Deep Freeze Cloud. Architecture and Security Overview

Similar documents
DEEP FREEZE CLOUD FOR HIPAA COMPLIANCE

WHITEPAPER RETAINING USER DATA WHITEPAPER RETAINING USER DATA

MEASURING THE ROI OF FARONICS DEEP FREEZE

HAYWOOD ENGINEERING COLLEGE

CASE STUDY. Faronics Anti-Virus & Deep Freeze BALLSTON SPA CENTRAL SCHOOL DISTRICT

Case Study FARONICS DEEP FREEZE

Faronics Layered Security

Edinburgh Napier University harnesses Deep Freeze to simplify IT operations

NON-RESTRICTIVE TECHNOLOGY. THE REBOOT TO RESTORE CONCEPT in Computer-based Businesses and Services

CASE STUDY. Faronics Anti-Virus & Deep Freeze. Glenpool Public Schools

Security on AWS(overview) Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance

Faronics Deep Freeze Mac La Mesa-Spring Valley School District

QuickBooks Online Security White Paper July 2017

The Common Controls Framework BY ADOBE

Deep Freeze Loadin User Guide

WORKSHARE SECURITY OVERVIEW

SECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry

Security Information & Policies

Getting started with AWS security

Google Cloud & the General Data Protection Regulation (GDPR)

Security & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web

Title: Planning AWS Platform Security Assessment?

Security & Compliance in the AWS Cloud. Amazon Web Services

Anti-Executable Standard User Guide

IBM SmartCloud Notes Security

MigrationWiz Security Overview

SECURITY & PRIVACY DOCUMENTATION

emarketeer Information Security Policy

Security Aspekts on Services for Serverless Architectures. Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance

Watson Developer Cloud Security Overview

Layer Security White Paper

Twilio cloud communications SECURITY

AWS Security. Stephen E. Schmidt, Directeur de la Sécurité

A company built on security

Hackproof Your Cloud Responding to 2016 Threats

WHITEPAPER. Security overview. podio.com

Cloud FastPath: Highly Secure Data Transfer

Security and Compliance at Mavenlink

WHITEPAPER DEEP FREEZE ENTERPRISE PATCH MANAGEMENT

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

Security White Paper. Midaxo Platform Krutarth Vasavada

Getting started with AWS security

Launching a Highly-regulated Startup in the Cloud

HOW SNOWFLAKE SETS THE STANDARD WHITEPAPER

Anti-Executable Enterprise User Guide

InterCall Virtual Environments and Webcasting

HIPAA / HITECH Overview of Capabilities and Protected Health Information

WHITE PAPER Cloud FastPath: A Highly Secure Data Transfer Solution

Security Principles for Stratos. Part no. 667/UE/31701/004

Solution Pack. Managed Services Virtual Private Cloud Security Features Selections and Prerequisites

Security Camp 2016 Cloud Security. August 18, 2016

Understanding Perimeter Security

Crises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe.

Getting Started with AWS Security

PCI DSS and VNC Connect

COMPREHENSIVE Lab Control

University of Pittsburgh Security Assessment Questionnaire (v1.7)

FormFire Application and IT Security

Canada Life Cyber Security Statement 2018

SOC-2 Requirement Solution Brief. EventTracker 8815 Centre Park Drive, Columbia MD SOC-2

TRACKVIA SECURITY OVERVIEW

The Cloud Changes Nothing and Everything! Amazon.com, Inc. and its affiliates. All rights reserved.

Architecting for Greater Security in AWS

Security: Michael South Americas Regional Leader, Public Sector Security & Compliance Business Acceleration

Apigee Edge Cloud - Bundles Spec Sheets

Cloud Operations for Oracle Cloud Machine ORACLE WHITE PAPER MARCH 2017

AWS SECURITY AND COMPLIANCE QUICK REFERENCE GUIDE

Move Amazon RDS MySQL Databases to Amazon VPC using Amazon EC2 ClassicLink and Read Replicas

AWS SECURITY AND COMPLIANCE QUICK REFERENCE GUIDE

Netflix OSS Spinnaker on the AWS Cloud

ASD CERTIFICATION REPORT

SignalFx Platform: Security and Compliance MARZENA FULLER. Chief Security Officer

Oracle WebLogic Server 12c on AWS. December 2018

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

The Nasuni Security Model

Overview of AWS Security - Database Services

Information Security Policy

AWS Security Overview. Bill Shinn Principal Security Solutions Architect

Best Practices for Cloud Security at Scale. Phil Rodrigues Security Solutions Architect Amazon Web Services, ANZ

Juniper Vendor Security Requirements

Security+ SY0-501 Study Guide Table of Contents

Data Security and Privacy Principles IBM Cloud Services

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Amazon Web Services (AWS) Solutions Architect Intermediate Level Course Content

WHITE PAPER. Title. Managed Services for SAS Technology

Introduction to AWS GoldBase

AWS FREQUENTLY ASKED QUESTIONS (FAQ)

Security & Privacy Guide

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

Checklist: Credit Union Information Security and Privacy Policies

ISO27001 Preparing your business with Snare

Cloud Security Whitepaper

AWS Well Architected Framework

Policy Document. PomSec-AllSitesBinder\Policy Docs, CompanyWide\Policy

Integrated Cloud Environment Security White Paper

LiveEngage Messaging Platform: Security Overview Document Version: 2.0 July 2017

Completing your AWS Cloud SECURING YOUR AMAZON WEB SERVICES ENVIRONMENT

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

This paper introduces the security policies, practices, and procedures of Lucidchart.

Protecting Your Data in AWS. 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Transcription:

Deep Freeze Cloud Architecture and Security Overview

2018 Faronics Corporation or its affiliates. All rights reserved. NOTICE: This document is provided for informational purposes only. It represents Faronics s current product offerings and practices as of the date of issue of this document, which are subject to change without notice. Customers are responsible for making their own independent assessment of the information in this document and any use of Faronics s products or services, each of which is provided as is without warranty of any kind, whether express or implied. This document does not create any warranties, representations, contractual commitments, conditions or assurances from Faronics, its affiliates, suppliers or licensors. The responsibilities and liabilities of Faronics to its customers are controlled by Faronics agreements, and this document is not part of, nor does it modify, any agreement between Faronics and its customers. COPYRIGHT: This publication may not be downloaded, displayed, printed, or reproduced other than for non-commercial individual reference or private use within your/an organization. All copyright and other proprietary notices must be retained. No license to publish, communicate, modify, commercialize or alter this document is granted. For reproduction or use of this publication beyond this limited license, permission must be sought from the publisher. UNITED STATES CANADA & INTERNATIONAL SINGAPORE EUROPE 5506 Sunol Blvd, Suite 202 1400-609 Granville Street 20 Cecil Street, #104-01, 8 The Courtyard, Eastern Road, Pleasanton, CA, 94566 USA P.O. Box 10362, Pacific Centre Equity Way, Singapore, Bracknell, Berkshire Call Toll Free: 1-800-943-6422 Vancouver, BC, V7Y 1G5 049705 RG12 2XB, England Fax Toll Free: 1-800-943-6488 Phone: +1-604-637-3333 Phone: +65 6520 3619 Phone: +44 (0) 1344 206 414 Email: sales@faronics.com Fax: +1-604-637-8188 Fax: +65 6722 8634 Email: eurosales@faronics.com Email: sales@faronics.com Email: sales@faronics.com.sg www.faronics.com WHITEPAPER 1

Introduction This document provides a high-level overview of the Deep Freeze Cloud architecture. It describes how the security and privacy of customer data are protected by all parties involved under the shared responsibility model. This document also outlines the security policies, processes, and practices the Faronics team follows to fulfill its own responsibilities for the security of Deep Freeze Cloud Service. WHITEPAPER 2

Architecture overview Deep Freeze Cloud is a unified service platform that enables customers to access Faronics Deep Freeze software via the Internet. It includes a broad set of services, such as PC and Mac management, mobile device management, antivirus, application whitelisting, data protection, asset administration, power management, and more. Deep Freeze Cloud Service is composed of two major parts: Client-side components and Backend components. WHITEPAPER 3

Client-side components Each managed computer (client) contains a Cloud Agent and various Services as specified in the client s policy settings. For some specific services, the customer can optionally set up a Cache Server computer within their local network to save bandwidth. System administrators access Deep Freeze Cloud Console via their internet browser. Backend components Deep Freeze Cloud backend components are hosted on Amazon Web Services (AWS). The production environment is hosted at two AWS regions: US West (Oregon) and EU (Ireland). The backup replica environment is hosted at two AWS regions: US East (N. Virginia) and EU (Frankfurt) for disaster recovery. A farm of Web Servers receives and responds to all queries from managed clients and Cloud Consoles, passing queries to the Database Server via AWS Simple Queue Service (SQS) for processing. A global database hosted on AWS Multi-AZ RDS instances stores globally required system data. A separate database contains the isolated database schemas created for each customer. WHITEPAPER 4

Deep Freeze Cloud Service security and privacy protection Information security and customer privacy is paramount to Deep Freeze Cloud Service customers. By following industry security best practices, Faronics aims to protect customer data and privacy from accidental or deliberate theft, leakage, integrity compromise, and hacking. Shared responsibility model As a cloud solution, responsibility for data security is shared by AWS (the cloud service provider of Faronics Deep Freeze Cloud Service), Faronics (cloud service provider to its customers), and Deep Freeze Cloud Service customers. AWS infrastructure and services meet several industry-specific standards, including: HIPAA Cloud Security Alliance (CSA) Motion Picture Association of America (MPAA) AWS provides detailed information regarding their IT control environment through white papers, reports, certifications, accreditations, and other third-party attestations. For more information, see the Risk and Compliance whitepaper available on their website: http://aws.amazon.com/security. Faronics is responsible for the security of the backend OS, network, firewall configurations, platform & application management, and customer data. Our security policies and practices are described in Customer data & privacy protection and Security policies and practices, below. Deep Freeze Cloud Service customers are responsible for their own data security by managing access and permissions for their Deep Freeze Cloud Service accounts, and by keeping credentials safe and using strong passwords. Customer data & privacy protection Customer data collected Faronics only collects personal information for the following reasons: To develop, manage and deliver our products and the Services to our customers To contact customers with product and service updates, upgrades and enhancements To contact our customers, either directly or through one of our resellers, to offer them the option to renew the services To contact our customers directly about products and services that may be of interest To ensure high standards of service to customers WHITEPAPER 5

To verify a customer s identity To meet regulatory requirements In the Deep Freeze Cloud Service system, the following customer data may be collected depending on the services that the customer uses: Customer identity and account information, including Organization Name, User Name, Password, Title, Phone Number, Email Address, and the like. Customer device information, including device name, IP Address, MAC address, date/time connected to Deep Freeze Cloud Service server, and the like. Customer device usage information, including date/time user log on/off, software installed on the device, software usage on the device, and the like. Deep Freeze Cloud Service configurations and selections. All data used to populate the Campus Affairs app, including customer staff info, course info, contact info, events info and notifications, and the like. Customer data segmentation Deep Freeze Cloud Service segments customer data (including device details but no personal information) into dedicated database schemas in which all tables belong to a specific customer. Each customer-specific database schema is hosted on a shared database instance in AWS. The architecture is sufficiently flexible that customers can request a dedicated database instance for their data. Note that additional costs may be chargeable to the customer to segregate the data. Protection for customer data in transit Deep Freeze Cloud Service servers use HTTPS (TLS 1.2) encryption. Protection for customer data at rest Faronics encrypts at-rest sensitive customer data, such as password, policies, and database connection strings, according to data type: Passwords hashes use SHA1 one-way encryption. Database connection strings are encrypted using a 256-bit Rijndael algorithm. Policies (partial) are encrypted using a non-standard, home grown cypher, or an RC4 stream encryption algorithm supported by the Microsoft Base Cryptographic Provider, depending on the specific service. Protection for customer data in storage Deep Freeze Cloud Service backup data is stored in AWS with encryption enabled. Sensitive data is always pre encrypted. WHITEPAPER 6

Security policies and practices Development & QA security policies and practices Faronics development and QA processes are designed with the awareness of security risks and vulnerabilities. Relevant best practices include, but are not limited to, the following: Source code builds are scanned for malware and all security code is reviewed prior to deployment. The development team conducts application-level penetration tests on a regular basis as prescribed by industry best practices and guidance. The Operations team tests business continuity and disaster recovery plans for critical services per a defined testing schedule and for different loss scenarios. Security tests are conducted against all releases prior to deployment. Continuous security improvement within the Systems/Software Development Lifecycle (SDLC) using both Prevent Breach and Assume Breach security postures. Faronics has established software development and release management processes to control implementation of major changes, including the following: Planned changes are identified and documented, including the creation of feature specifications and component designs Business goals, priorities, and scenarios are identified during product planning Operational readiness is reviewed according to pre-defined criteria, assessing overall risk and impact Testing, authorization, and change management based on entry and exit criteria for DEV (development), INT (Integration Testing), STAGE (Pre-production) and PROD (production) environments as appropriate Faronics ensures database input and user input sanitization using the following best practices: Inputs are constrained by basic validation and proper escaping Use of.net SqlCommand and SqlParameters SQL Queries are never directly manipulated or concatenated WHITEPAPER 7

Operation security policies and practices By following industry security best practices, Deep Freeze Cloud Service operations are designed to provide robust protection and privacy for customer data. Relevant policies include, but are not limited to, the following: AWS IAM (Identity and Access Management) service is used for user, group, and roles authentication management in the backend environment. AWS VPC (Virtual Private Cloud), Network ACL (Access Control List), and Security Group is used to protect the backend infrastructure (EC2 instances and RDS instance). Activities on the AWS platform are audited using AWS CloudTrail. Changes to the DFC production site are made in conformance to the guidelines in the Deep Freeze Cloud Service Change Management document. Components and processes are provided the minimum user privileges necessary to perform their duties. Faronics Internal authorized personnel with access to customer data in Deep Freeze Cloud Service are required to use MFA (Multi-Factors Authentication) login. System infrastructure is configured for redundancy and smooth fail-over handling. Data is regularly backed up, and backups are periodically validated for restoration for disaster recovery purposes. Backup standards, policies, procedures, and controls are verified and documented. Cloud services can be restored in a different availability zone within the same AWS region, or in different AWS region, in the event of a data center power failure, network failure, or other disaster situation. Restoration processes are defined and documented. Operations are subject to regular internal security audits based on traces, logs, and other information performed by a system administrators and other parties involved in routine operation. WHITEPAPER 8

References and further reading AWS Security Best Practices (by Amazon Web Service) https://d1.awsstatic.com/whitepapers/security/aws_security_best_practices.pdf Treacherous 12 Top Threats to Cloud Computing Plus: Industry Insights (by Cloud Security Alliance (CSA)) https://cloudsecurityalliance.org/download/top-threats-cloud-computing-plus-industry-insights/ OWASP Top 10 2017 - The Ten Most Critical Web Application Security Risks (by OWASP (The Open Web Application Security Project)) https://www.owasp.org/images/7/72/owasp_top_10-2017_%28en%29.pdf.pdf WHITEPAPER 9

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback