What security policies do you support with the Alinean sales / marketing tool service / delivery?

Alinean provides a highly secure software-as-a-service platform. Alinean engages an independent security firm to conduct regular audits to ensure Alinean’s environment complies with security standards aligned with the highest industry standards such as SAS70, PCI, and ISO/IEC 27002.

Our digital security includes:

·         Identity and Access – XcelLive provides roles based security and require passwords meeting minimum security criteria.  Passwords are stored using a salted hash.

·         Network and Systems Management – All XcelLive communication is handled via SSL.  All XcelLive infrastructure is regularly monitored and receive timely updates of all security patches.

·         Network Intrustion Detection – Application and host firewall and IDS/IPS software monitor traffic and block anomalous activity while logging the actions taken.  Critical security logging events are alerted in realtime and reviewed

·         Vulnerability auditing is performed via Virtual Security Research, LLC (third party vendor) to assess application penetration risks and perform external network vulnerability assessments.  The XcelLive infrastructure is regularly monitored and maintained by UnbreakableIT (third party vendor).

·         Data / Database Security – Data is located in a secure data center.  Data is backed up (encrypted) nightly and archived offsite with Iron Mountain weekly

·         Disaster Recovery – All application server and database information is backed up regularly and regularly archived offsite.  Critical systems are configured using redundancy and hot standby configurations.

Alinean’s XcelLive platform is hosted at a the TimeWarner co-location facility located in Orlando, Florida. This site is physically secured with the following features:
·         Physical access to systems – physical access is controlled by 4 security checkpoints requiring separate validation

·         Hardening and Protection – hardening and protection guidelines are based on CIS and NSA standards and are reviewed regularly

·         Power security / redundancy – Power is conditioned for spikes, surges, brownouts and other impairments that may affect equipment and is tested quarterly.  Power continuity is provided by battery backups and diesel generators.

·         Network security / redundancy – Network is isolated and protected by leading firewall, switching and load balancing hardware.

Comments

Popular posts from this blog

Gartner: Buyers Demand Less Pitch, More Value-Story

On-Demand Webinar - From an ROI Business Case to a Value-centric Case for Change

Forbes Insights: Value First