InterCall Virtual Environments and Webcasting

Similar documents
Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Document Sub Title. Yotpo. Technical Overview 07/18/ Yotpo

The Common Controls Framework BY ADOBE

VMware vcloud Air SOC 1 Control Matrix

Security and Compliance at Mavenlink

AWS continually manages risk and undergoes recurring assessments to ensure compliance with industry standards.

Data Security and Privacy Principles IBM Cloud Services

RAPID7 INFORMATION SECURITY. An Overview of Rapid7 s Internal Security Practices and Procedures

Twilio cloud communications SECURITY

IBM SmartCloud Notes Security

Information Security Policy

Cloud Security Whitepaper

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

QuickBooks Online Security White Paper July 2017

Infrastructure Security Overview

SECURITY PRACTICES OVERVIEW

AUTHORITY FOR ELECTRICITY REGULATION

Keys to a more secure data environment

ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE

University of Pittsburgh Security Assessment Questionnaire (v1.7)

SECURITY & PRIVACY DOCUMENTATION

SECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry

Juniper Vendor Security Requirements

For Australia January 2018

For USA & Europe January 2018

Solution Pack. Managed Services Virtual Private Cloud Security Features Selections and Prerequisites

Awareness Technologies Systems Security. PHONE: (888)

Projectplace: A Secure Project Collaboration Solution

Watson Developer Cloud Security Overview

Solutions Business Manager Web Application Security Assessment

Oracle Data Cloud ( ODC ) Inbound Security Policies

SDR Guide to Complete the SDR

WHITE PAPER- Managed Services Security Practices

Data Center Operations Guide

Layer Security White Paper

IBM SmartCloud Engage Security

SECURITY STRATEGY & POLICIES. Understanding How Swift Digital Protects Your Data

Hosted Testing and Grading

INFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare

Dooblo SurveyToGo: Security Overview

WORKSHARE SECURITY OVERVIEW

emarketeer Information Security Policy

Security Information & Policies

Cisco Meraki Privacy and Security Practices. List of Technical and Organizational Measures

EXCERPT. NIST Special Publication R1. Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

Comptia.Certkey.SY0-401.v by.SANFORD.362q. Exam Code: SY Exam Name: CompTIA Security+ Certification Exam

Trust Services Principles and Criteria

Ensuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard

<Document Title> INFORMATION SECURITY POLICY

Cyber security tips and self-assessment for business

Security Architecture

MEETING ISO STANDARDS

epldt Web Builder Security March 2017

Protect Your Application with Secure Coding Practices. Barrie Dempster & Jason Foy JAM306 February 6, 2013

RSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief

Cloud FastPath: Highly Secure Data Transfer

CYBERSECURITY RISK LOWERING CHECKLIST

Introduction to SURE

PCI DSS Compliance. White Paper Parallels Remote Application Server

A company built on security

Cyber Insurance PROPOSAL FORM. ITOO is an Authorised Financial Services Provider. FSP No

KantanMT.com. Security & Infra-Structure Overview

A (sample) computerized system for publishing the daily currency exchange rates

Security White Paper. Midaxo Platform Krutarth Vasavada

Afilias DNSSEC Practice Statement (DPS) Version

ORA HIPAA Security. All Affiliate Research Policy Subject: HIPAA Security File Under: For Researchers

Automate sharing. Empower users. Retain control. Utilizes our purposebuilt cloud, not public shared clouds

SOLUTIONS BRIEF GOGO AIRBORNE SECURITY SUMMARY 2017 Q3 RELEASE

Page 1 of 15. Applicability. Compatibility EACMS PACS. Version 5. Version 3 PCA EAP. ERC NO ERC Low Impact BES. ERC Medium Impact BES

Cloud Operations for Oracle Cloud Machine ORACLE WHITE PAPER MARCH 2017

WHITEPAPER. Security overview. podio.com

Lakeshore Technical College Official Policy

ISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045

CTS performs nightly backups of the Church360 production databases and retains these backups for one month.

Payment Card Industry (PCI) Data Security Standard

Security Principles for Stratos. Part no. 667/UE/31701/004

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

Introduction. The Safe-T Solution

Security Note. BlackBerry Corporate Infrastructure

IoT & SCADA Cyber Security Services

HikCentral V.1.1.x for Windows Hardening Guide

FormFire Application and IT Security

CompTIA CAS-002. CompTIA Advanced Security Practitioner (CASP) Download Full Version :

Deep Freeze Cloud. Architecture and Security Overview

Cyber Essentials Questionnaire Guidance

Global Platform Hosting Hosting Environment Security White Paper

Sparta Systems TrackWise Digital Solution

Atmosphere Fax Network Architecture Whitepaper

Oracle Payment Interface Token Proxy Service Security Guide Release 6.1 E November 2017

MigrationWiz Security Overview

April Appendix 3. IA System Security. Sida 1 (8)

HikCentral V1.3 for Windows Hardening Guide

Information Security Controls Policy

The following security and privacy-related audits and certifications are applicable to the Lime Services:


ZyLAB delivers a SaaS solution through its partner data center provided by Interoute and through Microsoft Azure.

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Data Protection. Plugging the gap. Gary Comiskey 26 February 2010

IBM Case Manager on Cloud

Transcription:

InterCall Virtual Environments and Webcasting Security, High Availability and Scalability Overview 1. Security 1.1. Policy and Procedures The InterCall VE ( Virtual Environments ) and Webcast Event IT team established its security policy in 2009. The policy was defined and approved by the management team of the company. The policy guides the different departments in the company methods relating to security and is used as a guide for the creation of the Information Security procedures. 1.2. Information Security Operational Committee The InterCall VE and Webcast Event Information Security Operational Committee which includes the director of engineering, IT manager and the information security officer is responsible for the technical aspects of securing the data and the services that the InterCall VE and Webcast Event teams maintain and provide for its customers. The committee meets every two months; it reviews new threats and vulnerabilities and plans the security controls and countermeasure that need to be placed to protect InterCall VE and Webcast Event assets. The committee monitors the implementation of the security controls and makes sure they mitigate the threats. 1.3. System Security 1.3.1. Physical Security The InterCall VE and Webcast Event platform is hosted in the USA in a SAS70 certified data center that provides high physical and logical security controls. Strict policies and procedures ensure the utmost security which includes biometrics finger printing scan, card key access and video surveillance camera technology. Anyone visiting the datacenter facility must be escorted by the datacenter employee to a designated location. Visitors are required to sign the visitors log and obtain a visitor badge. Every visitor is matched against the pre-approved authorized listing. The datacenter is divided into several security zones, clients are permitted to access only the zone where their equipment is located. All cabinets are locked with individualized keys. Video cameras are strategically placed throughout the facility and are monitored 24x7. Historical video data is viewable at a minimum of fifteen days. 1.3.2. Network Security The InterCall VE and Webcast Event architecture incorporates Check Point Firewalls to protect the platform. Network traffic from the internet into the datacenter routes through firewalls which allow access only to a specific set of machines and services. The InterCall VE and Webcast Event architecture divides the datacenter into multiple network zones each containing a set of information services and information systems. Check Point firewalls control the network between the zones and allow access only to the relevant and desired services at each zone. In addition to the access control the firewalls isolate the internal network from the outside world using Network Address Translation. NAT ensures that the internal network addresses are not exposed to the external peer and can t be used to hack into the system. The firewalls are kept up to date with the latest security patches. 1.3.3. Antivirus INFO@INTERCALL.COM INTERCALL.COM 800.820.5855 1

Antivirus systems operate on all the servers in the data center to prevent malicious code. The AV systems are being updated continuously. 1.3.4. Access Control Only the InterCall VE and Webcast Event IT team has administrative access to the servers and workstations in the datacenter. When an IT member leaves the company accounts are deactivated promptly. The administration access to the servers and systems in the datacenter is via Check Point VPN. The VPN authenticates the client by a client side certificate and encrypts all the network traffic between the client computer and the datacenter. 1.3.5. Change Management All the changes in the datacenter to hardware, software or a platform configuration change follow a Change Management procedure. The change must be planned in advanced checked in the QA environment and approved by the IT manager. Once the change is implemented in the datacenter it is verified by the QA team. The procedure assures that all changes to the production environments are controlled and documented. 1.3.6. Maintenance Maintenance of the InterCall VE and Webcast Event platform is done by the internal IT department or under its direct supervision. Most of the maintenance is done from the InterCall VE and Webcast Event offices using VPN. The redundancy at each layer enables hot deployment and configuration without a downtime. 1.3.7. Personnel 1.3.7.1. Recruitment InterCall VE and Webcast Event perform reference checks for new employees. All new employees are required to sign a non-disclosure agreement during the hiring process. 1.3.7.2. Information Security awareness and training The InterCall VE and Webcast Event security team educates its employees about the importance of securing the data and the services it provides. All employees have an annual information security awareness session that reviews security threats and vulnerabilities that are relevant to every employee. The session gives the best practices for avoiding security pitfalls. There is a special training for developers. In their training the learn how to develop a secured application that will resist hacking attempts. 1.3.7.3. Leaving the company. When an employee leaves the company for any reason, his user account as well as his application account are disabled. He required returning his employee badge immediately. Any access s/he has to the company network is blocked. 1.3.7.4. Third Party. Contractors and third-parties are required to sign a non-disclosure agreement before they are granted any access to the data or services at InterCall VE and Webcast Event. They are granted access only to the required services and have the minimum privileges required for fulfilling their job duties. When the contract ends, their accounts are disabled and their access to the information and services is blocked. 1.3.8. Audit and Accountability Every user in the VE application has a unique user name and a password. Thus users are accountable for any activity that is done under their accounts. Administration actions are logged INFO@INTERCALL.COM INTERCALL.COM 800.820.5855 2

in a separate log file and there is a separate log file for security related actions. The InterCall VE and Webcast Event security team retains the log files and can audit them if there is any suspicious for an unauthorized or a malicious activity. 1.3.9. Security Assessment The InterCall VE and Webcast Event security team uses an outside firm specializing in information security to assess its security. A thorough penetration test is executed annually at a minimum. The tests examine the platform infrastructure as well as the application and services and look for vulnerabilities. The results of the penetration tests are reviewed by the Information Security Council and by the IT and R&D departments. Based on the findings and their severity, InterCall VE and Webcast Event plans the fixes project. High severity issues are fixed and deployed as soon as possible. 1.4. Application Security The InterCall VE and Webcast Event platform was designed and developed with security concerns in mind. Authentication, Authorization, User Roles and Permissions have been part of the platform from the first day. Every new feature is checked at requirement and design phases to make sure it doesn t expose new vulnerability or break the defined policy. 1.4.1. OWASP InterCall VE and Webcast Event developers follow Open Web Application Secure Project recommendations for developing a secured application and avoiding the common security risks as SQL injection, Cross Site Scripting, Cross Site Request Forgery, Insecure direct object reference, URL access etc. 1.4.2. Development Life Cycle The development of the VE platform follows strict procedures and best practices that assure the product is at the highest level of quality and security. 1.4.2.1. Design Every new system, service, or feature is evaluated in the requirements and design phases in terms of information security and privacy. The Chief Information Security Officer reviews every major change in the system. 1.4.2.2. Development InterCall VE and Webcast Event developers are trained to develop a secured application using OWASP best practices and using industry tools and standards. In addition to the regular reviews during development, security related feature development is guided and mentored by the CISO. 1.4.2.3. Configuration Control The InterCall VE and Webcast Event Development team maintains the source code and the libraries used in development in a source control repository. The access to the repository is granted to developers only. Documentation of the requirements and the technical design are kept in a documentation repository. 1.4.2.4. QA Platform updates as well as patches and hot fixes are all deployed and tested thoroughly in a dedicated QA environment. The QA environment simulates the production environment in terms of tiers separations and high availability clusters. The QA environment is located at the development site and doesn t contain customer data. 1.4.2.5. Staging INFO@INTERCALL.COM INTERCALL.COM 800.820.5855 3

When a new software version passes the testing in the QA environment and just before it deployed into the production environment, the software is deployed into a staging environment located at the datacenter. The staging environment has the same security controls and configuration as the production environment and is used to check the software on real data. 1.4.3. Authentication All the users of the InterCall VE and Webcast Event stakeholders as well as visitors must register and log in before they can access any resource or visit any event in the application. The regular authentication process is based on user name and a password. The default password policy is 8 characters in length, contains upper case and lower case characters and digits. After 5 failed login attempts, the account is locked for two minutes to prevent brute forcing and denial of service. In addition to the user/password authentication, InterCall VE and Webcast Event supports proprietary authentication methods as well as standards based authentication methods such as Facebook Connect and SAML (coming soon). 1.4.4. Session Management Every time a user is logged in s/he is assigned a dedicated session. The platform keeps track of the active users and the users always have the option to explicitly logoff the application and end their sessions. The system automatically ends the session and logs off a user that is not active for a configurable time period. 1.4.5. Authorization The InterCall VE and Webcast Event platform checks and authorizes every incoming request based on the user role and scope, the type of the action and the targeted object. The VE platform has predefine roles and object ownership and the relevant interfaces and services are accessible only to the authorized users. In addition there are different permission per object thus some user may view a specific object while the owner of the object may update or even delete it. 1.4.5.1. Edge Authorization The InterCall VE and Webcast Event delivery strategy uses CDN facilities to serve static and dynamic / live streamed content with the smallest latency and unlimited capacity for end users all over the world. The InterCall VE and Webcast Event authentication functions make sure that the CDN servers are authorized for every access to restricted content. 1.4.6. Access Control The InterCall VE and Webcast Event platform has a built in access control mechanism and customers may define their own fine grain restrictions on top of it. 1.4.6.1. Application Access Control Most of the content that is published in a VE can be viewed by every registered user unless configurable access controls are used Only the owner of the content can update the content, publish, hide or delete it. 1.4.6.2. Configurable Access Control In addition to the predefined access controls, customers can create their own Access Control Lists by creating groups of objects that can only be accessed by a restricted list of users. 1.4.6.2.1. Registration ACL Customer can allow or prevent the registration of users with specific email addresses or email domains. Customers can create a list of specific users who can enter an event or restrict the event to users from a specific company. INFO@INTERCALL.COM INTERCALL.COM 800.820.5855 4

1.4.6.2.2. Location ACL In addition to the control at the entrance point, customers can restrict the access to any location (e.g. Booth, Webcast, and Resource Center) and create a list of users which can enter the location and access the data it contains. The user list can be created base on any of the following characteristics of a user: Role, Email Address/Domain, Registration attributes. 1.4.7. Email Verification The customer can require verification of the registrant s email address during the registration process. Only after the verification is completed successfully, the registrant may then access the event. 1.4.8. Audit and Accountability Every administration action is logged in a dedicated log which includes the action, user, time and date and the action parameters. There is an additional log that contains security related actions (login/logout, account and privileges management). 1.4.9. Security Assessment The InterCall VE and Webcast Event application is tested annually by an external party. The results are reviewed by the management team. Findings are ordered by their severity and a plan is created to fix the vulnerabilities by their severity. 1.4.10. SSL and Encryption The InterCall VE and Webcast Event support full encryption of the client server channel. The platform also encrypts passwords in the DB. 1.4.11. Configurable Security The InterCall VE and Webcast Event security team recommends its customers use the highest level of security. Nevertheless, The InterCall VE and Webcast Event team lets the customers adjust the security configuration to meet their specific security requirements. The customer has the control of the password policy parameters, whether to enable guest account (with restricted permissions), encryption channels and more. 2. High Availability As the leading provider of virtual events and conferences InterCall VE and Webcast Event is committed to deliver it services 24 hours 356 days a year. InterCall VE and Webcast Event uses best tools and practices to make sure that the service won t be interrupted for any reason. 2.1. Redundancy All the servers in the InterCall VE and Webcast Event platform run in clusters. Wherever a server fails the traffic is automatically redirected to another server in the cluster. 2.1.1. Web Tier The web tier runs on a cluster of IIS servers. In case of a failure in one of the web servers the load balancer disables the routing of requests to that server until it is verified as active again. 2.1.2. Application Tier The InterCall VE and Webcast Event platform uses Oracle Weblogic to run the application. The Weblogic servers run in a cluster and each web server routes requests to any available INFO@INTERCALL.COM INTERCALL.COM 800.820.5855 5

application server. 2.1.3. DB The InterCall VE and Webcast Event platform uses Oracle Enterprise edition in a Real Application Cluster configuration that allows it to run multiple active servers concurrently. In case of a failure in one of the DB servers the application servers are configure to route the queries to the other DB. 2.1.4. Streaming The InterCall VE and Webcast Event platform operates two separate routes for producing and broadcasting every single webcast. In case of failure with one of the lines the users are automatically redirected to the second line. 2.1.5. CDN The broadcasting of the live and on demand streaming is via the Akamai CDN. The InterCall VE and Webcast Event platform provides Akamai primary and secondary streams. In case of failure in the primary stream Akamai uses the secondary as the source. Akamai provides the stream to the end users via hundreds of media servers globally which are fully redundant. 2.2. Load Balancers The InterCall VE and Webcast Event platform uses two Radware App Director load balancers to route the traffic to the internal servers. The load balancers are synchronized and run in an active/passive mode where in case of a failure the passive server become active immediately. 2.3. No Single Point of Failure The InterCall VE and Webcast Event platform is fully redundant. Each server is connected to two power adapters and has network connectivity via two network interfaces. Each power adapter is connected to a different power source. Each network interface is connected to a different switch making every server available via two different routes. 2.4. Disaster Recovery The InterCall VE and Webcast Event architectural team will deploy a second datacenter in 2012. The second datacenter will extend the current capacity as well as provide failover and backup capabilities. The two datacenters will synchronize their data. Thus, in case of a disaster in one of the datacenters the second datacenter will serve promptly, the users of the datacenter that failed. 2.5. Storage The InterCall VE and Webcast Event platform uses IBM XIV storage. This storage has its own built it redundancy and high availability in terms of disks, controller, network interfaces and power supply. 2.6. Monitoring The InterCall VE and Webcast Event IT team monitors the availability and the performance of the system utilizing various automated tools. The tools monitor and access different components and different layers from the infrastructure level up to the application level. As a global communications technology leader the InterCall VE and Webcast Event architecture incorporates a worldwide monitoring system that measures the application availability from 5 different locations around the world. As part of the online monitoring, when an error occurs or a threshold is being reached an alert is send to the InterCall VE and Webcast Event IT team via email and SMS. INFO@INTERCALL.COM INTERCALL.COM 800.820.5855 6

3. Scalability The world of online meeting and conferencing grows fast. The amount of events and the number of users that attend each event increase every month. The InterCall VE and Webcast Event development team built the platform to support not only today and tomorrow s demands but to be able to quickly scale out and support huge growth. 3.1. Cluster Every tier in the InterCall VE and Webcast Event platform from the web tier to the persistence tier is built of a cluster of servers. Instead of scaling up by upgrading the server hardware, InterCall VE and Webcast Event extends it capacity easily and more cost effectively by adding additional servers to the relevant tier. 3.2. CDN The InterCall VE and Webcast Event platform uses CDN delivery as much as it can, the CDN infrastructure contains thousands of servers all over the world and allows the VE platform unlimited scale in terms of streaming and web content. 3.3. Load Test The InterCall VE and Webcast Event development team continually checks and enhances its capacity and its performance under heavy load by conducting massive load tests. Using Amazon cloud the InterCall VE and Webcast Event team tests its platform with more than 30,000 concurrent users including a short ramp up. InterCall VE and Webcast Event engineers monitor and review the load results and the matrix and measurements that were collected from the VE platform. The load results are scrutinized to make sure the system performance and behavior meet the requirements under load and identify any bottleneck in the hardware, software or the network that compose the VE platform. INFO@INTERCALL.COM INTERCALL.COM 800.820.5855 7

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback