• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Document Security Strategy
 

Document Security Strategy

on

  • 310 views

Document Security Strategy: Maintaining Data Confidentiality, Integrity, Security, and Access ...

Document Security Strategy: Maintaining Data Confidentiality, Integrity, Security, and Access

Goal: Maintain Data Confidentiality, Integrity, Security, and Authorized Access, by providing a secure solution for file access and storage, while preserving functionality.
Summary: Document security is fundamentally about protecting information from unauthorized access and use, and establishing the right level of trust between parties.

Statistics

Views

Total Views
310
Views on SlideShare
310
Embed Views
0

Actions

Likes
0
Downloads
9
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft Word

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Document Security Strategy Document Security Strategy Document Transcript

    • Document Security Strategy: Maintaining Data Confidentiality, Integrity, Security, and Access Goal: Maintain Data Confidentiality, Integrity, Security, and Authorized Access, by providing a secure solution for file access and storage, while preserving functionality. Summary:Document security is fundamentally about protecting information from unauthorized access and use, and establishing the right level of trust between parties. Considerations: 1. Document-level security and access; 2. Granular control over user permissions and security; 3. Document protection based on private or public key cryptography to keep documents secure and under control; 4. Maintaining anonymity/confidentiality of individual subjects; and 5. Timely access to data by requisite project staff located across three states. We propose that use of a third-party, encryption protected, secure FTP server offers the most efficacious method for accomplishing the goal. File Transfer Protocol (FTP) is a standard network protocol used for transferring files from one host to another, over a Transmission Control Protocol-based (TCP) network (for instance, the Internet). Background FTPuses the client-server model (The server-computer stores resources; the client/PC accesses the resources across a network). In regard to security, It is important to note that FTP uses separate control and data connections between the client and the server: The control connection remains open for the duration of the session and is used for administration; commands, identification and passwords, the data connection can either be opened by the server (active mode), or by the client (passive mode) to transfer files/ data. In order to transmit the data securely, encryption(encoding the text by using complex algorithms), must be employed. FTPcan bemade secure by using it withSecure Socket Layer/Transport Layer Security (SSL/TLS) known as “FTPS” (FTP Secure)
    • Benefits of using FTPS Strong authentication, message privacy, and integrity, secure transmitted data using encryption authenticates servers and clients to verify identities of parties involved in a secure communication. Provides data integrity through an integrity check value. FTPS protects against various attacks, such as masquerade, man-in-the-middle, and replay attacks. Works with most Web browsers and most operating systems and Web servers. TLS/SSL provides options for the authentication mechanisms, encryption algorithms, and hashing algorithms that are used during the secure session. It is completely invisible to the client; most of its operations occur beneath the application layer. This protocol extension is defined in the proposed standard: RFC 4217 Recommendations for REA Employ 3rd party FTP solution that meets or exceeds security standards and requirements. (Server Solution) is a 3rd party solution that fully supports the FTP Standard, according to RFC959. Supports Secure FTP (FTPS) Protocol. All FTP clients are supported Authentication requires confidential usernames and passwords. Passwords are stored in a salted encrypted format, unless specified otherwise. Utilizes cryptography to ensure documents can only be opened by authorized parties possessing the correct key: For FTP connections via port 990, 2048-bit SSL encryption is supported and required on all connections. For FTP connections via port 21, 2048-bit SSL encryption is supported. Accounts may be configured to refuse insecure FTP connections by setting this option.
    • Files are encrypted-at-rest, with all encryption keys stored in a keymanagement escrow service operated by Amazon S3. Transit and storage encryption is HIPAA-compliant. Documents and encryption keys are stored in different data centers; Encryption keys stored in a key-management escrow service operated by Amazon S3. Utilizes Granular permissions for in-depth access control. All permissions are enforced via FTP. Permissions granted on a per-user and per-folder basis: writeonly, read-only, or full read-write access. Once granted access, users upload and download files via FTP. Activity logs are recorded of all access to any file or folder. Logs are retained for seven years. All files are stored within the United States. Servers primarily operate out of Northern Virginia (US East Coast). *Additional, detailed information about Server Solutionis attached. IT Process Access Site Admin, Diane Metcalf, assigns all permissions on a per-user and per-folder basis: write-only, read-only, or full read-write access. Data Manager will have full access to the directory root, and its two folders: The “NC DPI Validity Data” folder (will contain raw data and unique identifiers [PII]), and the “Shared” folder. Dr. Metcalf, as data analyst, will “see” and have access only to the “Shared Folder”. A designee of the NCDPI will be given access allowing requisite data files to be uploaded. Immediately following verification of successful upload, access to all files will be discontinued for this individual.
    • Documents uploaded to the Shared folder will not be overwritten but will be appended numerically allowing correction of inaccurate or unintended revisions to data files Data Acquisition and Management Data will be uploaded by NCDPI to the secure server in six distinct datasets provided in CSV format. Separate data sets for each of the following will be uploaded: 1. All school- or district-based School Psychologists currently employed in this role in North Carolina; 2. All school- or district-based School Counselors currently employed in this role in North Carolina; 3. All school- or district-based Social Workers currently employed in this role in North Carolina; 4. All school- or district-based Instructional Technology professionals currently employed in this role in North Carolina; 5. All school- or district-based Media Specialists currently employed in this role in North Carolina; 6. All public schools in North Carolina by district. Data sets 1-5 above are considered the keystone data and will include at LEAST the following for each subject: Last Name First Name NC Educator ID Number Last four (4) digits of Social Security Number Full Name of School where employed with City and Zip Code NC School Code and/or Full Name of District where employed with City, Zip Code, and County NC District Code Highest Degree Completed Current Licenses Held Other (TBD) Data set 6 above will include at LEAST the following for every public school and district in North Carolina: Full Name of School City and Zip Code School Code Grade/Age Range of School School Demographic Data (TBD)
    • School Academic Performance Data (TBD) Full Name of District City, Zip Code, and County District Code District Demographic Data (TBD) District Academic Performance Data (TBD) Data Aggregation Upon successful upload of all data and requisite data sets, the Data Manager will prepare each of five distinct data sets (one for each of the five professional areas). The following process will be applied:  The keystone data sets will serve as the foundation for each subsequent data set. These data will be used to link all other data to individual subjects, which is necessary for the required analyses.  School and District data from data set 6, will be integrated into each of five distinct data sets, each representing all North Carolina professionals within the respective professional cadre.  Upon verification that the Individual, School, and District data have been accurately and successfully integrated, a unique Validity Identifier (specific to this project and containing no PII for any subject) will be assigned by the Data Manager to each subject.  Upon assurance that each data set has been accurately aggregated and unique identifiers appropriately assigned, the Data Manager will create a copy of each of the five professional cadre data sets that includes the Valdidity Identifier for each subject and all available Professional, School, and District data, but from which all directly PII has been removed.  These non-PII data sets will be used to conduct all validity analyses. After aggregating data across the multiple datasets to be provided by NCDPI, Data Manager will upload the five non-PII data sets to the “Shared” Folder. Dr. Metcalf will “see” and have access only to the “Shared Folder”.
    • After each upload/download of data, copies of the files remaining on PC will be destroyed via the following method: Eraser Eraser is a secure data removal tool for Windows. It completely removes sensitive data from your hard drive by overwriting it several times with carefully selected patterns Erases residue from deleted files Erases MFT and MFT-resident files (for NTFS volumes) and Directory Indices (for FAT) Powerful and flexible scheduler Data destruction may be precision scheduled. Data Sanitization Methods:DoD 5220.22-M, AFSSI-5020, AR 380-19, RCMP TSSIT OPS-II, HMG IS5, VSITR, GOST R 50739-95, Gutmann, Schneier, Random Data License: GNU General Public License version 3.0 (GPLv3) Cost Summary The total cost of operating a file server is lower with (Server Solution) than an in-house solution. The PRO Package includes: 10 GB storage included, then $4 per GB. 25 users included, then $1 per user.
    • Customize Logos and Colors. Supports ftp.your-site.com domain The MAX Package 50 GB storage included, then $3 per GB. Unlimited Users. Customize Logos, Colors, and Domain. Custom CSS for workspace and login page. No branding. Server Host Security Audits Our web servers are automatically audited for security quarterly by McAfee SECURE, a PCI-approved Independent Scanning Vendor. We have passed their audits and they find us in compliance with their requirements.
    • Our servers are also automatically audited for security quarterly by Trust Guard. We have qualified for their Security Scanned seal. In order to qualify for the the Security Scanned seal, it means that we pass a thorough quarterly scan of more than 37,000 known vulnerabilities. If our servers ever fail to be in compliance with either security audit (if, for example, a new vulnerability is discovered), we will correct the problems as quickly as possible and then request a new audit immediately Server Access Our servers are Amazon EC2 Server Instances. Our servers are kept behind a firewall (configured in a default deny mode) and only the ports necessary for operation are exposed to the public Internet. Files are hosted using Amazon's S3 Simple Storage Service. Amazon S3 provides a highly durable storage infrastructure designed for mission-critical and primary data storage. Only Action Verb, LLC employees with a legitimate business need have the ability to log-in to our servers or databases directly. Access is removed from employees immediately if they leave the company or no longer have a business need to access the servers. User Account Security Passwords are stored in a salted encrypted format, unless you specify otherwise. Unless cleartext passwords are enabled, site administrators cannot see user passwords. Administrators can require users to change their password on their next login. Administrators can restrict access to certain IPs or IP ranges, either on a peruser or site-wide basis. Encryption We support 2048-bit SSL encryption for all FTP and HTTP connections to the Service. This is an extremely high level of encryption. For HTTP (web workspace) connections, SSL encryption (https://) is required for all connections. If a user attempts to connect to the web workspace via unsecured HTTP (http://), we will automatically redirect them to the secure HTTP address (https://). There is one exception to this:
    • If you use the Pro or Max plan and choose to use your own domain name, by default we will disable SSL via the web interface to avoid showing your users a "certificate mismatch" error. o If you would prefer to have the security over the pointed domain name, turn on the Require SSL option in the Site tab and we will redirect your users to a secured page hosted at https://yourname.(Server Solution).com For FTP (file transfer protocol) connections via port 990, 2048-bit SSL encryption is supported and required on all connections. For FTP (file transfer protocol) connections via port 21, 2048-bit SSL encryption is supported, though not required by default. You may configure your account to refuse insecure FTP connections by setting an option in the Site tab. Files are encrypted-at-rest, with all encryption keys stored in a key-management escrow service operated by Amazon S3. (** Applies to all files uploaded after October 5, 2011.) o Physical Servers All of our server instances, file storage, and database hosting are provided by Amazon Web Services, a subsidiary of Amazon.com. Amazon Web Services has achieved ISO 27001 certification and has successfully completed multiple SAS70 Type II audits. Amazon has many years of experience in designing, constructing, and operating large-scale datacenters. This experience has been applied to the Amazon platform and infrastructure. Amazon datacenters are housed in nondescript facilities. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means. Authorized staff must pass two- factor authentication a minimum of two times to access datacenter floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff. Amazon only provides datacenter access and information to employees and contractors who have a legitimate business need for such privileges. When an employee no longer has a business need for these privileges, his or her access is immediately revoked, even if they continue to be an employee of Amazon or Amazon Web Services. All physical access to datacenters by Amazon employees is logged and audited routinely. Our agreement with Amazon ensures that they will act within the scope of our Privacy Policy Environmental Safeguards
    • Automatic fire detection and suppression equipment has been installed to reduce risk. The fire detection system utilizes smoke detection sensors in all data center environments, mechanical and electrical infrastructure spaces, chiller rooms and generator equipment rooms. These areas are protected by either wet-pipe, double-interlocked pre-action, or gaseous sprinkler systems. The data center electrical power systems are designed to be fully redundant and maintainable without impact to operations, 24 hours a day, and seven days a week. Uninterruptible Power Supply (UPS) units provide back-up power in the event of an electrical failure for critical and essential loads in the facility. Data centers use generators to provide back-up power for the entire facility. Climate control is required to maintain a constant operating temperature for servers and other hardware, which prevents overheating and reduces the possibility of service outages. Data centers are conditioned to maintain atmospheric conditions at optimal levels. Personnel and systems monitor and control temperature and humidity at appropriate levels Server Softwre Updates and Patches Our web and file servers run the latest version either the Ubuntu Linux operating system distribution (currently, version 10.04) or the CentOS Linux operating system distribution (currently, version 5.4). Our web application is developed using the latest version (version 3) of Ruby on Rails. We use the latest version of MySQL (5.1) for our database servers. We subscribe to the security announcement mailing lists for Linux, CentOS, Ubuntu and Ruby on Rails and install critical security updates as soon as possible after they are announced. We install non-critical and non-security related software updates to Ubuntu, CentOS, or Ruby on a weekly basis. Updates to MySQL are managed by Amazon, and they install critical security updates as quickly as possible HIPAA
    • (Server Solution) has many customers who are subject to the Health Insurance Portability and Accountability Act (HIPAA). As such, we are well aware of the relevant requirements and have designed our service to be compliant with HIPAA. (Server Solution) itself is not considered a "covered entity" or a "Business Associate" and as such is not itself regulated by HIPAA. Therefore, you do not need to enter into a Business Associate Agreement (BAA) with (Server Solution). This page on the HHS website explains that a business associate contract is not required with "a person or organization that acts merely as a conduit for protected health information, for example, the US Postal Service, certain private couriers, and their electronic equivalents." The rest of this document explains the various physical and technical measures we use to protect your data. You may refer to it in any internal auditing that you perform. Please be sure to follow the steps in the For Maximum Security section above to ensure that you have configured (Server Solution) to be compliant. Redundancy and Backups We recognize that the availability of your data is very important to you. This document explains the technology and procedures that we use to ensure availability on the (Server Solution) service. Please also be sure to read our Privacy Policy, and Terms of Service which will prevail in the event of a conflict with this document. Physical Servers and Datacenters ■All of our server instances, file storage, and database hosting are provided by Amazon Web Services, a subsidiary of Amazon.com. ■Amazon Web Services has achieved ISO 27001 certification and has successfully completed multiple SAS70 Type II audits. ■Amazon has many years of experience in designing, constructing, and operating largescale datacenters. This experience has been applied to the Amazon platform and infrastructure. File Storage ■We store all files uploaded by customers in the Amazon S3 Simple Storage Service. Amazon S3 provides a highly durable storage infrastructure designed for mission-critical and primary data storage.
    • ■Objects are redundantly stored on multiple devices across multiple facilities in an Amazon S3 Region. Once stored, Amazon S3 maintains the durability of your objects by quickly detecting and repairing any lost redundancy. ■Amazon S3 also regularly verifies the integrity of data stored using checksums. If corruption is detected, it is repaired using redundant data. ■We further utilize the "Versioning" feature of Amazon S3 to save backups of files that are modified or deleted. Currently we retain backups of such files for at least 30 days, though they may be retained longer than that. Our support staff is able to restore deleted files directly back to your account. ■All files are stored in the US Standard Region of Amazon S3, which means that they are exclusively stored within the United States. ■Files are encrypted-at-rest within Amazon S3, with all encryption keys stored in a keymanagement escrow service operated by Amazon S3. (** Applies to all files uploaded after October 5, 2011.) Front-End Server Redundancy ■Our front-end HTTP and FTP servers are server instances powered by the Amazon EC2 Elastic Compute Cloud. Within Amazon EC2, we maintain at least four separate client-facing HTTP/FTP front-end server instances, each in a separate EC2 Availability Zone. ■Availability Zones are distinct locations that are engineered to be insulated from failures in other Availability Zones. By launching instances in separate Availability Zones, applications are prevented from failure of a single location. ■These server instances are all monitored every minute on ports 80, 443, 21, and 990 to ensure uptime. Whenever any instance goes down, our server administrators are immediately paged. ■We save daily snapshot backups of the hard disks of these server instances (via Amazon Elastic Block Store) and retain them for at least 7 days. These backups include all access logs. ■While we ordinarily operate from the Amazon EC2 US-East Region (Northern Virgina), we have procedures in place that would allow us to migrate our entire service to the Amazon EC2 US-West Region (Northern California) in the event of a major disruption to US-East.
    • Database Redundancy ■We use Amazon Relational Database Service, a managed database hosting service to host our databases. Amazon RDS ensures that our databases are always patched with the latest updates. ■We use the "Multi-AZ" capability of Amazon RDS to ensure that a hot-backup standby database server is always running and available in a separate Availability Zone. ■We have Point-in-time Restore capabilities on our database servers for any time in the last 7 days. This means that we can restore our database to its state at any given time in the past 7 days (such as immediately before a service disruption). ■Additionally, we take full database snapshots and store them in Amazon S3 every 24 hours. These snapshots are retained for at least 7 days. Software Issues ■Our servers are configured to page and E-Mail our system administrators any time any unexpected event (called an "Exception") occurs in our web application software. ■Our engineers respond as quickly as possible to any error states. ■We retain these exception reports for at least thirty days. Service Level Agreement ■We recognize that downtime can be costly and reflect poorly on your business. As such, we will provide compensation in the form of credit card refunds if certain uptime goals are not met and you request a refund. ■We define uptime as the percentage of time during a billing period HTTP and FTP services are available on ports 80, 443, 21, and 990. The uptimes of these 4 services as computed by Wormly (or another monitoring system we may choose to engage) will be averaged together to compute an overall uptime. ■If uptime during a billing period is below 99%, you are entitled to a refund of your entire monthly fee. ■If uptime during a billing period is below 99.5%, you are entitled to a refund of half of your monthly fee.
    • IP Addresses ■(Server Solution) makes use of the following IP addresses. If you restrict outbound access via a firewall, please whitelist all of these IP addresses for ports 80, 443, 21, and 990, as well as FTP data ports 40000-50000. 23.23.81.124 184.73.221.249 174.129.25.233 174.129.25.251 174.129.42.130 174.129.41.157 174.129.33.152 174.129.251.73 50.18.182.145 50.18.182.178 50.18.182.181 50.18.182.182 The first eight are active IP addresses. The second four are backup IP addresses in a separate region that may be enabled in the event of a service disruption. Please make sure that all IP addresses are white-listed, as we may switch between these at any time. Environmental Safeguards ■Automatic fire detection and suppression equipment has been installed to reduce risk. The fire detection system utilizes smoke detection sensors in all data center environments, mechanical and electrical infrastructure spaces, chiller rooms and generator equipment rooms. These areas are protected by either wet-pipe, doubleinterlocked pre-action, or gaseous sprinkler systems. ■The data center electrical power systems are designed to be fully redundant and maintainable without impact to operations, 24 hours a day, and seven days a week. Uninterruptible Power Supply (UPS) units provide back-up power in the event of an electrical failure for critical and essential loads in the facility. Data centers use generators to provide back-up power for the entire facility. ■Climate control is required to maintain a constant operating temperature for servers and other hardware, which prevents overheating and reduces the possibility of service outages. Data centers are conditioned to maintain atmospheric conditions at optimal levels. Personnel and systems monitor and control temperature and humidity at appropriate levels.