Cloud-Based Data Security

Similar documents
Keys to a more secure data environment

Introduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview

Watson Developer Cloud Security Overview

AUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE

AWS continually manages risk and undergoes recurring assessments to ensure compliance with industry standards.

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Security Architecture

SECURITY & PRIVACY DOCUMENTATION

SECURITY PRACTICES OVERVIEW

WHITE PAPER Cloud FastPath: A Highly Secure Data Transfer Solution

Teradata and Protegrity High-Value Protection for High-Value Data

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Automate sharing. Empower users. Retain control. Utilizes our purposebuilt cloud, not public shared clouds

QuickBooks Online Security White Paper July 2017

Solution Pack. Managed Services Virtual Private Cloud Security Features Selections and Prerequisites

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

SoftLayer Security and Compliance:

WHITEPAPER. Security overview. podio.com

PCI DSS and VNC Connect

Security and Compliance at Mavenlink

Layer Security White Paper

Cybersecurity The Evolving Landscape

Security Specification

Online Services Security v2.1

Security Principles for Stratos. Part no. 667/UE/31701/004

the SWIFT Customer Security

Security+ SY0-501 Study Guide Table of Contents

Security Solutions. Overview. Business Needs

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

The Common Controls Framework BY ADOBE

Security Information & Policies

Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)

Infrastructure Security Overview

Cloud FastPath: Highly Secure Data Transfer

Security

ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE

Data Inventory and Classification, Physical Devices and Systems ID.AM-1, Software Platforms and Applications ID.AM-2 Inventory

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Verizon Software Defined Perimeter (SDP).

Data Security and Privacy Principles IBM Cloud Services

Inventory and Reporting Security Q&A

CTS performs nightly backups of the Church360 production databases and retains these backups for one month.

The Nasuni Security Model

THREE COLOCATION MYTHS HEALTHCARE PROVIDERS SHOULD LEAVE BEHIND. Exploring Security, Compliance, and Performance in Healthcare IT

Google Cloud Platform: Customer Responsibility Matrix. December 2018

Data Security at Smart Assessor

تاثیرفناوری اطالعات برسازمان ومدیریت جلسه هشتم و نهم

IBM SmartCloud Engage Security

Juniper Vendor Security Requirements

SECURITY AND DATA REDUNDANCY. A White Paper

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

W H IT E P A P E R. Salesforce Security for the IT Executive

A company built on security

Cloud & Managed Server Hosting for Healthcare Professionals

Safeguarding Cardholder Account Data

2.4. Target Audience This document is intended to be read by technical staff involved in the procurement of externally hosted solutions for Diageo.

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Ceedo Client Family Products Security

The Honest Advantage

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

HALO IN ACTION COMPLIANCE DON T LET LEGACY SECURITY TOOLS HOLD UP PCI COMPLIANCE IN THE CLOUD. Automated PCI compliance anytime, anywhere.

Google Cloud Platform: Customer Responsibility Matrix. April 2017

Information Security in Corporation

Morningstar ByAllAccounts Service Security & Privacy Overview

Are You Avoiding These Top 10 File Transfer Risks?

Point ipos Implementation Guide. Hypercom P2100 using the Point ipos Payment Core Hypercom H2210/K1200 using the Point ipos Payment Core

Information Security at Veritext Protecting Your Data

Daxko s PCI DSS Responsibilities

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

How-to Guide: Tenable.io for Microsoft Azure. Last Updated: November 16, 2018

RAPID7 INFORMATION SECURITY. An Overview of Rapid7 s Internal Security Practices and Procedures

InterCall Virtual Environments and Webcasting

Security: The Key to Affordable Unmanned Aircraft Systems

Integrated Cloud Environment Security White Paper

How-to Guide: Tenable Nessus for Microsoft Azure. Last Updated: April 03, 2018

BEYOND CJIS: ENHANCED SECURITY, NOT JUST COMPLIANCE

Monthly Cyber Threat Briefing

SOC 3 for Security and Availability

Security Enhancements

Completing your AWS Cloud SECURING YOUR AMAZON WEB SERVICES ENVIRONMENT

SOC-2 Requirement Solution Brief. EventTracker 8815 Centre Park Drive, Columbia MD SOC-2

VMware vcloud Air SOC 1 Control Matrix

Best Practices in Securing a Multicloud World

INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.1 SUCCESS AKAMAI SOLUTIONS BRIEF INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.

Carbon Black PCI Compliance Mapping Checklist

Changing face of endpoint security

The Lighthouse Case Management System

IBM SmartCloud Notes Security

PCI DSS and the VNC SDK

Cloud Security Whitepaper

SECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry

Effective Strategies for Managing Cybersecurity Risks

Introduction. Controlling Information Systems. Threats to Computerised Information System. Why System are Vulnerable?

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

TEL2813/IS2820 Security Management

WHITE PAPER. Title. Managed Services for SAS Technology

TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES

Transcription:

White Paper Cloud-Based Data Security SaaS-built Galileo collects and analyzes customized performance data efficiently, on-demand, via a secure Internet connection.

About Galileo Created by the ATS Group, Galileo improves IT utilization and capacity planning with convenient cloud-based performance monitoring. Evaluate hundreds of charts and metrics. Galileo delivers analytical perspectives of server and storage hardware and virtualization environments to ensure optimal performance of physical and virtual servers and storage. Built on a SaaS architecture, Galileo installs in minutes without onsite data or hardware requirements. Automatic collection of real-time data and quick, easy, graphical reporting via an intuitive web interface offers access to custom dashboards with full drilldown into data details. Table of Contents Executive Summary... 1 The Problem... 1 The Solution... 2 Galileo: Agent Data Security... 2 Galileo: Web Portal Access... 4 Galileo: Physical Security... 4 Galileo: System Security... 5 Galileo: Security Policies... 5 Conclusion... 6

Executive Summary Software as a Service (SaaS) delivery models have had a profound impact to how businesses can more-efficiently communicate, collaborate, and achieve tasks while delivering more data, to more places, from more access methods (e.g., tablets, smartphones, desktops). Businesses can now rapidly access data in the cloud that once resided solely behind a corporate firewall and required users to be in the office or use complex Virtual Private Network (VPN) systems. As cloud computing evolves, businesses will continue to demand more access to data. The role of the SaaS provider is to protect your data at the highest level of security. This paper addresses the security measures of Galileo Performance Explorer that provides a secure environment for your data. Galileo uses a multi-layered and multi-faceted approach to data security, designed to protect your data in transit and while at rest in the cloud. The Problem Security Threats are Vast Compromised data often results in the loss of trust with your current and future customers. It could also mean the loss of trade secrets, identity theft, or even worse, the downfall of your entire business. Security threats have moved from what were primarily network based attacks to sophisticated website and application vulnerability profiling and eventual exploitation of those vulnerabilities. Worse yet, underground communities and massive botnets are being utilized to launch large scale denial of service attacks against providers crippling infrastructure for hours and even weeks leaving customers unable to access their data. No single solution exists today to identify, prevent, or mitigate these security issues. Instead, SaaS providers of cloud-based tools must employ a multi faceted approach to security for both the physical and logical architectures of the solution for their end users. Technology can assist in the prevention of these attacks, however, the rigidity of policies and procedures are often the most critical pieces to security. 1

The Solution Protect Data at the Source One obvious solution to protecting offsite data is to minimize or eliminate the transmission of sensitive information deemed to pose security threats to your organization. That means that data security and integrity must start at the source. Galileo employs several methods to ensure that your data is scrubbed of sensitive information before the data even leaves your organization. So, even if your performance data is compromised in transit, it could never be used to uniquely identify your company, your customers, or open the door to potential hacking. Galileo: Agent Data Security Galileo uses a customer-side agent to collect performance metrics for each managed server. In most cases, the Galileo software gathers information from Operating System-native utilities coupled with Galileo-written utilities and scripts. In order for data to be collected and forwarded to the Galileo infrastructure, the agent must first be registered and authenticated. The registration process uses machine-based authentication using a Certificate Authority (CA), signed and managed by the ATS Group. This authentication guarantees that data will be securely transmitted from your organization to the cloud using SSL. It also prevents unauthorized data transmission by non-registered agents. Data transmission is unidirectional and outbound only, and at no time is data ever transmitted inbound to a customer server. The outbound data from the agent contains both relevant performance metrics as well as information to help identify the client to the Galileo servers. Server information such as IP addresses, host names, server model, and server serial number are included in the data transmission along with system performance metrics. For customers concerned with protecting this systemspecific data, the Galileo agent can be optionally configured to either scramble or, in some cases, completely remove these metrics prior to the data being transmitted. The agent communication process is similar in nature to devices that utilize call home capabilities, a process that allows system availability and performance metrics to be automatically transmitted to a third-party vendor at an offsite location. In fact, you may already have devices in your data center today leveraging this type of communication under similar security measures. 2

It should be noted, Galileo does not transmit nor store any Personally Identifiable Information (PII), such as Payment Card Industry (PCI) data, user id s or associated user names, social security numbers, phone numbers, addresses, biometric records, or birthdates; rather, all captured data transmitted is specifically related to IT data center performance on systems utilizing native OS and Galileo-developed tools. The Galileo client agent does not have visibility into databases, or other structures either on disk or in memory that would allow it to glean such information. While we don t specifically capture financial information, Galileo is nevertheless hosted on systems owned and operated by Galileo/ATS in a secured colocation space that is accredited by the Statement on Standards for Attestation Engagements 16 (SSAE 16) as set forth by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA). The Colocation is further accredited by the Service Organization 2 (SOC 2) Type II examination bodies that set standardized security benchmark controls regarding data center testing and operational effectiveness, and are considered among the strictest standards for hosted and processed data, as defined by the AICPA. We strive to adhere to some of the strictest current data transmission security regulations and standards set forth by both governmental and industry-specific regulatory bodies. For example, the Federal Information Processing Standard (FIPS) 140-2 dictates very specific regulations when it comes to cryptographic components. Whenever applicable, Galileo utilizes FIPS 140-2 compliant SSL encryption modules on all systems receiving data from our customers. We are actively continuing to fine tune Galileo s security posture to ensure the strictest security of our customers data - now and in the future. Our security evolves based on the current state of the industry, and we strive to be at the forefront of these efforts. We take great pride in utilizing proper methodologies and practices to ensure that we re protecting your data and our infrastructure. Our developers and engineers practice secure development methodologies; our systems are continually audited for vulnerabilities and potential exposures as well as employ staff that focus the majority of their work days to keeping Galileo secure from internal and external threats using processes and procedures gleaned from decades working with Fortune 500 companies, the energy sector, telecommunications, and government entities who demand top-notch security. 3

Security Highlights Agent Data Collection Agent registration ensures authenticated access Performance and machine metrics only Optional scrambling or removal of sensitive data Data Transfer Outbound SSL communications (HTTPS) only Communication is machine-authenticated Secured by a certificate signed by the ATS CA Web Portal Access SSL communications (HTTPS) User-authenticated web portal Secured by a certificate signed by a trusted 3rd party Certificate Authority Physical Security 24/7 operations center Badge and biometric security access Secure server cabinet Internet firewall Galileo: Web Portal Access The Galileo web portal provides an initiative user interface that enables administrators and managers to view the performance data collected from their servers. Users access the web portal from a standard web browser over an HTTPS connection and secured by a certificate signed by a trusted third party CA. In addition, the web portal requires password-protected user authentication to prevent access to the data by anyone not authorized to access the portal. Users have access only to performance data related to their servers. Galileo: Physical Security Physical security consists of the measures in place to protect direct, physical access to the power, HVAC, network, and server infrastructure that operate web based applications. Our main data center must undergo stringent analysis for the presence, implementation, and ongoing administration of physical security infrastructure. Galileo operates its cloud infrastructure in a facility that has been audited by industry-leading compliance firms. As such, our facility has demonstrated control and accounting measures in place for physical security and maintains strict security policies and practices. The physical location and design of this facility assists in the prevention and mitigation of both natural and man made assaults. The facility was selected based on a natural disaster scenario risk assessment, as well as flood plain screenings and evaluations. To further enhance the security of the infrastructure, no identifiable markings, or signage is visible from the exterior. All power and cooling systems are secured behind gated fences and are limited to authorized personnel. Each facility is equipped with solid block exterior perimeters and ramming bollards to mitigate potential damage to the infrastructure from exterior sources. Security personnel control access to and from, including the monitoring of individuals within the facility. Access to our facility is limited to specific individuals for the purposes of maintaining and managing the infrastructure. Under no circumstances are unauthorized individuals granted privileges to enter. 4

The Galileo data center utilizes state of the art biometric scanning equipment for access to sensitive and restricted areas. These systems permit only authorized individuals into these areas, and log and report all access for historical reference and review purposes. Galileo s facility operates high resolution, continuous surveillance security cameras which monitor the movement of individuals throughout the facilities. These cameras are monitored by security personnel and also record all feeds to DVR systems which are maintained for historical reference and review purposes. Galileo s physical infrastructure equipment is always segregated from the collocation population with individually locked racks. These racks require physical key access which is only provided to individuals authorized to access these areas. Galileo: System Security Galileo operates primarily on the Linux Operating System. Each system deployed for use in our production facilities is imaged to contain only necessary software required to operate Galileo. This practice, known as host hardening, reduces the likelihood of host exploits by limiting the software, processes, and open ports enabled on each system. Periodically, these systems undergo an evaluation of software, patches, and recommended updates to ensure proper function and to patch any security threats. Access to these processing systems is limited by Galileo s security policies and is granted only to those which require it for purposes of administration and maintenance of the system. Galileo: Security Policies Internal security policies developed by the ATS Group for Galileo specifically addresses physical, network, system, and data security. These policies include, but are not limited to: Access Control (Physical, System, Network, and Hardcopy) Centralized Desktop and Laptop Antivirus & Malware Protection Desktop/Laptop security policies which enforce rules surrounding: - Software Installation and Usage - Network Accessibility - Periodic Password Resets - Credential Failure Lockout - Idle Screen Locking Employee Background Checks and Drug Screening Employee Customer Data Confidentiality Agreements 5

Conclusion As businesses move sensitive data to the cloud, SaaS providers are faced with the growing challenges associated with keeping this data safe. Data breach, network intrusion, or denial of service threats are constantly evolving and require experienced security professionals. Galileo s multi faceted approach to security, backed by stringent security policies, industry leading threat protection, and mitigation solution deployments help keep your data private and safe. This information is intended solely for use by the ATS Group and its customers. Any unauthorized duplication of this document is strictly prohibited. Copyright ATS Group. All rights reserved. ATS Group is an IBM Premier Business Partner. 07.08.15 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback