ServiceClarity has been designed to overcome the challenges of monitoring hybrid cloud environments enabling technology leaders, Infrastructure & Operations Managers to track best-practice KPIs, set targets and generate reports in order to understand the processes they need to improve and optimise the effectiveness of their business.
At ServiceClarity we take security and data protection very seriously and we continuously look for opportunities to make improvements. We present here an overview of how we protect your data, additional detail can be provided on request.
Physical & Network Security
ServiceClarity is deployed on Amazon’s AWS platform and ServiceClarity employees do not have any physical access to our production environment.
You can find details about AWS security setup within Amazon’s extensive documentation.
In addition to world class physical security, deploying on the AWS platform also provides ServiceClarity with leading network security capabilities. AWS features such as their Virtual Private Networks (VPC) offer significant network security advantages compared to traditional co-located deployments. Properly managed a VPC deployment on AWS provides protection against:
- Network packet sniffing
- IP spoofing
- Man in the middle attacks
- Port Scanning
All access to ServiceClarity is encrypted using Transport Layer Security (TLS) with Strict-Transport-Security. We have been awarded an A+ by https://www.ssllabs.com for our strict use of modern secure protocols and encryption key exchange.
ServiceClarity does not rely on cookies for authentication but instead uses a dual-key mechanisms that protects you against common browser attacks.
In order to ensure the highest level of encryption security ServiceClarity blocks older, insecure protocols and key exchanges and for this reason may not work on some older browsers.
ServiceClarity connects to your data using the strongest possible SSL encryption. Your credentials are managed by you within the ServiceClarity application and are encrypted by our servers using the strongest possible AES encryption. Your account can be configured to blacklist sensitive data to stop even accidental access, ultimate control of what ServiceClarity collects and stores is in your hands.
Invite an unlimited number of users to join your account, control what they have access to, share sensitive data with select groups or publish data.
If at any time you wish to delete your ServiceClarity account and application access you can find instructions here: www.serviceclarity.com/delete-account/.
The Open Web Application Security Project (OWASP)
Since its inception in 2001 the Open Web Application Security Project has become a widely respected source of security information, methodologies and tools. Its Top Ten web applications risks publication (most recently in 2017) is a benchmark for anyone interested in security on the web. ServiceClarity actively tracks the OWASP Top Ten as an integral part of our secure engineering practices.
- A1:2017 – Injection
- A2:2017 – Broken Authentication
- A3:2017 – Sensitive Data Exposure
- A4:2017 – XML External Entities (XXE)
- A5:2017 – Broken Access Control
- A6:2017 – Security Misconfiguration
- A7:2017 – Cross-Site Scripting (XSS)
- A8:2017 – Insecure Deserialization
- A9:2017 – Using Components with Known Vulnerabilities
We regularly run attacks on our own servers to test for potential Injection, Broken Authentication and Cross-Site Scripting vulnerabilities. If you have any questions about how we protect against any of the OWASP Top 10 security risks please get in touch with us by contacting: firstname.lastname@example.org
Remote network access to the ServiceClarity production infrastructure is restricted to specific IP addresses and SSH keys are required to gain console access to our servers. Access to the production environment is restricted to key senior security staff and login is recorded and identified by user. All application and server logs are collected into a central log server. These centralised logs are actively monitored for unusual or suspect activity.
Data Storage & Redundancy
ServiceClarity is built on PostrgeSQL and is configured for redundancy across multiple AWS availability zones. Regular backups are automatically archived for up to 30 days.
We multiple external monitoring services to track the health and security of ServiceClarity. Public access availability is monitored from multiple geographic locations. The current status page can be found here: http://stats.pingdom.com/kottg45i5bbs/1142159. Infrastructure and server health is monitored as is the application activity and health.
Our monitoring systems will alert security staff, through emails and SMS messaging, if there are any errors, abnormal server or network activity or suspect application access.
At ServiceClarity we constantly track the latest known risks and vulnerabilities, patching our infrastructure as soon as fixes are available. We have in place multiple monitoring systems that actively track and alert us to suspicious actively, both from external brute force attacks and from potentially malicious use of ServiceClarity. In addition we welcome all input on security and data protection and urge you to get in touch with us at email@example.com if you have any questions or concerns or if you have any information about a vulnerability in our application.