User Encryption for External Connections
Customer access to IPS hosted applications is through the Internet. SSL or TLS encryption technology is used to encrypt this traffic. Connections are negotiated with a minimum of 128-bit encryption. The private key used to generate the cipher has an SHA-256 signature and a length of at least 2048 bits. It is recommended that the latest available browsers certified for IPS programs, which are compatible with higher cipher strengths and have improved security, be utilized for connecting to web enabled programs. The list of certified browsers may be provided by IPS for each specific application upon request to the IPS Support portal. In some cases, a third-party application that a customer wishes to integrate may not accept an encrypted connection. Cases such as these will be reviewed individually and a decision to permit unencrypted (HTTP) integration will be made by IPS.
Segregation of Networks
IPS’s data centers contain isolated networks used to deliver applications to IPS users and customers. Networking technologies are deployed in a layered approach designed to protect application data at the physical, data link, network, transport, and program level. Access controls are multi-tiered, consisting of the network, system, database, and program layers. Access is based on a "deny by default" policy.
Network Access Control
IPS technical support and operations teams access application environments through a segregated network connection, which is dedicated to environment access control and isolated from IPS's internal corporate network traffic. The dedicated network functions as a secured access gateway between support systems and target application and database servers. Authentication, authorization, and accounting are implemented through standard security mechanisms designed to ensure that only approved operations and support engineers have access to the systems. Cryptographic controls are implemented to provide operations and support with secured, easily configured access to target environments.
IPS is not responsible for the Customer’s network connections or for conditions or problems arising from or related to Customer’s network connections (e.g., bandwidth issues, excessive latency, network outages), or caused by the Internet. IPS monitors its own networks and will work to address internal issues that may impact availability.
Routing controls implemented for IPS provide the connection point between the IPS and the Internet Service Provider(s). Border routers are deployed in a redundant, fault tolerant configuration. Routers are also used to enforce traffic policies at the perimeter.
IPS utilizes firewalls to control access and filter traffic between all disparate networks. This ensures that all traffic passing between any external, perimeter, management, or internal IP network crosses a firewall interface. Firewalls are deployed in a layered approach to perform packet inspection with security policies configured to filter packets based on protocol, port, source, and destination IP address, as appropriate, to identify authorized sources, destinations, and traffic types.
Network controls implemented for IPSs address the protection and control of data during its transmission between the customer system and the IPS hosted system. The network security infrastructure is designed to secure the servers from a network-based attack. Redundant, managed firewalls, using stateful packet inspection, provide barriers between tiers of the architecture. Traffic is filtered, and only valid connections are allowed through into the network demilitarized zone. Traffic within each tier is restricted and controlled for security purposes.
Network Intrusion Detection and Prevention Systems
IPS utilizes Network Intrusion Detection Systems (nIDS) to protect the environment. nIDS is deployed in either IPS (Intrusion Prevention Mode) or IDS (Intrusion Detection Mode) on the network, to monitor and block suspicious network traffic from reaching protected networks. nIDS alerts are routed to a centralized monitoring system that is managed by Information Technology operations teams 24x7x365.
Network Vulnerability Assessments
IPS utilizes network vulnerability assessment tools and external third-party services to identify security threats and vulnerabilities. Formal procedures are in place to assess, validate, prioritize, and remediate identified issues. IPSuses vulnerability notification systems to stay apprised of security incidents, advisories, and other related information. IPS takes actions on the notification of a threat or risk once confirmed that a valid risk exists, that the recommended changes are applicable to service environments, and the changes will not otherwise adversely affect the services.
IPS employs host-based antivirus software to files on disk. Files that trigger a virus detection are cleaned or removed automatically, and an alert is automatically generated which initiates IPS’s incident response process. Virus definitions are updated daily.
Configuration Audit and Control
IPS uses a centralized system for managing the integrity of network device configurations. Change controls are in place to ensure only approved changes are applied. Regular audits are also performed to confirm compliance with security and operational procedures.
IPS employs standardized system hardening practices across IPS devices. This includes restricting protocol access, removing or disabling unnecessary software and services, removing unnecessary user accounts, patch management, and logging.
Physical Security Safeguards
IPS provides secured computing facilities for both office locations and production infrastructure. Datacenters housing information for IPS customer environments hold SSAE 16 Type II and SOC 2 Type II certifications. Common controls between office locations and co-locations/datacenters currently include the following:
- Physical access requires authorization and is monitored.
- Visitors must sign a visitor's register and be escorted and/or observed when on the premises
- Possession of keys/access cards and the ability to access the locations is monitored.
- Entrances are protected by physical barriers designed to prevent vehicles from unauthorized entry
- Entrances are security monitored 24 hours a day, 365 days a year
System Access Control
System access controls include system authentication, authorization, access approval, provisioning, and revocation for employees and any other IPS-defined 'users'. Under normal operating circumstances, IPS does not manage end-user security within customer applications. However, IPS does reserve the right to intercede on behalf of the customer during security contingency events, or upon request of the customer. Customer may configure the programs and additional built-in security features.
Access to IPS systems is controlled by restricting access to only authorized personnel. IPS enforces strong password policies on infrastructure components and management systems used to operate the environment. This includes requiring a minimum password length, password complexity, and regular password changes. Strong passwords or multi-factor authentication are used throughout the infrastructure to reduce the risk of intruders gaining access through exploitation of user accounts.
Review of Access Rights
Network and operating system accounts for IPS employees are reviewed regularly to ensure appropriate access levels. In the event of employee separation, IPS takes prompt actions to terminate network, telephony, and physical access for such former employees. Customer is responsible for managing and reviewing access for its own accounts.
IPS performs critical and security related change management and maintenance as defined and described in the IPS Change Management Policy. For any critical or security update that IPS will deploy for designated IPS applications, IPS will apply and test the update on a stage environment of the applicable application. IPS will apply the update to the production environment of the application upon completion of successful testing.
IPS offers several standard encryption technologies and options to protect data, depending on the particular application, while in transit or at rest. For network transmission, Customers may choose to use secured protocols (such as TLS) to protect their data in transit over public networks. Secured protocols offer strong encryption algorithms. Strong key management policies and processes are employed for all IPS encryption.
Transit of Physical Media
Designated IPS personnel handle media and prepare it for transportation according to defined procedures and only as required. Digital media is logged, encrypted, securely transported, and as necessary for backup archiving vaulted by a third-party off-site vendor. Vendors are contractually obligated to comply with IPS-defined terms for media protection.
Upon termination of services or at Customer's request, IPS will delete environments or data residing therein in a manner designed to ensure that they cannot reasonably be accessed or read, unless there is a legal obligation imposed on IPS preventing it from deleting all or part of the environments or data.
Secure File Transfer
Secure file transfer functionality is built on commonly used network access storage platforms and uses secured protocols for transfer (such as SFTP). The functionality can be used to upload files to a secured location, most commonly for data import/export on the IPS hosted service, or downloading files at service termination.
Security Incident Response
IPS evaluates and responds to incidents that create suspicions of unauthorized access to or handling of Customer data whether the data is held on IPS hardware assets or on the personal hardware assets of IPS employees and contingent workers. When IPS becomes aware of such incidents and, depending on the nature of the activity, escalation paths and response teams are established to address those incidents. IPS will work with Customer, the appropriate technical teams, and law enforcement where necessary to respond to the incident. The goal of the incident response will be to restore the confidentiality, integrity, and availability of Customer's environment, and to establish root causes and remediation steps. Operations staff has documented procedures for addressing incidents where handling of data may have been unauthorized, including prompt and reasonable reporting, escalation procedures, and chain of custody practices. If IPS determines that Customer's data has been misappropriated, IPS will report such misappropriation to Customer within 72 hours of making such determination, unless prohibited by law.