Saba Cloud Security

[Pages:7]Saba Cloud Security

The Saba Cloud Platform

The Saba Cloud Platform is highly scalable and exceeds industry security and compliance standards. Its powerful, standardsbased architecture can address the common and distinct needs of large customers in a global implementation as well as those of mid-sized enterprises in a cloud environment. This document is designed to answer most of the questions you may have about Saba's security infrastructure and standard operating procedures, as well as the support that ensures reliable and secure delivery of your Saba Cloud services.

This commitment to security is carried throughout the application design process. The Saba Security Program implements a multibusiness review process that focuses on meeting and exceeding industry-accepted practices.

In addition to embedding security throughout the System Development Life Cycle, Saba adheres to privacy requirements that provide controls that address secure handling, retention/deletion, and transference of personally identifiable information in accordance with customer privacy requirements.

Saba Cloud Security

2

Security Design Principals

Cloud Security Governance and Management

Security Council: The Security Council provides a consensus-based forum to support the Vice President of Information Services and Chief Information Security officer to collaborate on:

1. Identifying high-priority security and identity-

management initiatives and;

2. Developing recommendations for policies,

procedures and standards to address those initiatives that enhance the security posture and protection afforded to Saba and its customer networks, information and information systems.

Cloud Management: Saba has deployed a layered data protection and security framework. Saba's in-depth defense approach involves the use of strict physical, procedural and network security controls. Saba controls are designed to assure the confidentiality, integrity and availability of client data and services. Saba's Cloud governance framework is supported by policies, procedures and standards. Cloud security controls and operations-management practices are based on internationally accepted practice and draw upon delivery frameworks such as Information Security Management System (ISMS) based on the ISO/IEC 27000 family of standards.

Systems Hardening

Saba systems are security-hardened to reduce vulnerabilities consistent with industry best practices. Hardening standards draw upon benchmarks defined by the Center for Internet Security (CIS) and National Institute of Standards and Technology, with additional guidance from Computer Emergency Response Team (CERT) and vendor-recommended best practices.

System and Data Access Control

Saba's security model restricts access to both systems and data according to defined Segregation of Duties (SoD), operational roles and responsibilities (RACI), and "need to know." Logical access to Saba Cloud systems is restricted by security policies and procedures, two-factor authentication with unique usernames/ passwords, and restrictive local host "permissions." Direct access to system administrative accounts (e.g. root) is prohibited, and these can only be accessed using predefined "alias" accounts. Data classification standards require that client data may only be accessed using Saba-authorized systems.

Application and Data

All client data is logically segregated. Logical segregation is achieved via the use of unique usernames, complex passwords, database connection strings, and dedicated database schemas. Client access requests are restricted to Secure Socket Layer (SSL) communication and at least 128-bit encryption. Enduser and administrator access to the application requires authentication and is restricted according to preconfigured rolebased access controls (RBAC). All data flowing in and out of the environment is subjected to deeppacket inspection by Saba firewalls and Intrusion Detection Systems (IDS).

Saba Cloud Security

3

Network Security

Network security is achieved through the use of layered firewalls, advanced network design, and network segmentation. Highavailability firewalls are used to filter traffic between the web, application, and data tiers. Firewalls support deep-packet stateful inspection, dropping of anomalous packets, denial of service protection, spoofing monitoring and anti-virus filtering. Saba networks have been designed to support vLAN and subnet segmentation, port restrictions, access control lists, and address and port translation. All physical data connections are configured in a high-availability mesh topology, with each system and service having no less than two routes for communications. Saba's network communications mesh assures integrity and uninterrupted flow of data across our networks. Saba firewalls are configured consistent with National Institute of Standards and Technology (NIST) standards, and connections to all end-points reinforce our "least permissive" policy. All security devices and firewalls are monitored 24/7/365. Monitors are defined to trigger alerts when predefined thresholds are exceeded.

Saba Cloud Security

4

Data Center Overview

Saba's Cloud solutions are hosted in highly secure, SSAE?16/AT 101 Type II Audited Data Centers that meet or exceed the highest standards for a cloud infrastructure security worldwide. Our data centers are hardened using multiple layers of physical and logical security. Access is controlled by two-factor authentication using biometric and key/token access. All data centers are supported 24/7/365 with security personnel and technical support engineers. Environmental controls such as fire, cooling and power systems are fully redundant and scaled to accommodate component failure. Internet connectivity is assured with no less than three Tier 1 backbone carriers per data center.

Global Locations

North America

? Dulles, Virginia, United States ? Phoenix, Arizona, United States ? Philadelphia, Pennsylvania, United States ? Billings, Montana, United States ? Boston, Massachusetts, United States ? Toronto, Ontario, Canada ? San Francisco, California, United States

EMEA

? Amsterdam, The Netherlands ? London, United Kingdom

Asia Pacific

? Sydney, Australia

Environmental Safeguards

Redundant Power Supply: All data centers are equipped with redundant and high density power systems, with automated and monitored facility controls. Power generators at all data centers are tested regularly and supported by multiple fuel suppliers to ensure continuous operations in the event of a disaster.

Temperature Control and Fire Suppression: Each data center is equipped with carrier-diverse fiber connections to ensure redundant connectivity with at least 100 mbps ? 1 Gbps of available bandwidth capacity. Each customer system is provided with burstable bandwidth to accommodate peak usage.

Physical Security

Physical access to Saba data centers is tightly controlled, with access restricted to pre-authorized personnel and layered identity management systems. Individual access to the facilities, interior vault, and cage areas is managed by cardkey and biometric identification systems with mandatory pre-approved customer lists and sign-in/ sign-out procedures enforced. All servers and infrastructures are protected within locked racks. Only authorized personnel have access to the Saba Cloud servers.

Professional Certifications

The Saba team consists of Certified Systems Engineers, Cisco Certified Network Associates (CCNA), Certified Information Systems Security Professional (CISSP), and technicians certified and/ or trained on various infrastructure and operating system software products.

Saba Cloud Security

5

Certifications and Assessments

Third-Party Penetration Test

Saba engages with a third party to perform a blackbox security assessment of our main domain and associated hosts. This includes a Software Quality Assurance (SQA) scan of the Saba web application as well as a network penetration test.

Data Centers

Saba Cloud data centers in North America and EMEA are SSAE?16/AT101 Type II audited, Safe Harbor certified, and either FISMA-Moderate or ISO 270001 certified. Our Asia Pacific data center is AS/NZS 7799.2:2003 accredited. Additional capabilities are available to meet strict regulatory requirements.

Application

As part of Saba System Development Lifecycle, Saba incorporates an initial scan utilizing Qualys Web Application Scan (WAS) and then validates that through a third-party solution, Veracode. Veracode performs dynamic and static code analysis.

The following is a sample list of what both Qualys and Veracode scan for:

? Cross-site scripting ? SQL injection ? Session management ? OS command injection

? Directory traversal

Validated Environment

Saba Validated Environment Managed Services (VEMS) combines the power and efficiency of the Saba Enterprise Cloud (SEC) with services toward Validated Application Environment sustenance efforts for our regulated customers. VEMS is designed to facilitate our customers' regulatory compliance requirements.

Complying with Demanding Cloud Security Standards

As part of Saba's commitment to security, Saba engages with several third-party experts to conduct exhaustive reviews and performs rigorous ongoing testing to continually monitor and validate the security of Saba services.

Saba Cloud Security

6

SABA. THE TALENT DEVELOPMENT COMPANY.

Put Your People in the Driver's Seat of their Development Experience

Transform Your Talent Management Programs to Create Value for Your People and Your Business.

Your success starts here!

The Saba Experience:

24/7 customer support

Collaborative online customer community

Value-added strategic services

Regular user group meetings

Standard or customized implementation services

Dedicated customer success rep

Learning

Performance

Engagement

Recruiting

Workforce Planning

Every company says they want to engage, motivate and inspire their people. As we see it, the problem is not that they can't ? it's that they don't have the environment that really enables their top talent to thrive. Saba creates that environment, with talent development solutions that put people and teams in the driver's seat of their own experience, while staying aligned to your business goals. And delivering deep performance insights that connect people to business success, like no one else can. Saba. The Talent Development Company.

? 2018 Saba Software Inc. All rights reserved. Saba, the Saba logo, and the marks relating to Saba products and services referenced herein are either trademarks or registered trademarks of Saba Software, Inc. or its affiliates. All other trademarks are the property of their respective owners.

(+1) 877.SABA.101 |

11/18

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download