Security of your infrastructure
As well as the high security of the SureView Operations system covered below it is important that your infrastructure is secure too - in order to ensure this we recommend the following:
- Privilege Restriction: Provide a read-only username for your integrated security systems, so the only permission Ops has on them is to view (Ops does not need permissions that allow altering settings on your integrated security systems).
- Isolation: Place your security systems and Ops Link in an isolated network (such as a VLAN) to separate them from other business systems, or, set access rules on your network switches to restrict your Ops Link so that it is only able to talk to your security systems.
Security of SureView Operations
Security is a key part of SureView Operations and is built-in from the start at levels that meet or exceed industry standards and is constantly monitored and tested, including the following factors:
- Isolated environment: The system runs in an isolated and highly secured environment away from all other systems.
- Network secured: The network has strict rulesets controlling and monitoring the flow of data.
- Hardened: Application servers are all hardened to PCI v3.2 levels including the use of the latest TLS 1.2 encryption standards.
- Data encrypted at rest: All stored data is encrypted using industry standard AES-256 encryption (data and audited media).
- Data encrypted in transit: All data transmission is encrypted using industry standard 2048-bit encryption using the latest TLS 1.2 protocol.
- Penetration tested: Penetration Testing is performed on the infrastructure and applications annually by external providers to provide confirmation on the security of the system.
- Intrusion detection protection (MDR + IDS) protected: Intrusion detection is provided by an external Managed Detection & Response provider who constantly monitors 24/7 for malicious activity.
- User access secured: Password complexity detection, timed lockout on repeated failed attempts, and Multi-Factor authentication are all provided to ensure all user access is secure, additionally user passwords are stored as one-way salted hashes to ensure they cannot be reversed. Organizations can also leverage Single Sign On (SSO) for user authentication against their own Identity Provider.
- Tenants separated: Tenant Separation is enforced at all levels of the application to ensure you only get to see your own data.
- Customer Support access secured: Customer Support is performed under a strict set of controls covered by our ISO 27001 certification, including being limited to a select number of trained and trusted staff, being restricted to only access one tenant at a time, and the requirement for strong passwords and use of Multi-Factor authentication to ensure that unauthorized application access is not possible. Additionally, customers can control the access that the SureView support team has to their account, granted access for a specific amount of time
- Infrastructure access secured: Infrastructure Administration is performed under a strict set of controls covered by our ISO 27001 certification, including being limited to a select number of trained and trusted staff, access being via a single managed path instead of direct to servers which provides additional security and auditing, and all infrastructure administrators requiring Multi-Factor Authentication and secure passwords to ensure that unauthorized infrastructure access is not possible.
- Processes certified: SureView processes are ISO 27001 certified
Please sign in to leave a comment.