Your Data and Artificial Intelligence: Wise Athena Security, Privacy and Trust. Wise Athena Security Team

Similar documents
Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

QuickBooks Online Security White Paper July 2017

MigrationWiz Security Overview

WHITEPAPER. Security overview. podio.com

ARBOR DDoS PRODUCTS IN A GDPR COMPLIANT ENVIRONMENT. Guidelines and Frequently Asked Questions

GDPR Processor Security Controls. GDPR Toolkit Version 1 Datagator Ltd

Security Overview. Technical Whitepaper. Secure by design. End to end security. N-tier Application Architecture. Data encryption. User authentication

Secure Access & SWIFT Customer Security Controls Framework

GDPR Update and ENISA guidelines

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

epldt Web Builder Security March 2017

10 FOCUS AREAS FOR BREACH PREVENTION

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

Data Protection. Plugging the gap. Gary Comiskey 26 February 2010

Unleash the Power of Secure, Real-Time Collaboration

the SWIFT Customer Security

Oracle Data Cloud ( ODC ) Inbound Security Policies

Projectplace: A Secure Project Collaboration Solution

AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments

Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)

Data Security and Privacy Principles IBM Cloud Services

Cloud FastPath: Highly Secure Data Transfer

Cyber Security Program

How do you decide what s best for you?

The Center for Internet Security

Twilio cloud communications SECURITY

Sparta Systems Stratas Solution

Version 1/2018. GDPR Processor Security Controls

Security Specification

TEL2813/IS2820 Security Management

SOLUTION BRIEF RSA SECURID SUITE ACCELERATE BUSINESS WHILE MANAGING IDENTITY RISK

SECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry

Crises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe.

Cisco ASA 5500 Series IPS Edition for the Enterprise

The Common Controls Framework BY ADOBE


Automate sharing. Empower users. Retain control. Utilizes our purposebuilt cloud, not public shared clouds

Jim Reavis CEO and Founder Cloud Security Alliance December 2017

Ian Speller CISM PCIP MBCS. Head of Corporate Security at Sopra Steria

IBM Secure Proxy. Advanced edge security for your multienterprise. Secure your network at the edge. Highlights

PCI DSS Compliance. Verba SOLUTION GUIDE. Introduction. Verba and the Payment Card Industry Data Security Standard

FOR FINANCIAL SERVICES ORGANIZATIONS

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

InterCall Virtual Environments and Webcasting

SMart esolutions Information Security

INFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare

Security Fundamentals for your Privileged Account Security Deployment

Protecting your data. EY s approach to data privacy and information security

Layer Security White Paper

The simplified guide to. HIPAA compliance

Threat Modeling. Bart De Win Secure Application Development Course, Credits to

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

The Information Age has brought enormous

BIG DATA INDUSTRY PAPER

Security Architecture

Managing SaaS risks for cloud customers

Guide to Network Defense and Countermeasures Second Edition. Chapter 2 Security Policy Design: Risk Analysis

Clarity on Cyber Security. Media conference 29 May 2018

Teradata and Protegrity High-Value Protection for High-Value Data

This paper introduces the security policies, practices, and procedures of Lucidchart.

What is ISO ISMS? Business Beam

A Risk Management Platform

Canada Life Cyber Security Statement 2018

200 IT Security Job Interview Questions The Questions IT Leaders Ask

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

PROTECTION FOR WORKSTATIONS, SERVERS, AND TERMINAL DEVICES ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

Security+ SY0-501 Study Guide Table of Contents

itexamdump 최고이자최신인 IT 인증시험덤프 일년무료업데이트서비스제공

SOC-2 Requirement Solution Brief. EventTracker 8815 Centre Park Drive, Columbia MD SOC-2

Cloud-Based Data Security

For USA & Europe January 2018

Ο ρόλος της τεχνολογίας στο ταξίδι της συμμόρφωσης με τον Γενικό Κανονισμό. Αντιγόνη Παπανικολάου & Νίκος Αναστόπουλος

Solutions Business Manager Web Application Security Assessment

Security Information & Policies

emarketeer Information Security Policy

DreamFactory Security Guide

Best Practices in Securing a Multicloud World

HIPAA Regulatory Compliance

SSAE 18 & new SOC approach to compliance. Moderator Name: Patricio Garcia Managing Partner ControlCase Attestation Services

Awareness Technologies Systems Security. PHONE: (888)

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Whose Cloud Is It Anyway? Exploring Data Security, Ownership and Control

WORKSHARE SECURITY OVERVIEW

EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS

VMware vcloud Air SOC 1 Control Matrix

NIST Revision 2: Guide to Industrial Control Systems (ICS) Security

LBI Public Information. Please consider the impact to the environment before printing this.

A (sample) computerized system for publishing the daily currency exchange rates

General Data Protection Regulation

G DATA WhitePaper. Layered Security

IDENTITY AND THE NEW AGE OF ENTERPRISE SECURITY BEN SMITH CISSP CRISC CIPT RSA FIELD CTO

Xerox Audio Documents App

SECURITY PRACTICES OVERVIEW

SAS SOLUTIONS ONDEMAND

AWS continually manages risk and undergoes recurring assessments to ensure compliance with industry standards.

BRING EXPERT TRAINING TO YOUR WORKPLACE.

Operating systems and security - Overview

Operating systems and security - Overview

SECURITY & PRIVACY DOCUMENTATION

ngenius Products in a GDPR Compliant Environment

Transcription:

Your Data and Artificial Intelligence: Wise Athena Security, Privacy and Trust Wise Athena Security Team

Contents Abstract... 3 Security, privacy and trust... 3 Artificial Intelligence in the cloud and Information Security Governance...4 Wise Athena cloud platform security and privacy...5 Conclusion... 6 More detailed information... 6 Contact us... 7

Abstract The need for security to be included in the design of technological systems is nowadays consensual among responsible software companies. The maturity of the IT industry, and in particular the Software as a Service (SaaS) market, reserved for security a role of growing importance. Digital security is now a vertical discipline with connections to almost every aspect of a well designed product and represents a sizable share of R&D investment. This document summarizes principles and processes implemented by Wise Athena on the development and maintenance of its Artificial Intelligence as a Service platform (AiaaS). Security, privacy and trust Customers of the SaaS market often present legitimate concerns regarding security. Being SaaS something relatively new and given the continuous trend of worldwide Internet access over ever growing bandwidth it is reasonable to question whether SaaS providers allocate appropriate effort to platform security. Special attention is usually paid by customers to data privacy, a critical concept for cloud operations. From a customer standpoint the assurance that business data is managed in a way that prevents unauthorized access is often the most important component in the definition of trust. And trust is, of course, the basis of every successful business relationship. A reliable security process puts in place mechanisms that ensure resistance to data privacy threats, either internal or external to the company. Such process must be documented and clearly explained to customers so they can evaluate the provider's conformance to their own privacy standards. But other less obvious components of security are also critical for long term customer trust: it is desirable that a SaaS platform is resistant to service disruption and service degradation threats that could otherwise affect users in different ways. For example, availability and performance issues could lead customers to sub-standard productivity levels and the provider's support team to overload situations. Preventing these kinds of threats protects customers and providers from troublesome road maps. This means that a high security level is necessary at all fronts in order to deliver a platform of

great availability, performance and data privacy. The relationship between security, privacy and trust, contextualized by other critical platform concerns is described on the diagram below. The end to end maintenance of security features and processes is usually called Security Governance. How security impacts privacy and trust Artificial Intelligence in the cloud and Information Security Governance The business of Artificial Intelligence as a Service (AIaaS) features many common properties of the SaaS model along with a small number of unique ones. As with any SaaS scenario, the Security Governance of AIaaS is the art of managing all sides of security at all layers of the platform, such as the software layer (e.g., secure design, unit-tested functions,...), the operating system layer (e.g., minimal viable package set, centralized authentication, scheduled installation of security updates,...) or the human layer (e.g., employee role assignment and life role cycle). Security improvements at each layer contribute to minimize the platform's exposure to security threats.

How investing in security measures minimizes risk of incidents The extent of areas to cover and the continuous nature of the corresponding effort have led to the well-known governance mantra, already hinted at the previous section: "security is a process". What security is a process means is that, no matter how good the technical components of the system are at a specific moment in time, any fire-and-forget approach will statistically lead to security incidents: vulnerabilities can be found at OS components, employee roles can be abused, custom software can have bugs, etc. For each potential attack vector a mitigation process must be in place - this is how responsible suppliers should see security. An AIaaS platform must deal with very large amounts of business data, such as sales records or customer activity logs, and moments very high processing loads intertwined with ones of mostly idle systems. This is caused by the periodic nature of customer data which needs to be processed at predefined time intervals. One consequence of the above is the need for large amounts of encrypted temporary per-customer storage blocks. Another one is the need of built-in processing scalability that allows the platform to grow to hundreds of CPU cores in a matter of minutes, along with a secure method of communication between processing virtual machines and their controllers. The large amount of machines necessary imposes the use of fully automated system installation and configuration tools, which, on the other hand, prevent potential security problems that would arise from error-prone manual configurations.

Wise Athena cloud platform security and privacy At Wise Athena we've built a platform based on the needs of AIaaS described above along with a careful selection of industry best practices including: minimal system installs fully automatic deployments enforced system configurations DROP by default firewalls end to end encrypted communication brute force login attack mitigation two factor authentication for user creation complex passwords centralized user life cycle management version controlled security configuration security event log data encryption ISO 27018 certified data center external auditing Operations are aligned on a high level with the ISO 27018 standard in criteria such as: Organization of information security Access control Cryptographic controls Operations security Communications security Specifically, we have paid close attention to the points described below. Our team has well defined security responsibilities and clear segregation of duties (sysadmin, software developer, data scientist, business developer). Access to information such as source code, customer data, management interfaces and live applications depends on the person's role at the company. This is an important privacy safeguard that needs to be supported by appropriate technical means. To make this possible our AIaaS Platform implements centralized user management and per application user and role assignment. For example, a user has access to none of the applications by default. After a user is created on the system it has to be explicitly assigned to specific applications - something which happens on a strict need-to basis. The act of assignment gets recorded on a central log for future review. On the topic of user management

it is also important to point out that no storage of plain text passwords ever takes place - only salted hashes are stored. Customer business information is encrypted and only accessible to our applications (automatic process), to data scientists (for the development of machine learning models) and to system administrators (only in very rare situations). System administrators use secure administration tools such as SSH to work on remote systems. They are given scheduled time windows for security updates and ad-hoc moments for urgent security updates. The update policy is decided and maintained by the Chief Security Office (CSO) and performed by the system administration team. Communications between Wise Athena's infrastructure and any user works solely via SSH and HTTPS (hardened configurations on both cases). This means that every exchange of information, including login data, is encrypted. Conclusion While no platform can claim 100% perfect security Wise Athena takes this matter very seriously allocating a considerable amount of time and resources to the implementation of security features and processes. We believe that investing in security is much more cost efficient than dealing with the results of lack of security, besides being far superior in terms of engineering. Therefore, security is and will always be a major feature of Wise Athena's cloud products. From our standpoint the privacy of customer data is as important as any business-continuity concern. We are confident that our investment in security translates strongly into to data privacy, service availability and sustained performance. Our engineering team is available to jointly discuss any security matters that our customers find of special relevance to their businesses as well as to accept suggestions that might lead to future improvements in our systems. More detailed information More detailed security information, including technical documents and external audit reports, is available to our customers on request. Those documents provide an engineering level insight into the security and privacy of our systems. On the audit reports it is possible to check, among many other things, the strength of SSL configurations in use and the non-existence of known vulnerabilities on our Internet facing services.

Contact us Wise Athena s security team can be reached at: security@wiseathena.com or via our website at: http://wiseathena.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback