Awareness Technologies Systems Security. PHONE: (888)

Similar documents
SECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry

CTS performs nightly backups of the Church360 production databases and retains these backups for one month.

Riverbed Xirrus Cloud Processes and Data Privacy June 19, 2018

TECHNICAL INFRASTRUCTURE AND SECURITY PANOPTO ONLINE VIDEO PLATFORM

Dooblo SurveyToGo: Security Overview

Xerox Audio Documents App

Security and Compliance at Mavenlink

SECURITY STRATEGY & POLICIES. Understanding How Swift Digital Protects Your Data

Total Video Solution Cybersecurity Protection. ConteraWS Platform Cybersecurity Overview

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Amazon Web Services: Overview of Security Processes November 2014

The Common Controls Framework BY ADOBE

AWS continually manages risk and undergoes recurring assessments to ensure compliance with industry standards.

SECURITY PRACTICES OVERVIEW

APPLICATION & INFRASTRUCTURE SECURITY CONTROLS

Twilio cloud communications SECURITY

Layer Security White Paper

QuickBooks Online Security White Paper July 2017

KantanMT.com. Security & Infra-Structure Overview

TRACKVIA SECURITY OVERVIEW

Cisco Meraki Privacy and Security Practices. List of Technical and Organizational Measures

Integrated Cloud Environment Security White Paper

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

RADIAN6 SECURITY, PRIVACY, AND ARCHITECTURE

The following security and privacy-related audits and certifications are applicable to the Lime Services:

Technical infrastructure and security. Panopto cloud video platform. panopto.com

Projectplace: A Secure Project Collaboration Solution

Online Services Security v2.1

Data Center Operations Guide

RAPID7 INSIGHT PLATFORM SECURITY

SECURITY DOCUMENT. 550archi

Trust Services Principles and Criteria

SECURITY & PRIVACY DOCUMENTATION

Watson Developer Cloud Security Overview

BEYOND CJIS: ENHANCED SECURITY, NOT JUST COMPLIANCE

Cloud FastPath: Highly Secure Data Transfer

InterCall Virtual Environments and Webcasting

Infrastructure Security Overview

MigrationWiz Security Overview

Data Security at Smart Assessor

Daxko s PCI DSS Responsibilities

ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE

University of Pittsburgh Security Assessment Questionnaire (v1.7)

FormFire Application and IT Security

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

EXCERPT. NIST Special Publication R1. Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

Information Security Controls Policy

Payment Card Industry (PCI) Data Security Standard

Security Principles for Stratos. Part no. 667/UE/31701/004

2.4. Target Audience This document is intended to be read by technical staff involved in the procurement of externally hosted solutions for Diageo.

Automate sharing. Empower users. Retain control. Utilizes our purposebuilt cloud, not public shared clouds

Security & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web

MYOB Advanced SaaS. Why choose MYOB Advanced? Fact Sheet. What is MYOB Advanced SaaS?

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

AWS alignment with Motion Picture of America Association (MPAA) Content Security Best Practices Application in the Cloud

For Australia January 2018

Hosted Testing and Grading

Total Security Management PCI DSS Compliance Guide

Secure Esri Solutions in the AWS Cloud. CJ Moses, AWS Deputy CISO

Security & Compliance in the AWS Cloud. Amazon Web Services

Information Services IT Security Policies L. Network Management

INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.1 SUCCESS AKAMAI SOLUTIONS BRIEF INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.

Dude Solutions Business Continuity Overview

Information Security at Veritext Protecting Your Data

For USA & Europe January 2018

PROTECTING INFORMATION ASSETS NETWORK SECURITY

CIS Controls Measures and Metrics for Version 7

CYBER SECURITY WHITEPAPER

Accelerating the HCLS Industry Through Cloud Computing

SoftLayer Security and Compliance:

Intermedia s Private Cloud Exchange

CIS Controls Measures and Metrics for Version 7

10 FOCUS AREAS FOR BREACH PREVENTION

What can the OnBase Cloud do for you? lbmctech.com

BeOn Security Cybersecurity for Critical Communications Systems

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY

Information Security Policy

Security White Paper. Midaxo Platform Krutarth Vasavada

Global Platform Hosting Hosting Environment Security White Paper

Vendor Security Questionnaire

Security Policy (EN) v1.3

WHITEPAPER. Security overview. podio.com

Education Network Security

Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV

Table of Contents. Page 1 of 6 (Last updated 27 April 2017)

HIPAA Security. 3 Security Standards: Physical Safeguards. Security Topics

Document Sub Title. Yotpo. Technical Overview 07/18/ Yotpo

Google Cloud Platform: Customer Responsibility Matrix. December 2018

Security & Privacy Guide

ANSWERS TO FREQUENTLY ASKED QUESTIONS

Page 1 of 15. Applicability. Compatibility EACMS PACS. Version 5. Version 3 PCA EAP. ERC NO ERC Low Impact BES. ERC Medium Impact BES

Juniper Vendor Security Requirements

Security Architecture

TB+ 1.5 Billion+ The OnBase Cloud by Hyland 600,000,000+ content stored. pages stored

Hosts have the top level of webinar control and can grant and revoke various privileges for participants.

DoD Guidance for Reviewing System Security Plans and the NIST SP Security Requirements Not Yet Implemented This guidance was developed to

Afilias DNSSEC Practice Statement (DPS) Version

WORKSHARE SECURITY OVERVIEW

Morningstar ByAllAccounts Service Security & Privacy Overview

[DATA SYSTEM]: Privacy and Security October 2013

Transcription:

Awareness Technologies Systems Security

Physical Facility Specifications At Awareness Technologies, the security of our customers data is paramount. The following information from our provider Amazon Web Services (AWS) further explains the specifications and security measures which are present in our environment: AWS s data centers are state of the art, utilizing innovative architectural and engineering approaches. Amazon has many years of experience in designing, constructing, and operating large-scale datacenters. This experience has been applied to the AWS platform and infrastructure. AWS datacenters are housed in nondescript facilities. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication a minimum of two times to access datacenter floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff. AWS only provides datacenter access and information to employees and contractors who have a legitimate business need for such privileges. When an employee no longer has a business need for these privileges, his or her access is immediately revoked, even if they continue to be an employee of Amazon or Amazon Web Services. All physical access to datacenters by AWS employees is logged and audited routinely. Compliance The IT infrastructure that AWS provides to its customers is designed and managed in alignment with security best practices and a variety of IT security standards, including: SOC 1/SSAE16/ISAE 3402 (formerly SAS 70) SOC 2 SOC 3 FISMA, DIACAP, and FedRAMP DOD CSM Levels 1-5 PCI DSS Level 1 ISO 9001 / ISO 27001 ITAR FIPS 140-2 MTCS Level 3

Fire Detection & Suppression Automatic fire detection and suppression equipment has been installed to reduce risk. The fire detection system utilizes smoke detection sensors in all data center environments, mechanical and electrical infrastructure spaces, chiller rooms and generator equipment rooms. These areas are protected by either wet-pipe, doubleinterlocked pre-action, or gaseous sprinkler systems. Power The data center electrical power systems are designed to be fully redundant and maintainable without impact to operations, 24 hours a day, and seven days a week. Uninterruptible Power Supply (UPS) units provide back-up power in the event of an electrical failure for critical and essential loads in the facility. Data centers use generators to provide back-up power for the entire facility. Climate & Temperature Climate control is required to maintain a constant operating temperature for servers and other hardware, which prevents overheating and reduces the possibility of service outages. Data centers are conditioned to maintain atmospheric conditions at optimal levels. Personnel and systems monitor and control temperature and humidity at appropriate levels. Management AWS monitors electrical, mechanical, and life support systems and equipment so that any issues are immediately identified. Preventative maintenance is performed to maintain the continued operability of equipment. Storage Device Decommissioning When a storage device has reached the end of its useful life, AWS procedures include a decommissioning process that is designed to prevent customer data from being exposed to unauthorized individuals. AWS uses the techniques detailed in DoD 5220.22-M ( National Industrial Security Program Operating Manual ) or NIST 800-88 ( Guidelines for Media Sanitization ) to destroy data as part of the decommissioning process. All decommissioned magnetic storage devices are degaussed and physically destroyed in accordance with industry-standard practices.

Availability Data centers are built in clusters in various global regions. All data centers are online and serving customers; no data center is cold. In case of failure, automated processes move customer data traffic away from the affected area. Core applications are deployed in an N+1 configuration, so that in the event of a data center failure, there is sufficient capacity to enable traffic to be load-balanced to the remaining sites. AWS provides the flexibility to place instances and store data within multiple geographic regions as well as across multiple availability zones within each region. Each availability zone is designed as an independent failure zone. This means that availability zones are physically separated within a typical metropolitan region and are located in lower risk flood plains (specific flood zone categorization varies by Region). In addition to discrete uninterruptable power supply (UPS) and onsite backup generation facilities, they are each fed via different grids from independent utilities to further reduce single points of failure. Availability zones are all redundantly connected to multiple tier-1 transit providers. Incident Response The Amazon Incident Management team employs industry-standard diagnostic procedures to drive resolution during business-impacting events. Staff operators provide 24x7x365 coverage to detect incidents and to manage the impact and resolution. Network Security The AWS network has been architected to permit you to select the level of security and resiliency appropriate for your workload. To enable you to build geographically dispersed, fault-tolerant web architectures with cloud resources, AWS has implemented a world-class network infrastructure that is carefully monitored and managed. Secure Network Architecture Network devices, including firewall and other boundary devices, are in place to monitor and control communications at the external boundary of the network and at key internal boundaries within the network. These boundary devices employ rule sets, access control lists (ACL), and configurations to enforce the flow of information to specific information system services. ACLs, or traffic flow policies, are established on each managed interface, which manage and enforce the flow of traffic. ACL policies are approved by Amazon Information Security. These policies are automatically pushed using AWS s ACL- Manage tool, to help ensure these managed interfaces enforce the most up-to-date ACLs.

Secure Access Points AWS has strategically placed a limited number of access points to the cloud to allow for a more comprehensive monitoring of inbound and outbound communications and network traffic. These customer access points are called API endpoints, and they allow secure HTTP access (HTTPS), which allows you to establish a secure communication session with your storage or compute instances within AWS. In addition, AWS has implemented network devices that are dedicated to managing interfacing communications with Internet service providers (ISPs). AWS employs a redundant connection to more than one communication service at each Internet-facing edge of the AWS network. These connections each have dedicated network devices. Client-Server Security To ensure the integrity and security of data between client and server, the following measures have been implemented: Transport Layer Security (TLS): All client-server communication utilizes TLS/SSL connections with SHA-2 signature algorithms and RSA 2048-Bit Public Keys. All TLS/SSL certificates are issued by GoDaddy Secure Certification Authority Class 2. File Encryption: All recorded data from monitored client machines is encrypted utilizing a combination of SHA-1 (160-bit) and 3DES (192-bit) standards with an encryption key created from a salted hash of target machine identifiers. Data is encrypted locally before being transmitted to the server. Application Security Our production network is secured by several measures. All servers are configured for private IP addresses, and access to them is tightly controlled via Network Address Translation (NAT) as well as a Cisco firewall platform. (More specifics on this platform cannot be given for security reasons.)

Database Security Access to our database is strictly controlled. Only the database administration team has access to connect directly to the database server, and all access to the database is done through individualized accounts. All account passwords are considered to be strong passwords of a minimum length of eight characters, and consisting of upper and lower case letters, numbers, and special characters. All failed login attempts to the database are logged to the database s log file and reviewed to ensure that no attempts to brute force attack the database are being made. Our database administration team is based in the USA, and consists of individuals with the highest levels of training and certification. They are all bound by personnel and corporate policies not to access customer account information without team lead approval and business need. All database servers are kept patched to the latest security patches for both the Operating System as well as the Database platform to minimize the threat potential in the event that someone was able to breach the network firewall.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback