CallidusCloud partners with localized world leaders in co-location hosting centers to provide environmentally controlled, secure facilities that use an integrated security management system. This includes electronic photo ID badging, cardholder access control, biometrics, recorded digital video surveillance, and alarm monitoring. All enterprise customers are hosted in data centers that are ANSI TIA/EIA-942 Tier III+ rated facilities. They provide continuous monitoring, 24-hour, year-round onsite security personnel, and intrusion detection alarm systems. In addition, the facilities include safeguards that:
- BLOCK ILLEGAL ENTRY via biometric readers, and bulletproof walls,
- IMMEDIATELY ACT ON SECURITY BREACHES through the use of silent alarms.
- AVOID DOWNTIME with redundant power links to local utilities, backup batteries, and uninterruptible power supplies
- PROVIDE A SHIELD against fire, natural disasters, and weather shifts with fire suppression systems; environment monitoring; and earthquake-safe designs
- PROVIDE ENHANCED BACKUP AND RESTORE CallidusCloud runs full and incremental data backups daily or weekly and full archive logs backups daily, where applicable. Back up data is stored on an encrypted disk using AES 256-bit encryption. This data is available for rapid reimplementation and system restores if needed for any reason.
Database environments used in cloud computing can vary significantly. CallidusCloud secures data while at rest, in transit, and in use, and implements strict measures for:
- ACCESS CONTROL All access to information processing facilities and business processes are controlled according to business and security requirements.
- DATABASE AUDITS Regular database audits allow CallidusCloud to maintain records demonstrating proof of origin.
- DATA ENCRYPTION CallidusCloud solutions use a minimum of Advanced Encryption Standard (AES) 256-bit encryption to secure data at the block level of the storage systems.
CallidusCloud applications employ extensive security measures to protect against the loss, misuse, and unauthorized alteration of data. CallidusCloud ensures security through continuous software testing to:
DATA SEGREGATION INTRUSION PREVENTION BUSINESS CONTINUITY
- PROTECT AGAINST IMPROPER LOGINS by requiring user logins each time the application is opened, by using automatic logouts after thirty minutes and account locks after multiple failed logins.
- PROVIDE BEST PRACTICE SECURITY at all levels (function, transaction, field, and data) by using role-based permissions (RBP).
- REPEL ATTACKS in application-level firewalls to prevent SQL injection and cross-site scripting attacks and test applications using OWASP.
The architecture of the software and hardware used to deliver cloud services can vary significantly among public cloud providers. Therefore, it is important to understand the technologies the cloud provider uses to provision services and the implications they have on the security and privacy of the system throughout its lifecycle. CallidusCloud ensures that proper safeguards are in place to enforce authentication, authorization, and other identity- and access-management functions, including:
- MULTIFACTOR AUTHENTICATION, which is required for administrators who manage the production environment
- SINGLE SIGN-ON AND IDENTITY FEDERATION, which allows you to authenticate directly from your existing authorizing system, via Lightweight Directory Access Protocol (LDAP), tokens, or Security Assertion Markup Language (SAML 2.0)
- SAML 2.0 ASSERTION, which allows you to authenticate users using your choice of identity provider and provides a standard mechanism to safely transmit the identity information to CallidusCloud
- SECURE SOCKET LAYER (SSL) TECHNOLOGY, which protects application information accessed through a browser using server authentication and data encryption
CallidusCloud uses industry-leading routers, switches, and load balancers that are configured to provide secure, highly available access. Then, we ensure that every component of the IT network – from the point of entry to the place where information is stored – is meticulously configured, deployed, maintained, and continually tested for optimal performance. Finally, CallidusCloud takes extra steps to:
- REINFORCE SECURITY with redundant connections to multiple Tier 1 Internet service providers (ISPs) for highly available network access. All network equipment is redundant, providing seamless failover between devices.
- PROTECT NETWORK AND APPLICATIONS through Intrusion Detection Systems (IDS) or Intrusion Prevention Systems (IPS), network vulnerability scanning, and third-Party penetration tests.
- MITIGATE AGAINST DENIAL OF SERVICE ATTACKS by using a major third-party provider to deliver a scalable, fault-tolerant global Domain Name System (DNS) and Service Level Agreements (SLAs) with our Internet service providers (ISPs) for DoS response and mitigation support.