only constituent information stored in the Qvidian system are information that the client uploads to the system and usage data about that information. The following highlights Qvidian s security applications and model: Host hardening processes (based on vendor best practice standards) Host and network level Antivirus Regular Operating System, device and application vulnerability scans File level security 6
Access/change logging and monitoring Managed firewalls with active content filtering Web Application Firewalls IDS/IPS monitoring and reactive processes Separate customer data repositories All infrastructure components are maintained in segregated DMZ s with web service components being made available via the Internet through multiple firewalls. All data repositories are securely maintained internally with no access from the Internet and limited system-to-system communications. All networks are secured by firewalls which are monitored real-time. In addition, Intrusion Detection Systems (IDS) are used to monitor, alert, and react real-time to threats, attacks, and intrusions. Regular vulnerability and penetration tests are conducted and Qvidian makes changes to its security posture based upon regular security assessments. No direct external connection is allowed to the backend production environment components. System hardening, ACLs, routing, firewall rules, and IDSs are used to ensure appropriate access restrictions are enforced. Data stored in databases is secured by access controls that are regulated by client administrators. System Access Management Only Qvidian employees that have a valid operational need to access production systems are granted access and therefore, only IT personnel with explicit (via their job description) responsibility for SaaS operations are granted access to the application/system. Qvidian practices a policy of least rights in regard to network access. Access to network systems is delineated by need only. If roles change, then appropriate access controls are put in place to mitigate improper access. During quarterly security reviews, all user and system accounts are reviewed on both need and scope and managed accordingly. All employees are bound by a Non- Disclosure Agreement (NDA). In the case of a terminated employee, Human Resources initiates the deactivation of the employee account and access bound by the date of termination. This includes all physical and network access. Reference checks are conducted on all candidates before hire, and criminal background checks on all employees who have access to data center infrastructure or customer data. Business Continuity Qvidian provides for full business resumption of its production environment in the event of a major and prolonged outage of service (i.e., in the wake of building damage causing the actual loss of a server). Recovery services are contracted through a third party disaster recovery provider,. Qvidian s business continuity plan provides recovery of the Qvidian production environment. The following provides a general overview of the types of activities that occur if a disaster or local failure occurs at the production site Regular electronic backups stored at an off-site location, retrievable on demand Hardware/service contracts that allow for replacement of failed hardware within four (4) hours, same day. Local backup copies are maintained on-site for immediate recovery. Failover in cases where a disaster occurs and facility is not useable for a period of 4+ hours. 7
In the case of a declared disaster (e.g. a disruption that causes the entire production facility to be offline for an extended period of time), Qvidian, will perform the following activities: Engage in emergency response procedures due to disaster declaration Notify all key personnel that a disaster has been declared and assign tasks focused on the recovery plan Notify all customers that a disaster has been declared and communicate estimated downtime if possible Qvidian will redirect all traffic to the disaster recovery location that Qvidian has made available for Business Continuance. The disaster recovery site is geographically remote (2,600+ miles) from the primary facility If necessary, electronic media is queued for delivery Update website and all production data Testing will be done by the appropriate Qvidian teams, and when confirmed, the production environment will be made available to Qvidian customers. Set up time of the environment from initial disaster notification is 4 hours, with up to an additional 24 hours required to restore customer data. All business continuity and disaster recovery scenarios are tested annually. Testing consists of application security and service patch distribution, hardware and application operability, virus definition distribution, and data verification. Catastrophic Loss Catastrophic losses are considered events that entail the destruction of the hosting facility. In the event of a Force Majeure, Qvidian will not be liable for delays in returning service. Where possible, Qvidian will invoke its disaster recovery plan to allow service to be restored in the shortest possible time. If the hosting facility is not able to be recovered in a reasonable time, the DR facility will become the permanent facility. Qvidian has an Incident Response Team (IRT) in place to engage when needed. The plan is based around the National Institute of Standard and Technology (NIST) standard. Non-Disaster Scenarios A non-disaster is defined as a localized failure of hardware that does not affect the entire facility or provided service. In the event of a local hardware failover the following process is followed: Monitoring alerts Qvidian of the localized failure Service call is open with all contracted vendors Vendor technicians in conjunction with Qvidian are dispatched to the datacenter for any/all necessary hardware replacements Failovers are forced if needed Hardware is replaced/fixed Data restoration commences as needed 8
Verification of service restoration and data integrity is done by Qvidian and other departments as needed. 9