MigrationWiz Security Overview

Similar documents
DreamFactory Security Guide

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

SECURITY & PRIVACY DOCUMENTATION

WHITEPAPER. Security overview. podio.com

IBM SmartCloud Notes Security

Juniper Vendor Security Requirements

Security and Compliance at Mavenlink

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

Awareness Technologies Systems Security. PHONE: (888)

WHITE PAPER Cloud FastPath: A Highly Secure Data Transfer Solution

Cyber security tips and self-assessment for business

Cloud FastPath: Highly Secure Data Transfer

Riverbed Xirrus Cloud Processes and Data Privacy June 19, 2018

Projectplace: A Secure Project Collaboration Solution

CIS Controls Measures and Metrics for Version 7

Data Security and Privacy Principles IBM Cloud Services

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Your Data and Artificial Intelligence: Wise Athena Security, Privacy and Trust. Wise Athena Security Team

CIS Controls Measures and Metrics for Version 7

Solutions Business Manager Web Application Security Assessment

epldt Web Builder Security March 2017

University of Pittsburgh Security Assessment Questionnaire (v1.7)

The Common Controls Framework BY ADOBE

Watson Developer Cloud Security Overview

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

Google Cloud Platform: Customer Responsibility Matrix. April 2017

Maximize your move to Microsoft in the cloud

Secure Access for Microsoft Office 365 & SaaS Applications

Deep Freeze Cloud. Architecture and Security Overview

Christopher Covert. Principal Product Manager Enterprise Solutions Group. Copyright 2016 Symantec Endpoint Protection Cloud

QuickBooks Online Security White Paper July 2017

Google Cloud Platform: Customer Responsibility Matrix. December 2018

Securing Office 365 with MobileIron

Secure Access & SWIFT Customer Security Controls Framework

A company built on security

University of Colorado

PCI DSS and VNC Connect

Security context. Technology. Solution highlights

The following security and privacy-related audits and certifications are applicable to the Lime Services:

Maintain Data Control and Work Productivity

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

SECURITY STRATEGY & POLICIES. Understanding How Swift Digital Protects Your Data

Google Cloud & the General Data Protection Regulation (GDPR)

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY

EXAM - CAS-002. CompTIA Advanced Security Practitioner (CASP) Exam. Buy Full Product.

RADIAN6 SECURITY, PRIVACY, AND ARCHITECTURE

VMware vcloud Air SOC 1 Control Matrix

The Nasuni Security Model

AWS continually manages risk and undergoes recurring assessments to ensure compliance with industry standards.

ngenius Products in a GDPR Compliant Environment

Introduction. The Safe-T Solution

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

Identity & Access Management

Xerox Audio Documents App

IPM Secure Hardening Guidelines

Keys to a more secure data environment

Twilio cloud communications SECURITY

Total Security Management PCI DSS Compliance Guide

Discover threats quickly, remediate immediately, and mitigate the impact of malware and breaches

HIPAA Regulatory Compliance

Table of Contents. Page 1 of 6 (Last updated 27 April 2017)

SECURITY PRACTICES OVERVIEW

Daxko s PCI DSS Responsibilities

7.16 INFORMATION TECHNOLOGY SECURITY

Locking down a Hitachi ID Suite server

Security Specification

Information Security Policy

AppPulse Point of Presence (POP)

Security in Bomgar Remote Support

Speaker Introduction Who Mate Barany, VMware Manuel Mazzolin, VMware Peter Schmitt, Deutsche Bahn Systel Why VMworld 2017 Understanding the modern sec

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

SAFECOM SECUREWEB - CUSTOM PRODUCT SPECIFICATION 1. INTRODUCTION 2. SERVICE DEFINITION. 2.1 Service Overview. 2.2 Standard Service Features APPENDIX 2

BULLETPROOF365 SECURING YOUR IT. Bulletproof365.com

Information Security Controls Policy

CYBERSECURITY RISK LOWERING CHECKLIST

RAPID7 INFORMATION SECURITY. An Overview of Rapid7 s Internal Security Practices and Procedures

How-to Guide: Tenable.io for Microsoft Azure. Last Updated: November 16, 2018

CTS performs nightly backups of the Church360 production databases and retains these backups for one month.

TOTAL SAAS BACKUP SAAS PROTECTION

Introduction. The Safe-T Solution

ForeScout Extended Module for Carbon Black

BULLETPROOF365 SECURING YOUR IT. Bulletproof365.com

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Duration: 5 Days Course Code: M20764 Version: B Delivery Method: Elearning (Self-paced)

Best Practices in Securing Your Customer Data in Salesforce, Force.com & Chatter

VNC SDK security whitepaper

Security Architecture

Data Sheet: Endpoint Security Symantec Network Access Control Starter Edition Simplified endpoint enforcement

SDR Guide to Complete the SDR

InterCall Virtual Environments and Webcasting

Security in the Privileged Remote Access Appliance

Security Information & Policies

ARBOR DDoS PRODUCTS IN A GDPR COMPLIANT ENVIRONMENT. Guidelines and Frequently Asked Questions

Data Security at Smart Assessor

ISO27001 Preparing your business with Snare

ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE

Technology Security Failures Common security parameters neglected. Presented by: Tod Ferran

Oracle Data Cloud ( ODC ) Inbound Security Policies

Office 365 Buyers Guide: Best Practices for Securing Office 365

TRACKVIA SECURITY OVERVIEW

Transcription:

MigrationWiz Security Overview Table of Contents Introduction... 2 Overview... 2 Shared Security Approach... 2 Customer Best Practices... 2 Application Security... 4 Data Security and Handling... 4 Database Level Security... 4 Network Security... 5 Business Continuity... 5 Definitions... 6 Page 1 of 6

Introduction This whitepaper is targeted to current and potential BitTitan customers who are interested in migrating data using MigrationWiz. MigrationWiz is a patented SaaS product that runs on Azure. This whitepaper is designed to help you understand what measures we use to safeguard your Data, but more importantly, to recommend customer best practices to optimize your security approach for each migration. Overview We take the security of our environment seriously. BitTitan s environment security is designed to protect mission critical resources and to provide a secure, robust, and geographically dispersed environment that helps to ensure data integrity and to secure against accidental or deliberate data deletion or leaks. This secure environment is maintained and with encryption and other controls discussed below. This document describes how using best practice recommendations to optimize each migration users can leverage BitTitan s secure SaaS application to efficiently and cost-effectively move data across a variety of environments and platforms. Customers should leverage our Knowledge Base guidance and documents to enhance the overall security of their data during the migration process. Shared Security Approach BitTitan designed MigrationWiz as a cloud native product. Using advanced and proprietary cloud infrastructure technologies, we enable scalable network throughput by connecting diverse and powerful networks across the solution. Because we rely on the security of your network to safeguard your migration, our security model is a shared approach. Throughout this document, we will refer to customer best practices to implement a customized security approach. Our security practices do not cover exposure, breaches or failure resulting from any: a) use not in accordance with the User Agreement b) modifications, damage, misuse or other action of user or any third party c) any failure of a customer environment d) intentional deviations from our provided guidance. Customer Best Practices Creating Strong Passwords. Creating strong passwords applies to both the password to your BitTitan account and the credentials of your Source and Destination data servers. BitTitan maintains password complexity requirements designed to prevent brute forcing of accounts in accordance with industry standards. For those users requiring additional security, we recommend extending the length of your password beyond 8 characters, including special characters, and avoiding guessable passwords. We also recommend regularly changing your account and data server passwords and credentials (e.g., every 90 days) and avoiding recycling any old passwords. Credential Handling and Storage during and after Migration. We enable users to streamline the process of migrations by using administrative-level credentials (including Office 365 impersonation for increased bandwidth capabilities). Accordingly, we recommend that you create temporary credentials during each migration and change these temporary credentials after the completion of your project. Note that temporary passwords should adhere to standard password policies and should not include any data relevant to your organization or project. Page 2 of 6

Source Sanitization. MigrationWiz migrates your data as-is, meaning that anything currently infected will remain so even after the migration. Accordingly, to ensure sanitation, we recommend that you run an appropriate antivirus scanner on your Source prior to migrating any contents. This practice has the added benefit of ensuring that your data is easily migrated without corruption errors. Customizing Your Data Purge. MigrationWiz allows you to configure a custom purge policy by setting the number of days after which your project will be auto-deleted if unused. We recommend that you delete a project after completion. By deleting the project, you delete the connection between MigrationWiz and your Source and Destination messaging servers. You should carefully review your account activity to ensure that the project is indeed complete. Note that you can use the Maintenance section of Advanced Options to configure a custom purge policy for each migration project. Source Maintenance Period. Even after your migration is completed, we recommend that you perform a backup of your source before shutting it down or deleting it and maintaining your Source data server for a period of time to prevent any data loss resulting from failure to migrate, whether as a result of infected or corrupted data. By maintaining some redundancy, you also ensure that mail forwarding is working properly. Since MigrationWiz is a copy and paste tool your source will be exactly as you left it. Account Review Practices. You should regularly review your account activity to prevent unauthorized use. We enable you to set notifications to ping an email address of your choice in the event of a successful/failed migration. We further enable you to log subject lines of failed items, which provides better support visibility (but may not adhere to your own internal privacy policies). You are responsible for the accounts that have access to the environments. If the account is not being actively used to migrate data you should disable it. You are admins to your environment and have the ability to view where the connections are coming from for any account. If you see anything out of the ordinary or coming from an odd IP, disable the account and contact Support@BitTitan.com. Understanding your Common Vulnerabilities Exposures (CVEs). Data platforms are not always invulnerable. For example, Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 does not properly validate redirection tokens, which allows remote attackers to redirect users to arbitrary web sites and spoof the origin of email messages via unspecified vectors, aka "Exchange URL Redirection Vulnerability." A list of common software vulnerabilities is available at https://nvd.nist.gov/ and should be reviewed regularly and at least as often as new software updates are installed. Least-Privileged Access Controls. Least privileged access control is the concept and practice of restricting access rights for users, accounts, and computing processes to only those resources absolutely required to perform routine, legitimate activities that is, provisioning accounts with the lowest level of user rights to effectively perform duties. Frequently, a customer s biggest security vulnerability is often their internal team. BitTitan provides best practices security training to all employees. BitTitan recommends that all customers and users adopt a similar process to safeguard systems and data from accidental loss or unauthorized access. Page 3 of 6

Application Security BitTitan implements industry best practices for securing the transmission of data and these are continuously updated as technology evolves. We recommend that customers and users follow industry standards for securing systems, services, and data. BitTitan utilizes an AES hashing algorithm to encrypt data connections within the scalable environment. All Application endpoints that interact with backend workers, i.e., data store have been tested for injection vulnerabilities. All Application endpoints that accept user input have been tested for cross-site scripting vulnerabilities. All Application endpoints are tested for invalidated redirects daily. All Application endpoints that pass authentication credentials or session tokens are only accessible via HTTPS, using SSLv3 or above. Any Application endpoint that requires the user to enter their credentials is protected from clickjacking via the use of the 'X-FRAME-OPTIONS header. Any passwords stored by the Application are hashed with a standard hashing algorithm and an appropriate salt. User logins enforce password complexity and are protected from brute forcing. BitTitan scans the Network perimeter, disables any unnecessary services, and patches any critical CVEs in its infrastructure. Application end user accounts activity is captured and logged. This is to enable users audit activity and trace it back to the original actor in case of impersonation. Except to the extent related to the secure purging of data, user logs do not roll. Logs are reviewed at the discretion of BitTitan, including upon notice or knowledge of a potential Security Event. Data Security and Handling BitTitan does not store or maintain any cache of data processed during migrations. All cache or data used is cleared upon completion of the copy of the item and is not retrievable by any means upon success. You can use temporary administrative credentials and Office 365 impersonation to manage the entire migration project. You control both the source and destination at all times and have the ability to add audit logging to verify the transmission of the data. We highly recommended that you disable these administrative accounts immediately upon completion of the migration to prevent any unintended data breaches. You control the security of your data. BitTitan does not clean, scan or search for any potential viruses, threats or malware in your data and we do not store any of the transmitted data. Database Level Security We authenticate internal users through strong password complexity and change requirements. Further, we store all data in our databases with web endpoints using an AES 256-bit encryption (with ISO 10126 padding and proper random IV initialization). We restrict direct access to databases and limit queries of databases to administrators only and for non-data warehouse systems. We automate the process; there is no human interaction with the servers, software, or migration process. We connect outside of the firewall and never save any data to a physical disk. Data processed on virtual machines may be cached temporarily to optimize throughput, depending on the type and duration of your migration project. Page 4 of 6

Network Security Optimize Your Migration Network. MigrationWiz enables geographically-dispersed, locally-deployable, faulttolerant cloud computing infrastructure to distribute and optimize migrations. You can choose from a variety of geographically dispersed data centers and implementation methods. Networks are monitored on a 24x7 basis over all Application endpoints, and Network layer ports are monitored on five-minute intervals. BitTitan s patented technology allows you to scale your network to migrate large quantities of data over diverse and distinct technologies. Logging. Log files are reviewed regularly for security events (failed actions, administrative access, etc.). Logging to a syslog or log sever is enabled, and log files are reviewed on an ad hoc basis if suspicious activities are observed. If a potential security event is suspected during log review, it is reported to the Operations Team for immediate action. External Networks. Every connection to an external network is terminated at a firewall, and devices are configured to deny all traffic by default. Business Continuity Globally Redundant Continuity. BitTitan maintains and tests an effective business continuity plan (including disaster recovery and crisis management procedures) to provide continuous access to, and support for, the Application. BitTitan agrees to: (i) (ii) (iii) Back up, archive and maintain duplicate or redundant systems that can fully recover the Application on a daily basis. As previously noted, BitTitan does not house or save customer data. Establish and follow procedures and frequency intervals for transmitting backup data and systems to BitTitan s backup locations. All storage and systems are located in secure Geophysical locations in Azure. Update and test BitTitan s primary system(s) archives at least annually to ensure viability of recovery. Page 5 of 6

Definitions In this Security Overview, the following definitions will apply. All other capitalized terms will have the meaning set out in the User Agreement: Customer means any BitTitan customer or user of the Service Offerings. User Agreement means the applicable User Agreement at www.bittitan.com/legal. Application means the web-based data migration software hosted by BitTitan and made available at www.bittitan.com or any subdirectory or successor site. Network means the BitTitan-controlled environment including tables, databases, architecture and topology, local desktop or devices used and controlled by BitTitan employees or contractors (including employee intranet), and any other internet-enabled zone used to support the Application and that handles the Data. Customer Environment means the Customer or its affiliates environment including any tables, applications, network, security measures (e.g., firewalls), databases, machines, servers, architecture and topology, local desktop or devices used by Customer employees or contractors (including employee intranet), and any other system used by Customer, excluding the Network and Application. Security Event means any event attributable to the Application or Network that results in harm or an unauthorized disclosure in breach of the User Agreement concerning the Data. Good Industry Practices means methods or techniques to prevent a Security Event as aligned with ISO 27002:2013. Contact Us For technical information, and to learn more about our pricing and incentives, visit www.bittitan.com or contact a member of our Sales team at Sales@BitTitan.com. About BitTitan BitTitan empowers IT services professionals to properly assess, deploy, and manage technology solutions in a cloud-first world. With BitTitan MSPComplete, an IT services automation platform featuring BitTitan s globally renowned MigrationWiz solution, IT professionals can organize, optimize, and automate service delivery. BitTitan s solutions are cloud-based and save time, money and resources without sacrificing security. Customers have used BitTitan s globally recognized products, including MigrationWiz, to help more than 75,000 global customers transition millions of employees seamlessly to the cloud. For more information, visit www.bittitan.com. Page 6 of 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback