黑料网

How do you protect and isolate our customer systems & data at rest and in transit?

• Systems and data are isolated from all other 黑料网 operational systems, end users, and developers in an isolated cloud operations hosting environment. Access is restricted to cloud operations administrators and indirectly to consultants who are working with the customer to facilitate migrations and other business driven actions only on need-to-know basis.
• Tenants have their own isolated environments with no access to or from any other customer environment.
• Customer data transferred in or out of the cloud operations environment to the customer is encrypted in transit with industry standard encryption protocols.
• Systems have data encrypted at rest at the disk level with industry standard encryption.
• Access to customer environments by cloud operations administrators occurs through a secure web portal mitigating most concerns related to the security posture of 黑料网 laptops, desktops, mobile devices, wireless, etc.
• All Cloud Operation administrators are enabled with Multi-factor Authentication (MFA) to confirm identities.
• Privilege authorization is managed through the PAM (Privilege Access Management) technology to ensure that access has been provided only on a Need-to-Know basis and the principle of Least privilege is being adhered to.
• All external threats are being controlled at perimeter itself via the functionalities of Next generation firewalls.

Is your infrastructure SOC 2 compliant?

• 黑料网 partners with well-known global IaaS Hyperscalers who maintain SOC 2 compliance.
• 黑料网鈥檚 cloud operations hosting environment is both SOC 2 Type 1 compliant and SOC 2, Type 2 Certified.

What endpoint security do you implement for customer systems themselves?

• We operate host based firewalls, EDR software and other protections ensuring:
  • Validated software is installed and running
  • Validated processes are running on customer systems
  • Virus & malware assessments of customer systems are current and accurate.
  • Host-based firewalls.
  • File Integrity Management
  • Host Intrusion Detection
  • Vulnerability Management
  • 黑料网 maintains auditing in place to collect/store the events from all endpoints to further enable accountability.

How do you track and respond to security incidents?

• 黑料网 cloud operations maintains a 24脳7 NOC built around a SIEM solution for aggregating and correlating security events and identifying actionable security incidents.
• 黑料网 maintains an Integrated Incident Response Plan and a dedicated SIRP (Security Incident Response Plan) which has IRPs/used cases covered thus helps in driving through the security incidents.

Is customer data backed up?

• All customer data is backed up daily.

How is password storing and rotation managed?

• All the customer related password storing and rotation is being managed by our PAM solution which has a secure wallet feature and enables the remote connectivity to authorized personnel without exposing the credentials in clear text.
• Password rotation is enabled which ensures passwords are automatically changed at every 90 days.

How does 黑料网 stay updated about the latest threats and vulnerabilities?

• We leverage a vulnerability management solution from a market leading vendor and maintain a regular check on all new and existing vulnerabilities.
• We have a vulnerability management program in place to remediate any discovered vulnerabilities.
• Additionally, our SOC service provider leverages a threat hunting program to ensure the highest level of diligence.

How does 黑料网 ensure confidentiality, integrity and availability (CIA) for customer data?

• We encrypt all ingress and egress of customer data with the recommended encryption protocols.
• We have FIM (File Integrity monitoring) functionality to observer any unauthorized modification to the production data.
• 黑料网 maintains a network based data loss prevention platform
• We also do have a Cloud & Container Security monitoring tool in place which also keeps up updated on our existing security posture.
• Our CSP is a market leader and provides us with 2n+1 level of redundancy with their T4 level of data centers.

Does 黑料网 encrypt my data?

• Yes. Both in transit, enforcing https, and at rest in the database using AES256 encryption. We also support SQL Server Transparent Data Encryption (TDE).

Do you review your applications for security vulnerabilities?

• Throughout our Software Development Lifecycle (SDLC), we scan the code looking for security vulnerabilities using independent 3rd-party static and dynamic scanning tools and any significant issues are resolved prior to release.

Does your application support Multi-Factor Authentication?

• We support Single Sign On (SSO), where the application delegates user authentication to the customers corporate Identity Provider. In this way, the customer directly controls who has access to the 黑料网 application using their established user authentication policies and procedures.

Do you use industry standards (i.e. OWASP Software Assurance Maturity Model, ISO 27034) to build in security for your Systems/Software Development Lifecycle (SDLC)?

• 黑料网 information privacy and security governance and the SDLC process is aligned with the International Organization for Standardization (ISO) 27001 and 27002 security standards and the National Institute of Standards and Technology (NIST) Special Publications 800 Series. The 黑料网 secure SDLC program follows the guidelines set by the OWASP Framework.

What is the uptime SLA for your SaaS products?

• We ensure an uptime of 99.5%.

How often do you release updates to the software?

• Our SaaS products follow a CI/CD model where changes are deployed to production as soon as they have passed all of our SDLC checkpoints.
• Our on-premise software is released on the following frequency:
  • Service Packs – every 4-6 weeks
  • Minor versions – every calendar quarter
  • Major versions every 1-2 years