CAMPUSPRESS TECHNICAL & SECURITY GUIDE

Similar documents
For Australia January 2018

DHIS2 Hosting Proposal

For USA & Europe January 2018

BeBanjo Infrastructure and Security Overview

Twilio cloud communications SECURITY

InterCall Virtual Environments and Webcasting

AUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE

A company built on security

Magento Commerce Architecture and Security Model Last updated: Aug 2017

White Paper The simpro Cloud

What can the OnBase Cloud do for you? lbmctech.com

PCI DSS Compliance. White Paper Parallels Remote Application Server

TB+ 1.5 Billion+ The OnBase Cloud by Hyland 600,000,000+ content stored. pages stored

Maintain Data Control and Work Productivity

MaintMaster Technical White Paper

Cisco Meraki Privacy and Security Practices. List of Technical and Organizational Measures

AWS continually manages risk and undergoes recurring assessments to ensure compliance with industry standards.

IBM Security Intelligence on Cloud

TRACKVIA SECURITY OVERVIEW

MYOB Advanced SaaS. Why choose MYOB Advanced? Fact Sheet. What is MYOB Advanced SaaS?

Edge for All Business

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

Intermedia s Private Cloud Exchange

Layer Security White Paper

Enterprise Overview. Benefits and features of Cloudflare s Enterprise plan FLARE

Kerio Cloud. Adam Bielawski. Cloud Hosted Enterprise-Class , Calendars, Contacts, Tasks, and Instant Messaging. Twitter LinkedIn Facebook

Information Security Policy

There are also a range of security and redundancy systems designed to improve the speed, reliability, stability and security of the simpro Cloud.

CTS performs nightly backups of the Church360 production databases and retains these backups for one month.

Security and Compliance at Mavenlink

ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE

Liferay Security Features Overview. How Liferay Approaches Security

SCALEFAST COMMERCE CLOUD INFRASTRUCTURE

Daxko s PCI DSS Responsibilities

Information Security Practices

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Projectplace: A Secure Project Collaboration Solution

KantanMT.com. Security & Infra-Structure Overview

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Automate sharing. Empower users. Retain control. Utilizes our purposebuilt cloud, not public shared clouds

WEBSCALE CONVERGED APPLICATION DELIVERY PLATFORM

The Nasuni Security Model

SECURITY & PRIVACY DOCUMENTATION

Identifying Workloads for the Cloud

CLOUDALLY EBOOK. Best Practices for Business Continuity

SDL Privacy Policy Cloud Services

Google Cloud & the General Data Protection Regulation (GDPR)

The Cloud Changes Nothing and Everything! Amazon.com, Inc. and its affiliates. All rights reserved.

Security Information & Policies

ISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045

Core Services for ediscovery Perfection

Kroll Ontrack VMware Forum. Survey and Report

Watson Developer Cloud Security Overview

Asset Bank - Shared Hosting. Service Description

Security & Privacy Guide

SECURITY PRACTICES OVERVIEW

Vendor Security Questionnaire

Deploy. A step-by-step guide to successfully deploying your new app with the FileMaker Platform

DELIVERING PERFORMANCE, SCALABILITY, AND AVAILABILITY ON THE SERVICENOW NONSTOP CLOUD

How to host and manage enterprise customers on AWS: TOYOTA, Nippon Television, UNIQLO use cases

WHITE PAPER. Header Title. Side Bar Copy. Header Title 5 Reasons to Consider Disaster Recovery as a Service for IBM i WHITEPAPER

IBM Case Manager on Cloud

Cloud Transformation and Significance of Security

P a g e 1. Teknologisk Institut. Online kursus k SysAdmin & DevOps Collection

A Checklist for Compliance in the Cloud 1. A Checklist for Compliance in the Cloud

Due Diligence March 2018 Page 1 of 6. Company

WHITE PAPER- Managed Services Security Practices

Security & Compliance in the AWS Cloud. Amazon Web Services

How can you implement this through a script that a scheduling daemon runs daily on the application servers?

Build an open hybrid cloud and paint it red and blue

Cogeco Peer 1 PCI DSS Compliance. Overview

Security Overview. Technical Whitepaper. Secure by design. End to end security. N-tier Application Architecture. Data encryption. User authentication

You Might Know Us As. Copyright 2016 TierPoint, LLC. All rights reserved.

Best Practices in Securing a Multicloud World

Security Specification

Amit Panchal Enterprise Technology Strategist

The Interactive Guide to Protecting Your Election Website

Data Center Operations Guide

Single-Tenant vs. Multi-Tenant Enterprise Software

Cloud Security Whitepaper

Document Sub Title. Yotpo. Technical Overview 07/18/ Yotpo

Don t Be the Next Headline! PHI and Cyber Security in Outsourced Services.

Technical Brief SUPPORTPOINT TECHNICAL BRIEF MARCH

Storage Made Easy. SoftLayer

Inventory and Reporting Security Q&A

WORKSHARE SECURITY OVERVIEW

Developing Microsoft Azure Solutions (70-532) Syllabus

QuickBooks Online Security White Paper July 2017

THE DEFINITIVE GUIDE TO BACKUP FOR OFFICE 365

Developing Microsoft Azure Solutions (70-532) Syllabus

Configuration and Day 2 Operations First Published On: Last Updated On:

PretaGov Australia SaaS Hosting with Fully Managed Services, Support and Maintenance

APPLICATION & INFRASTRUCTURE SECURITY CONTROLS

Managing Performance in Liferay DXP: An Overview of Liferay Connected Services

AWS SECURITY AND COMPLIANCE QUICK REFERENCE GUIDE

Data Security at Smart Assessor

A guide for assembling your Jira Data Center team

Cyber security tips and self-assessment for business

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

Open Source Container-Based Cloud Hosting

Transcription:

CAMPUSPRESS TECHNICAL & SECURITY GUIDE CAMPUSPRESS

2 WHAT IS IN THIS GUIDE? TABLE OF CONTENTS INTRODUCTION... 3 HOSTING... 5 DATACENTERS & HOSTING REGIONS... 6 BACKUPS AND DISASTER RECOVERY... 8 RELIABILITY AND SLA... 8 SECURITY... 9 PRIVACY & DATA... 10 DEVELOPMENT... 11 CHANGE MANAGEMENT PROCEDURES... 11 CODE AUDITS AND GUIDELINES... 11 DEVELOPMENT ENVIRONMENTS... 12

3 INTRODUCTION OUR STORY CampusPress has grown from a single idea in 2005 into the largest and most trusted provider of educational blogging and WordPress hosting in the world. To date, we host well over 5 million WordPress blogs and sites for thousands of schools and universities all over the globe. This includes nearly 1,000 CampusPress white-label networks. We also host and manage the hugely popular Edublogs.org network. AN INCSUB PROJECT CampusPress is part of a team of 60 WordPress experts - a company called Incsub. We re also the same folks behind WPMU DEV. With CampusPress, you get access to our entire team and resources. Based in Australia, but with employees located all over the globe, the CampusPress and Incsub team consists of some of the best technological and educational minds in the biz.

4 OVERVIEW We provide fully managed WordPress Multisite hosting and services for education organizations. SERVICES INCLUDE Hosting on our enterprise level network Managed upgrades of WordPress core, plugins and themes A curated list of available WordPress plugins and themes SSO authentication (Shibboleth, LDAP, CAS, Google Apps, etc.) 24/7 priority email support Testing environment Custom design and development Training services (in-person or virtual) FEATURES INCLUDE Accessibility ready themes Contact forms, surveys, polls Documents, media libraries Embedding of media (videos, widgets, etc.) Event calendars Forums Google analytics Google maps Image galleries Language translation (automatic/google and manual) SEO optimization Social sharing Wikis And more...

5 HOSTING HOSTING OVERVIEW CampusPress has carefully selected partners for hosting data centers to physically house the servers that we use. CampusPress staff remotely manage and maintain the servers and applications in these datacenters. The two partners include Amazon Web Services (AWS) and Peer1. CampusPress, and our customers, are able to leverage certifications and security assurances by these partners as it relates to physical security. All datacenters include the highest levels of 24//365 on-site security, regulated climate control, redundant power, automated off-site backups, and industry-leading network infrastructure. AMAZON WEB SERVICES Amazon Web Services is trusted by governments and institutions world-wide. For security reasons, Amazon does not share specifics such as physical locations or network infrastructure with the public. Certifications include ISO27001:2005, SSAE16 SOC 1, SOC 2, SOC 3, and PCI-DSS ROC. PEER1 Peer1 also hosts many of the largest websites on the web, including WordPress.com and WordPress VIP. Certifications include SSAE 16, CSAE 3416, and ISAE 3402.

6 DATACENTERS & HOSTING REGIONS In order to comply with local legal requirements, each customer can choose to be fully hosted in one of four regions, including: Australia Hosted in Amazon Web Services Sydney Region. aws.amazon.com Canada Hosted in Peer1 s Toronto datacenter. peer1.com/infrastructure/datacenter-toronto United Kingdom Hosted in Peer1 s Portsmouth, UK datacenter. peer1.com/infrastructure/datacenter-portsmouth United States Hosted in Peer1 s San Antonio, TX datacenter. peer1.com/infrastructure/datacenter-san-antonio INFRASTRUCTURE AND ARCHITECTURE Our fully managed networks include multiple web, database, mail, and load balancing servers. We re generally able to add, replace, and do maintenance on hardware without impacting performance or needing scheduled downtime. We only host WordPress Multisite, and fine-tuned to support it, including Apache web servers with PHP, NGINX for load balancing, and MYSQL databases.

7 Customer Segregation We use Docker containers with Ansible to isolate each WordPress install from each other, while still allowing each site to benefit from the scalability that comes with our infrastructure. Customer code base is separated in unique Bitbucket repositories. File Storage In our US and AU regions, all images, documents, and other user files are uploaded securely to Amazon S3 so that they are able to be served at much faster speeds using Amazon s vast cloud network. CloudFlare As a CloudFlare Certified Partner, we make available their services at no additional costs to help protect and accelerate sites we host. This includes a CDN, advanced DDOS protection, and Railgun speed improvements. Cache and Traffic Spikes All text content on the public side is cached automatically so that no matter how many visitors your site gets, speeds stay fast. We handle billions of page views each year, and are confident we can handle the largest of any sudden traffic spikes. SSL & HTTPS We encourage enabling https/ssl protection for all logged in user activity. Customers can provide SSL certs or we can obtain certs via CloudFlare.

8 BACKUPS AND DISASTER RECOVERY There are multiple backup and replication processes in place. Networks are hosted on a cluster of multiple web and database servers for built-in replication and redundancy. Nightly database backups are encrypted and then stored with Amazon S3. Backups are kept for at least 30 days. Backups are verified and full restores are tested on a bi-weekly basis. Our data center partners, Peer1 and Amazon, both also perform their own regular backups of their servers that are stored off site (but within the same country) in order to protect against natural disasters or catastrophic events. In many cases, our extensive database logs can be used to roll back or recreate content and data as well. Restore times depend on the size of the WordPress network and the cause of the disaster, but full backup recovery should take no more than 24 hours. PERFORMANCE MONITORING We use a variety of tools to automatically monitor performance and reliability of the service, including Munin, Nagios, StatsD/Graphite, Pingdom, and New Relic. All services are set to send automated alerts to our support and systems teams, which are monitored and handled 24/7. These tools also provide us with a wealth of information and data so that our team can constantly work to improve performance and efficiency in our service. RELIABILITY AND SLA We offer a 99.9% up-time SLA to our enterprise level customers, as will be detailed in the formal agreement. See status.campuspress.com for latest performance statistics.

9 SECURITY GENERAL SECURITY INFORMATION The security and reliability of our service is our number one priority. In addition to the general WordPress security features, we have staff who perform daily checks of industry security blogs, websites and newsletters to keep on top of any potential vulnerabilities that pertain to the systems we use or employ. We use ClamAV for all servers and TrendMicro and Norton for our desktops with regular updates as needed. Any WordPress core, plugin, or theme security patches will be applied within 24 hours of release. See wordpress.org/about/security for details on the security of the WordPress source. EMPLOYEE POLICIES Every CampusPress employee goes through background checks and an onboarding process that includes a trial period where access to customer servers and data is provided only when working directly under the supervision of another staff member. CampusPress staff only have access to systems that are directly required to complete the functions of their job. We use dual factor authentication for all critical systems and communications services, and automatically log all staff activity. All CampusPress staff undergo initial training to ensure proper understanding of all security related processes. Staff regularly attend industry conferences and otherwise stay informed of best practices and relevant trends. SECURITY BREACHES AND NOTIFICATIONS POLICY Should any security related event occur, our policy is to alert our customers via email no later than 24 hours of our team becoming aware of the event. We will work closely with any customers effected to determine next steps such as end-user notifications, needed patches, and how to avoid any similar event in the future.

10 PRIVACY & DATA PERSONALLY IDENTIFIABLE INFORMATION We only require a username and email address to log in and use the WordPress network. Customers may choose to also provide names. We do not collect, store, require, or transmit PII data related to health, financial institutions, mailing addresses, government ID numbers, etc. Only CampusPress staff have access to customer data. Our hosting partners, including Amazon Web Services, Peer1, and CloudFlare, do not have logical access to WordPress networks, the database, or user data that we host. Should a customer request, we will completely destroy and delete all data and content from a given user. PRIVACY POLICY The full end-user privacy agreement is found at campuspress.com/privacy. In general, we don t sell, share, or publish any user data. We only collect and store data for the purposes of providing the WordPress hosting service. EXPORTS AND DATABASE DUMPS Should a customer leave us, or should a local archive of user data be required, we can provide a complete export and database dump of a network. We will completely purge all customer data within three months of cancelling service.

11 DEVELOPMENT CHANGE MANAGEMENT PROCEDURES In order to ensure the reliability of our service, we ve implemented a change management policy that we follow for all updates, upgrades, and code changes. We perform all WordPress core, plugin and theme updates, general improvements, and server maintenance during a regularly scheduled weekly window. All changes are thoroughly tested by our developers and quality assurance team as follows: 1. Tested fully in local testing environment by technical team. 2. Automated and unit testing in multiple development environments. 3. Manual testing by QA team in multiple development environments using all major browsers and operating systems, including mobile devices. 4. Full deployment to small subset of live networks and all development/test networks that willingly participate in beta testing program. 5. Final manual code and performance review by technical team leadership. 6. Full deployment to all customers during next regular Primary Updates window (Tuesdays) and an update published to our change log alerting customers. 7. Continuous monitoring by technical and support teams. 8. For any significant changes that end users may notice, we ll provide documentation and warning to Super Administrators well in advance. CODE AUDITS AND GUIDELINES We have automatic and manual code reviews in place for all plugins and themes that are added to any site we host. All plugins and themes must adhere to the WordPress Coding Standards as well as a list of guidelines that we provide in our documentation section.

12 BITBUCKET AND VERSION CONTROL We use Bitbucket for version control. Customers that have custom themes should initiate a pull request to alert our team of developers to initiate a code review. Depending on the queue and complexity of the theme (or edit), a review can take up to 24 hours (or more for complex themes). DEVELOPMENT ENVIRONMENTS We can set you up with a testing environment in which to upload themes or major changes to before moving to production. For individual sites, we have a clone tool, which can be used for testing out a new theme or adding new content, and then writing over the existing site with just a few clicks. GETTING STARTED AND FREE TRIALS We regularly set up free trial and/or demo networks for potential customers to use to asses our service. The first thing we need to know for all new networks (demo or production) is the URL to use (like sites.yourschool.edu or blogs.yourschool.edu). From there, we will create the network and send you the needed DNS entry to point the domain to our servers. If you have an existing network, we ll start with a test migration and a manual review of all existing plugins and themes. Questions? Email contact@campuspress.com or call 1-855-776-2541

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback