Riverbed Xirrus Cloud Processes and Data Privacy June 19, 2018

Similar documents
SECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry

Awareness Technologies Systems Security. PHONE: (888)

CTS performs nightly backups of the Church360 production databases and retains these backups for one month.

Secure Esri Solutions in the AWS Cloud. CJ Moses, AWS Deputy CISO

Layer Security White Paper

University of Pittsburgh Security Assessment Questionnaire (v1.7)

AWS continually manages risk and undergoes recurring assessments to ensure compliance with industry standards.

SoftLayer Security and Compliance:

TECHNICAL INFRASTRUCTURE AND SECURITY PANOPTO ONLINE VIDEO PLATFORM

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Xerox Audio Documents App

Security and Compliance at Mavenlink

MigrationWiz Security Overview

Verasys Enterprise Security and IT Guide

Security Information & Policies

The Common Controls Framework BY ADOBE

APPLICATION & INFRASTRUCTURE SECURITY CONTROLS

Cloud Computing. Faculty of Information Systems. Duc.NHM. nhmduc.wordpress.com

Security & Compliance in the AWS Cloud. Amazon Web Services

MYOB Advanced SaaS. Why choose MYOB Advanced? Fact Sheet. What is MYOB Advanced SaaS?

WHITEPAPER. Security overview. podio.com

Security & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web

TRACKVIA SECURITY OVERVIEW

SECURITY PRACTICES OVERVIEW

PCI DSS Compliance. White Paper Parallels Remote Application Server

Technical infrastructure and security. Panopto cloud video platform. panopto.com

Law Enforcement Solutions

Automate sharing. Empower users. Retain control. Utilizes our purposebuilt cloud, not public shared clouds

Twilio cloud communications SECURITY

Projectplace: A Secure Project Collaboration Solution

SECURITY STRATEGY & POLICIES. Understanding How Swift Digital Protects Your Data

SECURITY & PRIVACY DOCUMENTATION

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

Closing Keynote: Addressing Data Privacy and GDPR on Microsoft Data Platform Technologies. Ronit Reger, Senior Program Manager at Microsoft

Amazon Web Services: Overview of Security Processes November 2014

CYBER SECURITY WHITEPAPER

Dooblo SurveyToGo: Security Overview

Title: Planning AWS Platform Security Assessment?

Online Services Security v2.1

Make Wi-Fi Simple and Secure for Google Apps, BYOD, and More. 21 April 2016

ArcGIS Online A Security, Privacy, and Compliance Overview. Andrea Rosso Michael Young

QuickBooks Online Security White Paper July 2017

Data Security & Operating Environment

Document Sub Title. Yotpo. Technical Overview 07/18/ Yotpo

NEXT GENERATION CLOUD SECURITY

Virtual Machine Encryption Security & Compliance in the Cloud

RAPID7 INSIGHT PLATFORM SECURITY

A10 HARMONY CONTROLLER

KantanMT.com. Security & Infra-Structure Overview

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

Security Assessment Checklist

Vendor Security Questionnaire

Juniper Vendor Security Requirements

Study concluded that success rate for penetration from outside threats higher in corporate data centers

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

AXCIENT FUSION: TECHNICAL WHITE PAPER

Accelerate GDPR compliance with the Microsoft Cloud Ole Tom Seierstad National Security Officer Microsoft Norway

SECURITY DOCUMENT. 550archi

Agenda. What is Cloud/Azure Azure Services & Scenarios Security Pricing

NETWORKING &SECURITY SOLUTIONSPORTFOLIO

SECURITY + COMPLIANCE WHITEPAPER

Education Network Security

Trello Business Class

HiveManager Public Cloud

HiveManager Local Cloud

Alcatel-Lucent OmniVista Cirrus Simple, secure cloud-based network management as a service

Cloud FastPath: Highly Secure Data Transfer

Cloud Customer Architecture for Securing Workloads on Cloud Services

Sennheiser Communications A S Industriparken 27, DK-2750 Ballerup, Denmark

Secure Industrial Automation Remote Access Connectivity. Using ewon and Talk2M Pro solutions

Data Security and Privacy at Handshake

Integrated Cloud Environment Security White Paper

WEBSCALE CONVERGED APPLICATION DELIVERY PLATFORM

Get the Most Out of GoAnywhere: Achieving Cloud File Transfers and Integrations

SERVICE DESCRIPTION MANAGED BACKUP & RECOVERY

Security+ SY0-501 Study Guide Table of Contents

7.16 INFORMATION TECHNOLOGY SECURITY

Version v November 2015

The following security and privacy-related audits and certifications are applicable to the Lime Services:

CompTIA Network+ Study Guide Table of Contents

90 % of WAN decision makers cite their

This presentation is intended to provide an overview of GDPR and is not a definitive statement of the law.

v February 2016

CIS Controls Measures and Metrics for Version 7

Table of Contents. Page 1 of 6 (Last updated 27 April 2017)

VIEVU Solution Whitepaper

CIS Controls Measures and Metrics for Version 7

The following chart provides the breakdown of exam as to the weight of each section of the exam.

Feature Comparison Summary

Azure SQL Database Basics

The Nasuni Security Model

AWS alignment with Motion Picture of America Association (MPAA) Content Security Best Practices Application in the Cloud

WHITE PAPER: BEST PRACTICES. Sizing and Scalability Recommendations for Symantec Endpoint Protection. Symantec Enterprise Security Solutions Group

IBM SmartCloud Notes Security

Compliance & Security in Azure. April 21, 2018

COMPLIANCE IN THE CLOUD

Version v November 2015

Accelerate GDPR compliance with the Microsoft Cloud Agustín Corredera

Security Specification

Aruba Central. Tech Webinar, October 6 th Christian Dupont, Britto Jagadesh & Barath Srinivasan

Transcription:

Riverbed Xirrus Cloud Processes and Data Privacy June 19, 2018 PURPOSE OF THIS DOCUMENT... 2 DATA CENTER PROCESSES... 2 Physical and Environmental Security... 2 Resiliency and Redundancy... 2 Network Security... 2 Network Monitoring... 3 XMS-CLOUD SERVICES... 3 Scalability... 3 Reliability... 3 Security... 3 Administrative Access... 4 DATA PRIVACY... 4 Data Collected by XMS-Cloud... 4 Location of Collected Data... 5 Data Polling... 5 Data Backup... 5 Secure Data Transmission... 5 Duration of Data Retention in XMS-Cloud... 6 Restricted Access to Data... 6 Controlled Data Sharing with Third Party... 6 CONTACT... 6 RESOURCES... 6

PURPOSE OF THIS DOCUMENT This document outlines Xirrus Management System Cloud ( XMS-Cloud ) processes and data privacy practices. Riverbed takes rigorous steps to ensure the reliability, scalability, availability, security of XMS-Cloud services and data privacy of our users. In this document, references to XMS-Cloud and XMS-Cloud Services encompass all Riverbed Xirrus services offered as a SaaS which includes XMS-Cloud management platform, EasyPass Access Services and CommandCenter. Specific to data privacy, this document outlines how the XMS-Cloud Services can help customers meet their privacy-related compliance obligations. DATA CENTER PROCESSES XMS-Cloud Services are hosted in state of the art data centers located in the United States, which utilize innovative architectural and engineering approaches. These data centers implement a secure infrastructure with audit services. All XMS-Cloud Services are hosted in redundant data centers. These data centers are designed and managed in compliance with security best practices and a variety of IT security standards, which include but are not limited to: CSA, ISO 9001 /27001 /270017 / 270018 PCI DSS Level1, SOC 1/ 2/ 3 FISMA, FedRAMP, FIPs, FERPA, CJIS, NIST DoD SRG, ITAR, PDPA, Privacy Act, MTSC Physical and Environmental Security The data centers that host the XMS-Cloud Services are fully equipped with fire detection, fire suppression, 24x7 power backup in the event of critical power failure, state of the art climate and temperature controls and 24x7 monitoring of all critical environmental parameters. Resiliency and Redundancy The data center infrastructure has a high level of availability and provides customers the features to deploy a resilient IT architecture. The data center systems are designed to tolerate system or hardware failures with minimal customer impact. The data centers act as backup data centers for each other and provide redundant infrastructure. Network Security Network devices, including firewall and other boundary devices, are in place at the data centers to monitor and control communications at the external boundary of the network and at key internal boundaries within the network. These boundary devices employ rule sets, access control lists (ACL), and configurations to enforce the flow of information to specific information system services. 2018 Riverbed Technology, Inc. All rights reserved. 2

Network Monitoring The data center infrastructure utilizes a wide variety of automated monitoring systems to provide a high level of service performance and availability. Monitoring tools in place at the data centers are designed to detect unusual or unauthorized activities and conditions at ingress and egress communication points. These tools monitor server and network usage, port scanning activities, application usage, and unauthorized intrusion attempts. Controls are in place to address various types of attacks including: Distributed Denial Of Service (DDOS) Man in the Middle (MITM) IP spoofing Port scanning and port sniffing Access Controls and Audits Access to the data centers is limited to employees and contractors who have a legitimate business need for such privileges. When a data center employee no longer has a business need for these privileges, his or her access is immediately revoked, even if they continue to be an employee. All physical access to data centers is logged and audited routinely. XMS-CLOUD SERVICES XMS-Cloud architecture is designed for high resiliency and availability. Additionally, XMS-Cloud Services are designed for extreme scalability with all the security controls and minimal reliance on the cloud infrastructure for Wi-Fi network operations. The application infrastructure is managed by a 24x7 operational team to ensure high performance and availability of the XMS-Cloud Services. Scalability XMS-Cloud Services are highly scalable with the ability to add capacity on demand. XMS-Cloud application nodes can be instantly added to augment necessary application demands. Reliability Redundant cloud service provides high availability and client connectivity is not impacted even if internet connectivity between access points and the XMS-Cloud platform is lost. Access points continue to act autonomously even if a cloud connection is lost, meaning security and traffic are processed directly at the network edge in each access point. Security Management traffic between access points and the XMS-Cloud platform is encrypted using industry standard encryption (https over SSL/TLS). The application and network object databases are hosted on different servers to create another level of separation. All passwords are encrypted in transit and stored in encrypted format. Riverbed follows industry best security practices for application design, development and implementation. 2018 Riverbed Technology, Inc. All rights reserved. 3

XMS-Cloud Architecture Administrative Access XMS-Cloud Services provide granular role-based access to the XMS-Cloud console. Administrators can use any browser-enabled devices to access the XMS-Cloud console. Access to the XMS-Cloud console is password protected and the passwords are stored in a 1-way hash algorithm and the sessions are timed out after three (3) hours of inactivity. Sessions are encrypted using SSL/TLS. XMS-Cloud also supports SSO-based access using federated identity management (FIdM) systems such as Azure and Google. Communications between XMS-Cloud and these FIdM systems are encrypted using SSL/TLS. DATA PRIVACY XMS-Cloud Services are built on a multitenant architecture with the utmost care to ensure separation of data between multiple tenants on the cloud infrastructure. Each tenant s data is isolated from that of other tenants. The table below identifies the types of data collected and stored by XMS-Cloud Services in order to deliver an optimized experience for the end user. Data Collected by XMS-Cloud XMS-Cloud Services collect two types of data: Performance measurements to provide IT organizations visibility into the health of the network, like throughput, usage, or connection speeds. Non-measurable descriptive attributes, which add context to the performance measurements to help troubleshoot the problem, like MAC address, device name, user name, application name, etc. XMS-Cloud collects performance measurements and attributes (collectively, Network Management Data ) in three areas: applications, devices and users. 2018 Riverbed Technology, Inc. All rights reserved. 4

Category Applications Devices Users Collected Data XMS-Cloud identifies applications used on the Wi-Fi network XMS-Cloud monitors: (a) the usage of these applications and (b) the top users of these applications Device type and system information such as Windows, Mac, etc. Hostname, MAC address and IP address Signal strength, connection speeds, Wi-Fi bands, channels Errors metrics User name Location of user devices on the customer-uploaded floor map Guest user data as enabled by the customer (e.g. phone numbers, public social media demographics, email address) (collectively, EasyPass Guest Data ) Location of Collected Data All Network Management Data collected by XMS-Cloud Services resides on servers hosted in the United States. Data Polling Statistical data is polled from access points on a periodic basis that varies based on the nature of the data. Client statistics are polled as frequently as every 30 seconds. All polled statistical data is sent to XMS-Cloud over a secure tunnel that is encrypted with SSL/TLS. Data Backup Network Management Data is backed up daily and such back-ups may contain historical data dating back to initial deployment. Statistical data is backed up five (5) times per week. Secure Data Transmission Network Management Data and statistical data collected from access points is transmitted to XMS-Cloud using encrypted industry standard protocols (https over SSL/TLS). The XMS-Cloud Services separate Network Management Data from user data (i.e. web browsing, internal applications, etc.) providing a level of traffic segregation while keeping user data secure on the LAN. User data does not flow through XMS-Cloud but instead flows directly to its destination on the LAN or across the WAN. 2018 Riverbed Technology, Inc. All rights reserved. 5

Duration of Data Retention in XMS-Cloud Network Management Data and statistical data is retained in raw form for thirty (30) days after which only aggregated data is stored along with associated device information for auditing, reporting and compliance purposes for up to a year. Such data may also be used for disaster recovery and service restoration. Customers have the option to delete EasyPass Guest Data within the XMS-Cloud management console. Restricted Access to Data XMS-Cloud assigns privileges to users according to the principle of least privilege. We give users the minimum access required for them to perform their tasks according to that role. For details, refer to Administrative Access section in this document. Customers can send REST API queries to directly extract and analyze XMS-Cloud data without accessing XMS-Cloud dashboards. Customers can combine the data with other data sources if needed, or transform it as required, then view it in Microsoft Excel, Power BI, or other customer-owned data applications. Controlled Data Sharing with Third Party Riverbed uses the Network Management Data to deliver superior performance to end users. Under no circumstances does Riverbed shares this data with third parties unless a customer has authorized that certain data be shared through application programming interfaces (APIs) or other means. Customers have the ability to mask certain information such as hashed MAC addresses when sharing data with third parties. We implement standards based JSON APIs which use SSL/TLS to encrypt data in transit. CONTACT If you have a specific privacy-related question, please contact rvbd-privacy@riverbed.com RESOURCES Additional resources are available at www.riverbed.com/privacy. 2018 Riverbed Technology, Inc. All rights reserved. 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback