SAS SOLUTIONS ONDEMAND

Similar documents
1 Data Center Requirements

WHITE PAPER. Title. Managed Services for SAS Technology

What can the OnBase Cloud do for you? lbmctech.com

TB+ 1.5 Billion+ The OnBase Cloud by Hyland 600,000,000+ content stored. pages stored

University of Pittsburgh Security Assessment Questionnaire (v1.7)

AUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE

WHITE PAPER. Solutions OnDemand Hosting Overview

Continuity of Business

Data Storage, Recovery and Backup Checklists for Public Health Laboratories

SERVICE DESCRIPTION MANAGED BACKUP & RECOVERY

The Common Controls Framework BY ADOBE

AppPulse Point of Presence (POP)

INFORMATION SECURITY- DISASTER RECOVERY

Automate sharing. Empower users. Retain control. Utilizes our purposebuilt cloud, not public shared clouds

Version v November 2015

Solution Pack. Managed Services Virtual Private Cloud Security Features Selections and Prerequisites

VMware vcloud Air SOC 1 Control Matrix

IBM SmartCloud Notes Security

Application Lifecycle Management on Softwareas-a-Service

Document Sub Title. Yotpo. Technical Overview 07/18/ Yotpo

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Certified Information Systems Auditor (CISA)

SERVICE DESCRIPTION MANAGED FIREWALL/VPN

April Appendix 3. IA System Security. Sida 1 (8)

locuz.com SOC Services

AWS continually manages risk and undergoes recurring assessments to ensure compliance with industry standards.

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

emarketeer Information Security Policy

IBM Security Intelligence on Cloud

SECURITY & PRIVACY DOCUMENTATION

7.16 INFORMATION TECHNOLOGY SECURITY

Trust Services Principles and Criteria

Total Security Management PCI DSS Compliance Guide

SECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry

Internal Audit Report DATA CENTER LOGICAL SECURITY

2.4. Target Audience This document is intended to be read by technical staff involved in the procurement of externally hosted solutions for Diageo.

Altius IT Policy Collection Compliance and Standards Matrix

Cloud Services. Introduction

Inventory and Reporting Security Q&A

QuickBooks Online Security White Paper July 2017

CTS performs nightly backups of the Church360 production databases and retains these backups for one month.

Data Security & Operating Environment

Security. ITM Platform

White Paper The simpro Cloud

TECHNICAL INFRASTRUCTURE AND SECURITY PANOPTO ONLINE VIDEO PLATFORM

CLIQ Remote - System description and requirements

EMC DATA DOMAIN OPERATING SYSTEM

Safeguarding Cardholder Account Data

BLACKLINE PLATFORM INTEGRITY

EMERGENCY SUPPORT FUNCTION (ESF) 13 PUBLIC SAFETY AND SECURITY

Global Platform Hosting Hosting Environment Security White Paper

Altius IT Policy Collection Compliance and Standards Matrix

ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE

Intermedia. CX-E Cloud Hosting Provider. Introduction. Why Intermedia for CX-E Cloud? Cost of Ownership

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

RFP Questions Guideline For Data Center Buyers

Altius IT Policy Collection

BME CLEARING s Business Continuity Policy

Compliance and Privileged Password Management

Version v November 2015

There are also a range of security and redundancy systems designed to improve the speed, reliability, stability and security of the simpro Cloud.

University of Hawaii Hosted Website Service

Data Security and Privacy Principles IBM Cloud Services

enalyzer enalyzer security

Opengear Technical Note

Online Services Security v2.1

TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES

IBM Case Manager on Cloud

IT CONTINUITY, BACKUP AND RECOVERY POLICY

Internet of Things. The Digital Oilfield: Security in SCADA and Process Control. Mahyar Khosravi

Fully managed Cloud-based business software solution

Windows Server Security Best Practices

DHIS2 Hosting Proposal

InterCall Virtual Environments and Webcasting

Asset Bank - Shared Hosting. Service Description

Information Technology General Control Review

SECURITY DOCUMENT. 550archi

TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES

Cisco Meraki Privacy and Security Practices. List of Technical and Organizational Measures

NETWORK DESIGN: MEDICAL FACILITY J.P. MARSHALL THOMAS ASHEY ROHAN GOTHWAL JENNIFER COLMAN SAMUEL CHERRY

SAFECOM SECUREWEB - CUSTOM PRODUCT SPECIFICATION 1. INTRODUCTION 2. SERVICE DEFINITION. 2.1 Service Overview. 2.2 Standard Service Features APPENDIX 2

Security Fundamentals for your Privileged Account Security Deployment

CogniFit Technical Security Details

v February 2016

Data Center Operations Guide

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

Symantec Reference Architecture for Business Critical Virtualization

Information Technology

BUSINESS CONTINUITY. Topics covered in this checklist include: General Planning

Introduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview

You Might Know Us As. Copyright 2016 TierPoint, LLC. All rights reserved.

Business Continuity and Disaster Recovery. Pennsylvania Emergency Management Agency (PEMA) Satellite Warning System/Rapid Notification Network

Juniper Vendor Security Requirements

The simplified guide to. HIPAA compliance

Server Security Procedure

Cloud-Based Data Security

Data Processing Amendment to Google Apps Enterprise Agreement

Standard: Data Center Security

Cloud Security Whitepaper

AUTHORITY FOR ELECTRICITY REGULATION

Transcription:

DECEMBER 4, 2013 Gary T. Ciampa SAS Solutions OnDemand Advanced Analytics Lab Birmingham Users Group, 2013

OVERVIEW SAS Solutions OnDemand Started in 2000 SAS Advanced Analytics Lab (AAL) Created in 2007 Multiple ASP lines of business, representing over 400 customer sites Marketing, Banking, Financial analytic solutions Health Care, Pharmaceutical & Retail analytic solutions Work in highly regulated industries Experience with large data volumes, demanding batch processing cycles and realtime delivery of content Experience coordinating with executive, business and technical teams Best Practices Data transfer, backup, restore, automation, monitoring and alerting Documented processes and procedures

BENEFITS End-to-end solution Software, implementation, mentoring, on-going support, infrastructure in one place unified approach for client Rapid time to value - Solution delivery model provides efficient time to value with the right expert at the right time, while customer focus remains on core strengths Expertise in establishing analytic platforms Data integration, data quality, update and access to large amounts of data in a pristine environment Scalable and secure SOC 2 / SOC 3, SLA gives customer assurance for applications and minimizes resource and scheduling issues Leverage extensive SAS skills as desired On-premise the solution when and if desired

Servers Network Storage, backup and restore SAS Data Center Security Encrypted data transfers Change management User account & entitlement management Resource and health metrics - reporting Continuation of business strategy Outages, outage notifications, SLAs IT Support

Support for multiple platforms [Linux/x86, Solaris/SPARC, HP-UX (PA-RISC/IA64), AIX, Windows/x86] Scalable Servers (2 to 64 processors), including system resource on-demand services Redundant components or servers are configured for 99% SLA Strict change control enforcement Hardened and baselined at time of deployment Resource and health monitoring (24x7) Hot Fix, Maintenance and Release management Interactive shell access to UNIX systems must be encrypted via SSH or accessed directly from the console HTTP and FTP access encrypted using SSL where appropriate Servers

Firewall / DMZ Isolated network Customer approval of all configuration changes Private leased lines (configure multiple or redundant lines) Encrypted VPN (backup network or primary) Network

STORAGE AND BACKUP Storage Scalability (1 to 100+TB) RAID protection (Levels 5, 1, 1+0) Remotely mirrored primary warehouse (for data availability and backups) Backup and Restore Encrypted backups of all data (daily, weekly, monthly) Backups performed from secondary data center (for data availability) Archive and restore services available

SAS Data Center Located at SAS Corporate Headquarters Fully secure Physical access restricted No external doors or windows All access monitored and reviewed Access to hosted equipment and rooms within the Data Center further restricted to those that require it Staffed 24x7 Full Environmental Controls & Redundancy N+1 cooling N+1 UPS N+1 generators Inert gas fire protection supplemented by preaction water Environmental status monitored Regular preventive maintenance performed

Security SOC 2 / SOC 3, SSAE 16 and Safe Harbor certifications Safeguards on regulated data Secure file transfer Data Classification Policy and Clean Desk Program United States Government Compliance

Physical Logical Access Log Review All physical hardware (servers, network, racks, backup tapes) protected by electronic locks Firewall / DMZ configured to restrict all traffic which is not approved All system level access logs are summarized and reviewed daily by the information security group. Security Access limited to those that require it (subset of Data Center staff) IDS / IPS services available All logs can be jointly reviewed upon request Cameras record all entries and exits to hosting rooms All users with elevated privileges must be approved Data center physically patrolled Elevated privileges are granted by SUDO or RU to those that not requiring system root or administrator passwords; may be restricted in scope

Data Transfer All data transfers are encrypted Support for FTP/S, SFTP, and HTTPS Audit files for transfer quality checks Notifications for file transfers are available All transfers are logged and reports generated Automated and scheduled delivery of data

User Account and Entitlement Management Web-based account management Approval required for all account and entitlement changes Historical tracking and auditing provided Self-service facility for forgotten passwords and user names Entitlement reports created on demand

Resource and Health Metrics: Reporting Real-time alerting for server and application availability Resource utilization metrics for CPU, memory, disk Resource availability metrics for applications including (SAS, HTTP and FTP). Monthly reports on server availability Real-time access to resource utilization metrics

Change Management All servers and network configurations are baselined at time of production deployment All changes must go through change management All changes must be approved except in the case of emergencies which are approved post-change Reports on all changes can be produced upon request

Continuation of Business Strategy Corporate wide strategy (refer to http://www.sas.com/corporate/continuity.pdf) Plans and procedures aimed at protecting SAS s key assets and continuing its critical business functions in the event of threats such as natural disasters, pandemics, power outages, computer viruses or terrorist attacks Within SAS COB program, the Emergency Operations Command (EOC) framework operates as an Incident Command Structure (ICS) for managing disaster events from a corporate perspective EOC and the Executive Management Team are responsible for declaring a disaster and activating SAS company-wide Response teams and Business Resumption (BR) teams EOC teams include: Emergency Response (life / safety and facilities evacuation) Facilities Response Communications Response (internal and external) Business Resumption Information Technology Response Data safeguarding is included in all SAS Solutions OnDemand hosted solutions Additional services can be negotiated

Outages, Outage Notifications and Service Level Agreements SAS performs standard scheduled outages Monthly outages are performed during the 3rd weekend of the month. Facilities and preventative maintenance outages which may impact services are scheduled at least 3 weeks in advance with customer approval Application outages are scheduled and approved by the customer Outage Notifications Customers are notified at least 3 days in advance of all scheduled outages unless otherwise requested and approved by the customer Facilities outage notifications are sent 3 weeks in advance including preventative maintenance tasks Unscheduled outages are communicated to the customer as soon as reasonably possible. SAS Solutions OnDemand maintains a minimum of 99% uptime outside of scheduled outages

FOR MORE INFORMATION, CONTACT: SAS SOLUTIONS HTTP://WWW.SAS.COM/SOLUTIONS/ / www.sas.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback