- 689Cloud’s service is hosted in cloud service providers that are audited and certified against industry standards. For example, AWS is compliant with the PCI, HIPAA, SSAE 16, SOC 2, and SOC 3 standards among others. A full list is available at http://aws.amazon.com/compliance/.
- 689Cloud personnel do not have physical access to the infrastructure and systems hosting customer data.
System and Host Level Security
- System configuration and patching occurs through an automated process, backed by source code management for change management, tracking and review.
- Dedicated firewall and VPN services restrict edge access from off-premises.
- Limited WAN-facing systems, which are segmented from the rest of the network.
- Multiple factors of authentication (MFA) are required for operator access.
- All systems are designed to break securely. For example, if no system accounts are configured on a system then no one can access it and default credentials are still disabled.
- Several monitoring systems are leveraged to cover 689Cloud’s entire infrastructure. Continuous security monitoring is performed with 689Cloud.
Data Security and Backups
- The 689Cloud Agent provides advanced users with the ability to filter the data that is sent to the 689Cloud service. Both partial and complete filtering of a single event is allowed.
- Customers can request that certain events be dropped by the platform before they are analyzed or stored, based on select criteria. Contact your account manager or support for more information.
- Customer data is not allowed to be sent outside of 689Cloud’s production network, which is limited to its compliant facilities.
- Backups and failover systems reside in different geographic locations.
- Every piece of monitoring data is stored on a minimum of two different physical systems.
- No physical backups of customer data are created, such as on tapes or paper.
User data and access:
- User credentials are stored separately from monitoring data.
- Password brute forcing is prevented with rate limiting by hashing them with bcrypt.
- Access to the application dashboard can be configured to use two factors of authentication (2FA).
- Monitoring and audit data cannot be edited through the dashboard or APIs. The data collection system is designed to be insert-only.
Encryption in Transit
All private data exchanged with 689Cloud over the Internet is encrypted in transit.
- Insecure communication with the 689Cloud public website and dashboard are automatically redirected to use secure TLS endpoints.
- The 689Cloud Agent that sends data to the platform validates certificates when establishing a connection to the 689Cloud service.
- All internal 689Cloud operator tools, such as dashboards, are only available over the VPN, which also leverages TLS.
- Known vulnerable protocols, such as SSL and some versions of TLS, are disabled on 689Cloud’s platform.
Encryption at Rest
All network attached storage (AWS EBS volumes) are provisioned as encrypted volumes.
Credit Card and Payment Information
689Cloud never stores or receives credit card and payment information on its systems. We’ve partnered with a third party, PCI-certified vendor for credit card processing.
Reporting Security Issues
At 689Cloud we take any reports of vulnerabilities seriously. If you encounter a security issue with any of our software or services, please report it to firstname.lastname@example.org. We have an internal SLA for responding to such issues, and are committed to responding and fixing any issues promptly.
Please note that it is against our Terms of Service to run automated security scanning tools against our system without prior approval.