Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
WHITEPAPER
SECURITY + INFRASTRUCTURE
Central Desktop / Updated April 22, 2015
2 / 25WHITEPAPER: SECURITY + INFRASTRUCTURE / ©2015 Central Desktop
Table of contents
Introduction 3
Security overview 4
Perimeter + physical security 4
Key security features + advantages 5
Surveillance 5
Authorized access only 5
Remote access 6
SSAE 16 Type II 6
Building,firesuppression+powerbackup 7
Applicationsecurity 8
Userauthentication/loginsecurity 8
Advancedpasswordsecurityoptions 9
Permissions and rights management 10
Company permissions management 10
Workspace permissions management 10
TLSencryptionandtrustedemaildomainsupport 11
Trusted IP addresses 12
Customtermsofserviceandprivacypolicy 13
Globalperformance 14
Network security 15
Third-partynetworkauditing 15
CentralDesktop’smulti-layernetworksecurityprotection 16
Securitylayers 17
Siteoperations 17
Securitypatchesandupgrades 17
Dataintegrity 18
Protecteddatastorage 18
Virusscanning 18
SSLdataencryption 19
Databackupsandrestoration 20
Complete system redundancy 21
Comprehensive disaster recovery plan 22
Uptime/highavailability 23
Summary: Your data is secure and protected 24
AboutCentralDesktop 25
3 / 25WHITEPAPER: SECURITY + INFRASTRUCTURE / ©2015 Central Desktop
IntroductionTheaccessibility,securityandintegrityofyourdataareintegraltothesuccessofyourcompanyandthereputationofourbusiness.BecauseCentralDesktopisdeliveredasacloud-basedSoftware-as-a-Service(SaaS)solution,reliabilityanduptimeofourservicesareofutmostimportanttoyourbusinessandoursuccess.
YourdataissecurewithCentralDesktop.TheCentralDesktopplatformrunsonaproveninfrastructuredesignedtoprovidemaximumsecurity,performanceandreliability.
CentralDesktoppartnerswithleadingdatacentersAlchemyCommunicationsandCorexchangetoprovideitscustomersandpartnerswithstate-of-the-artperimeter,network,server,applicationanddatasecuritytoensureprivacyandavailability.Thedatacenterinfrastructureincludesraisedfloors,state-of-the-artfiresuppression,abundantandredundanthigh-speedinternetconnectivity,redundantpowerandaself-containedcoolingsystem.Wemaintaintwogeographicallyseparatedfacilitiestoensurecustomerdatasecurityandintegrityintheeventofanydisaster.
Businessthesedaysisglobal,whichiswhyCentralDesktophaspartneredwithAkamai,theleaderincontentdeliverynetworksandglobalapplicationacceleration.CentralDesktopleveragestheAkamaiinfrastructurefootprinttoboostapplicationresponsivenessandfiletransferperformance,ensuringyouandyourcollaboratorsgetagreatexperience,nomatterwhereontheglobeyouareusingthecollaborationplatform.
CentralDesktopprovidesourcollaborationplatformtomorethan550,000usersworldwide.Ourtypicalcustomerisafast-paced,medium-sizedbusinessorganizationorateamordepartmentwithinalargeFortune500orGlobal2000company.Alltheseorganizations,regardlessofsize,trustandrelyonCentralDesktoponadailybasis.
4 / 25WHITEPAPER: SECURITY + INFRASTRUCTURE / ©2015 Central Desktop
Security overviewCentral Desktop’s security and infrastructure were designed to provide maximumperformanceandreliabilitywithstate-of-the-artphysicalanddatasecurityandredundancy.CentralDesktop’ssecuritypolicywasarchitectedwithmultiplelayersofsecurity,safeguards,andredundancytowardoffexternalsecuritythreats.
Perimeter + physical security Central Desktop is dedicated to developing and maintaining a state-of-the-artphysicalsitesecuritywhereithostsitsdataandservers.CentralDesktop hosts its primary servers and data at the Alchemy Data Center inIrvine,California.TheAlchemyDataCenterisdesignedtowithstandpoweroutages,fire,intrusionandtampering,andnaturaldisasterscenariosincludingan8.3magnitudeearthquake.CentralDesktophostsitsbackupserversanddatainageographicallyseparatelocationmorethan800milesawayinDallas,TexasattheCorexchangeDataCenter.
5 / 25WHITEPAPER: SECURITY + INFRASTRUCTURE / ©2015 Central Desktop
Key security features + advantages
Surveillance
Physicalaccesstothedatacenteriscontrolledandmonitored24/7by:
•Uniformedbuildingsecurityservices
•Videocameraandelectronicsurveillancewithintrusiondetection
•Onsite24/7technicalpersonnel
Authorized access only
Central Desktop only allows authorized personnel to access the physical siteserversanddata(includinganyremote,virtualortele-accesstothedatacenter).
Authorizedpersonnelmustpasscriminalandhistoricalbackgroundchecksandmustsignstrictnon-disclosureagreements(confidentialityagreements)withregardstoprotectingandaccessingcustomerdata.Breachestotheagreementscarryseverelegalpenaltiesandramifications.Authorizedpersonnelarerequiredtopassthroughelectronicandvisualidentityvalidationsystemstoenterthedatacenter.Accesstothedatacenterismaintainedbytime-stampedlogsforhistoricalretrieval.
AllofCentralDesktop’sequipment(servers,routers,switches,storagedevices)isstoredinsecurelylockedcabinetsandcages.
6 / 25WHITEPAPER: SECURITY + INFRASTRUCTURE / ©2015 Central Desktop
Remote access
Remote Access to the Central Desktop servers are strictly controlled andlimitedtoauthorizedpersonnelonly.Anyauthorizedremote accessissolelyexecutedviaencryptedcommunications.
SSAE 16 Type II
CentralDesktopandallofitsdatacentersareSSAE16TypeIIcompliant.Askyoursalesrepresentativeforacopyofourlatestreports.
SSAE16isanenhancementtothepreviousstandardforReportingonControlsataServiceOrganization,theSAS70.SSAE16isawidelyrecognizedauditingstandarddevelopedbytheAmericanInstituteofCertifiedPublicAccountants(AICPA).Aserviceauditor’sexaminationperformedinaccordancewithSSAE16(“SSAE16Audit”)representsthataserviceorganizationhasbeenthroughanin-depthauditoftheircontrolobjectivesandcontrolactivities.Thisauditoftenincludescontrolsoverinformationtechnologyandrelatedprocesses.CentralDesktop’sSSAE16 Type II audits ensure that appropriate processes and controls have beenestablishedandthata3rdpartyhasreviewedthesecontrolsoveraperiodoftimeandfoundthemtobeworkingeffectively.YourcompanycanusetheCentralDesktopservicewithcompleteconfidence
7 / 25WHITEPAPER: SECURITY + INFRASTRUCTURE / ©2015 Central Desktop
Building, fire suppression + power backup
Alchemy’s newest data center is a state-of-the-art 42,500 sq.ft.facilitylocatedlessthantwomilesfromJohnWayneAirport.Thiscarrier-neutralfacilityhasdiverseentrypoints,withbothVerizonandAT&TPointofPresence.Constructedin1989,thebuildingfeatures18-inchraisedfloorsandisequippedwitheveryessentialtohouseandprotectyourdata.ThetelecommunicationabilitiesareendlesswithdarkfibertoOneWilshireinadditiontomultiplefibercarrierssuchasTWTelecom,Level3,VerizonBusiness,andAT&T.Never fear a power outage again: the Irvine Data Center has N+1 redundancy on all systems, and four 600KW Caterpillar Generatorswithenoughfuelcapacitytorunfor16hours.
Plus, the data center accesses two Southern California Edison PowerGridsformaximumpowerredundancy.Alchemygoesto great lengths to ensure the safety of your data, from a superiorcoolingsystemofsixteenindependentDX-basedairhandlers,tohigh-gradefiresuppressionsystemsofdoubleinterlockingpre-actiondrypipesforbothHalonandFM-200.Withbiometricsecurityandcardreaderscontrollingbuildingaccess,aswellasvideosurveillanceandaDedicatedNetworkOperationsStaffpatrollingallbuildingentrances,itisclearAlchemytakesgreatcareinnotonlydata-retention,butalsodata-protection. This battery backed-up UPS system ensures that none of the critical equipment has an
interruption of power while waiting for the generators to kick in.
8 / 25WHITEPAPER: SECURITY + INFRASTRUCTURE / ©2015 Central Desktop
Application securityUser authentication / login securityPhysicalaccesstothedatacenteriscontrolledandmonitored24/7by:
•Uniformedbuildingsecurityservices
•Workspacemembers(users)areinvitedbyadministratorsandworkspaceowners,thusensuringsecureaccessisrestrictedtospecifiedusers.
•AllCentralDesktopuserscreateauniqueusernameandpasswordwhentheycreateaprofile.
•Userauthenticationiscontrolledviauniqueandvalidusernameandpasswordcombinationthatisencryptedusingaone-wayhash.Whenuserssubmitusernameandpasswordviathisone-wayhashtoCentralDesktop,auniquedigitalsignature(orfingerprint)iscreated,whichinturnidentifiesandauthenticatesthesenderandthecontentsofthemessage.
•Aftertheone-wayhashsecurelogin,thesecuritymodelisreappliedwitheveryrequestandenforcedfortheentiredurationofthesession.Thesecuritymeasuresaretransparenttotheuseranddonotcauseanyperformancedrag,latency,orslowdown.
•Eachadditionalrequestisre-verifiedandiftheuser’ssessioncannotbeauthenticatedortheuser’sstatusonthesitehaschanged(i.e.,theuserisdeletedfromtheworkspaceorcompanybytheadministrator),theuserwillnotbeallowedtoaccessthespecifiedworkspaceordata.
•CentralDesktopdoesnotuse“cookies”tostoreotherconfidentialinformationandhasimplementedadvancedsecuritymethodsbasedondynamicdataandencodedsessionIDs.
•CentralDesktopuses“expiringheaders”whichenablesuserswiththeabilitytoensuremaximumsecurityaftertheylogoutofthesystem–eliminatingtheabilityforotheruserstoaccesscachedpagesinthebrowser.
9 / 25WHITEPAPER: SECURITY + INFRASTRUCTURE / ©2015 Central Desktop
Advanced password security options Available with Central Desktop for Enterprise, Agencies and Marketers
CentralDesktopprovidesanadditionallayerofpasswordsecuritybyallowingtheadministratortoadjustarangeofpasswordoptionssuchas:
• Minimum password length Theadministratorcandeterminewhattheminimumpasswordlengthmustbeforalluserswithinthecompany.Toensureaminimumlevelofpasswordsecurity,CentralDesktopnativelyrequiresaminimumof6characters,butcansupportuptoa50-characterminimumpasswordlength.
• Password save option Theadministratorcandeterminewhetherornottoenablethe“RememberMe”functionatthepointofloginforalluserswithinthecompany.ThisoptionshouldbedisabledifadministratorsareconcernedaboutusersaccessingCentralDesktopfrompublicterminalsandlocationsandwanttoensurethatlogincredentialsarenotsaved.(Note:Whetherornotthisfeatureisenabled,userscanstillsaveusernameandpasswordlocallyviathewebbrowser.)
• Password complexity Administratorscanrequireuserstouse“complex”passwordcredentials.Enablingthisfeaturewillrequirealluserstoincludethefollowingdetailsinpasswords:
- At least one lowercase character - At least one UPPERCASE character -Atleastonedigit(numeral) -Atleastonespecialcharacter–oneofthefollowingcharacters:@#$%^&+=-!
• Password change frequency Administratorscandeterminehowoftenuserpasswordsexpire,forcinguserstocreateanewpasswordevery30,60,90,180,or365days.
10 / 25WHITEPAPER: SECURITY + INFRASTRUCTURE / ©2015 Central Desktop
Permissions and rights managementCentralDesktopprovidescustomizablepermissionsand rights management to accommodate a variety of customerneeds.Userpermissionsaremanagedatboththe company level and at the workspace level, allowing accesstospecifiedworkspacesonlyandallowingtheadministrator to further restrict user permissions at the workspacelevel.
Company permissions managementUserpermissionsandaccesscanbemanagedatthecompanygrouplevel,allowingeasyadministration ofuserrightsandaccesstoworkspaces.
Workspace permissions managementGranular permissions are managed at the workspace level forusers(members)andgroups.PermissionssuchasRead,Edit, Add, Delete and Admin rights are granted on a user-by-userorgroup-by-groupbasisattheworkspacelevel.
11 / 25WHITEPAPER: SECURITY + INFRASTRUCTURE / ©2015 Central Desktop
TLS encryption and trusted email domain supportAvailable with Central Desktop for Enterprise, Agencies and Marketers
JustasSSLprotectsyourdataintransitto/fromyourwebbrowser,CentralDesktopusesTransportLayerSecurity(TLS),aprotocolthatencryptsanddeliversemailsecurely.TheTLSencryptionandtrustedemaildomainfeatureallowsyoutocontrolaccessandsendencryptedemailstotrustedusers.
Email domains that are listed as trusted domains will receive a TLS-encrypted email with all ofthecontentsofthediscussion,comment,ordocumentsavailablefortheusertoread.
NOTE:AdditionalTLSsoftwareconfigurationandsetupisrequiredbythecompanytosupportTLSencryption.
12 / 25WHITEPAPER: SECURITY + INFRASTRUCTURE / ©2015 Central Desktop
Trusted IP addressesAvailable with Central Desktop for Enterprise, Agencies and Marketers
The trusted IP address feature allows administrators to restrict access to Central DesktopbyIPaddressorIPrange.OnlylistedIPaddresseswillbeallowedaccesstoCentralDesktop.ThisisidealfororganizationsthatneedtorestrictaccesstoCentralDesktopviaaVPNorofficelocationIPaddress.Thisfeaturecanbeconfiguredatthecompanylevelandoverriddenattheuserlevel.
13 / 25WHITEPAPER: SECURITY + INFRASTRUCTURE / ©2015 Central Desktop
Custom terms of service and privacy policyAvailable with Central Desktop for Enterprise, Agencies and Marketers
ThecustomtermsofserviceandprivacypolicyfeatureallowsadministratorstoforceinternalmembersandexternalmemberstoagreetocustomtermsofserviceandprivacypolicywhentheyregisterwithCentralDesktop.Thisfeatureenablescompaniestocomplywithcertainconfidentialityortermsofuserequiredundercertaincorporatepoliciesorstatutoryrequirements.
14 / 25WHITEPAPER: SECURITY + INFRASTRUCTURE / ©2015 Central Desktop
Global performanceToassureconstantandcontinuousconnectivitytothecoreInternetbackbones,CentralDesktop’snetworkinfrastructureleveragesmulti-homedbandwidthcarriers.Thisensuresglobalaccessanduptimeintheeventofnetworkdiscontinuitywithasinglecarrier.
The redundant layers that comprise and support the networkinfrastructureensurecontinuousconnectivity.Intheeventofabandwidthlayerfailure,theremainingsupportinglayerswilldetectthefailureandtransfercontrolinamatterofseconds.Thisisoftendescribedasa“self-healing”or“automated”network.Thisarchitecture ensures that any single point of failure preventsnetworkdisruption.
Thebestwaytoimprovewebapplicationperformanceistogetthedataclosertotheenduser.CentralDesktopleveragestheAkamaiglobalcontentdeliverynetworktospeedupbothapplicationdeliveryinadditiontofileupload/downloadperformance.
CentralDesktophasintegratedAsperaWANaccelerationfortheultimateinfiletransferperformance.Thisfeatureisespeciallyusefulforlargefiletransfersandbulkuploads/downloads.
Akamai and Aspera ensure a great Central Desktop experience no matter where you are in the world.
15 / 25WHITEPAPER: SECURITY + INFRASTRUCTURE / ©2015 Central Desktop
Network securityCentralDesktophasarchitectedamulti-layeredapproachtosecureanddefendyourdatafromexternalattack.Weleveragestate-of-the-arthardwareandsoftwaresecuritymethodstopreventunauthorizedintrusionbyexternalusersattemptingtoaccessyourdata.Ourinfrastructureproactivelydetersandmonitorsforexternalattacksandunauthorizedintrusions.
Central Desktop employs experienced engineers, system administrators, and ITprofessionalswhopassthroughrigoroustesting,confidentialityagreements,andbackgroundcheckstosecureyourdata.TheCentralDesktopteamisproactivelymonitoringanddeployingnewsecuritymeasuresviasoftwareandhardwareonaregularbasisasappropriate.
Third-party network auditing
Inadditiontoourownsecuritymeasures,ournetworksecurityisauditeddailybyindustry-leadingthird-partysecurityvendorMcAfee.McAfeeperformsnetwork security checks to verify the integrity of the Central Desktop network asseenfromoutsidethenetwork.TheirtestslookforvulnerabilitiesandreportanyissuesimmediatelytotheCentralDesktopteam.
16 / 25WHITEPAPER: SECURITY + INFRASTRUCTURE / ©2015 Central Desktop
Central Desktop’s multi-layer network security protectionCentralDesktopdeploysa“multi-layerednetworksecurityprotectionsystem”tosecureanddefendyourdatafromintrusionandattack.Betweenourservers,whichhousecustomerdataandtheInternet,therearemanylayersofnetworksecurityprotection:
1. Router Thefirstlineofdefensetoprotectyourdataistherouterthatresidesinfrontofthefirewall.Therouterisspecificallyconfiguredtoblockthemostprevalentwormattacksonthewebbyscanningandanalyzingheaderandpacketinformation.Viathescanningprocess,eachpacketisinspectedandeithergrantedauthorizedaccessordeniedbeforeeverreachingthefirewall.Therouteristheinitiallineofdefensetoeliminateunauthorizedandunnecessarytrafficandblocksitfromgainingaccesstothefirewall.
2. Firewall Allinformationanddatarequeststhatpassthroughtheroutermustnextpassthroughthefirewall.Thefirewallplacesstrictlimitsonportsandprotocolsandprovidesthesecondlayerofprotectionforyourdata.NAT(NetworkAddressTranslation),alsoknownasnetworkorIPmasqueradingtechnology,isusedintheCentralDesktopdatacenterfirewalltoprovideanextralayerofsecurity.
3. Intrusion Detection System (IDS) Passingthefirewall,dataflowsarenextscrutinizedbytheIntrusionDetectionSystem(IDS).TheIDSmonitorsnetworktrafficformaliciousactivitiesorpolicyviolationsandreportsanomaliestotheCentralDesktopweboperationsteam.
4.Web server load balancing Webserverloadbalancing,whilenotstrictlyasecuritylayer,alsoprovidesadditionalportscreeningandprotocolprotection.WebserverloadbalancingcanidentifycommonDoSattacksandscreenthembeforereachingtheserver.ItensuresthattheURLrequestsbeingmadearewellformed,thusrejectingattemptedexploits.
5.Web/applicationservers Theweb/applicationserverlayerrunsonFreeBSDwithApacheasthewebserversandCentralDesktopastheapplicationserver.
• Apacheisconfiguredtominimalconfigurationspecificationsrequiredtorunourapplicationlayer. • ApplicationserversareconfiguredtoprocessHTTPrequestsonly. • Othernon-coreInternetprotocolsandservicesaredisabled. • Serversarelockeddownandsecuredattheoperatingsystemandsystemdirectorylevels. • Allnon-essentialportsandserviceshavebeenblocked,locked,anddisabled.
17 / 25WHITEPAPER: SECURITY + INFRASTRUCTURE / ©2015 Central Desktop
Security layersSecurityisbuiltinfromdayonewithyourCentralDesktopsolution. TheCentralDesktopsystem,withmultiplelayersofhardware,software,andnetworkinfrastructure,isdesignedandoptimizedtoprotectyour datafromintrusion.
Site operations • Regularoperationsandsystemadministratormeetingsare
held to discuss and review near-term and long-term industry-compliantsolutions.
• CentralDesktopproactivelymonitorsindustrysecuritywarnings, channels, and alerts to uncover new and emerging securityrisks.CentralDesktopengineersactimmediatelyuponthediscoveryofanysecurityrisksoralerts.
• CentralDesktopproactivelyscansvendor-specificsecuritychannels,including:CiscoSystems,MicrosoftCorporation,FreeBSD,Linux,pluscommunity-basedforumsandchannels.CentralDesktopalsosubscribestoallcommonemailvirusandbugnotificationandalertslists.
Security patches and upgrades • TheCentralDesktopteamroutinelymonitors,evaluates,tests,
andappliessecuritypatches,fixes,updates,andupgrades. • Anyothermission-criticalsecuritypatches,updates,and
upgradesfromvendorandcommunitychannelsarenotifiedandsenttoCentralDesktopandareroutinelyevaluated,tested,andapplied,ifapplicable,within24-72hoursofbeingnotified.
18 / 25WHITEPAPER: SECURITY + INFRASTRUCTURE / ©2015 Central Desktop
Data integrityMillionsofdatafilesresidewithinourcustomers’CentralDesktopworkspaces,andthousandsoffilesareaddedeveryweek.CentralDesktopenlistsavarietyofmethodstoassuredataintegrity,includingdataprotectionbasedonnetworkarchitecture,asdescribedpreviously,plussoftware-enabledSSLdataencryption.
Protected data storage
Yourdata’sintegrityisprotectedbynumerouslayersofstate-of-the-arthardwareandsoftwaresecurity features to prevent hackers or other unauthorized individuals from gaining access to it.Withourmultiple-layernetworksecuritysystem,yourdataissafelysequesteredwelloutofharm’sway.Thefollowingdetailsourapproachto“defense-in-depth”security.
• Securitymodelisreappliedwitheveryrequestandenforcedfortheentire durationofthesession.
• Applicationsecuritymodelpreventscustomerdatacross-overandensures completecustomerdatasegregationandprivacy.
• Customerdataissegmentedfromtheapplicationlayerprovidingadditional securitybuffers.
• Customer data is encrypted at rest using industry-standard AES algorithms (military-gradetools,NSA-classifiedencryption,NISTFIPS197encryption)
Virus scanning
• CentralDesktopserversrunthelatestversionofvirusdetectionsoftware. OurcomputersareadditionallyprotectedbyTrendMicroAntivirus.
• Virusscanningsoftwareisupdateddaily.
• Files uploaded to Central Desktop are virus scanned to ensure safe informationcollaboration.
19 / 25WHITEPAPER: SECURITY + INFRASTRUCTURE / ©2015 Central Desktop
SSL data encryption
AllCentralDesktopcustomerscanleverage256-bitAESHighGradeEncryptionandSecureSocketLayer(SSL)thatprotectsyourdatausingbothserverauthenticationanddataencryption.
• SSLencryptiontechnologyprotectsyourdatafrombeingreadduring transmissionfromyourcomputertoCentralDesktopservers.
• SSLencryptionsoftwareensuresthatwhentherecipientofthetransmitted datareceivestheinformation,thecomputerdecryptstheinformation, authenticatesthesource,andverifiesthedataintegrity.
• SSLencryptiontechnologyleveragesdigitalcertificatestoverifytheidentity ofthedataflowovertheinternetandallowsforencryptionanddecryption byauthorized(authenticatedsources).
CentralDesktopusesComodo/USERTrustforitsSSLDigitalCertificates.
• Comodo/USERTrustisthesecond-largestcertificationauthorityfor ensuringidentitytrustandassuranceontheweb.
• Comodo/USERTrust’scomprehensivearrayoftechnologiesenablesorganizations ofallsizestosecuree-businesstransactionscost-effectively.
• Morethan200,000customersinmorethan100countries,securing500,000+ businessesandindividuals,relyonComodo/USERTrustproductsandservices.
• Comodo/USERTrustoperatesoneoftheworld’slargest,fastestgrowing certificationauthorityinfrastructureswiththehigheststandardsas evidencedbyKPMGannualaudits.
20 / 25WHITEPAPER: SECURITY + INFRASTRUCTURE / ©2015 Central Desktop
Data backups and restoration
AllCentralDesktophasimplementedrigorousbackupprocedurestoensurethatyourdataissafelyandaccuratelybackedup.
• CentralDesktopmaintainsamirroredandredundantcopyoftheentireStorageAreaNetwork(SAN).Thisactsasa“warmbackup”ensuringquickaccessandretrievalofdatainanemergency.
• CentralDesktopmaintainsafullbackupsnapshotofdatastoredontheSAN.CentralDesktopexecutesadailybackupandstoresdataforupto90days.
• BackupproceduresincludeentireSAN,databases,andallconfigurationsandcodefilesforallservers.
• Allbackupsareencryptedintransitandatrestusingthesamelevelofencryptionandprotectionsaslivedata.
• Allbackupsarerotatedintooffsiterotationdaily.
• CentralDesktopisabletorestoreandretrievedatastoredforuptothreemonths.(Applicablefeeswillapply.)Toinitiatearestorerequest,pleasecontact Central Desktop Support at [email protected].
• Atanytime,workspaceadministratorscanaccessanddownloadtheentirecontents oftheworkspacetogiveyouadditionalpeaceofmindsothatyoucanstorea back-upofyourdata.
21 / 25WHITEPAPER: SECURITY + INFRASTRUCTURE / ©2015 Central Desktop
Complete system redundancySystemredundancyisthekeytoensuringconsistentandreliableuptimeandtoeliminatingsinglepointsoffailure.CentralDesktop’sinfrastructurefollowsanN+1 model to provide full redundancy of all key system components and services includinghardware,internetconnectivity,andpowersystems.
• Redundancyisavailableonallkeynetworkingequipmentincludingrouters,switches,firewallsandload-balancingservers.
• Multipleload-balancedwebserversandapplicationserversareconfiguredtoensureredundancy.Ifawebserverfails,therearemultiplewebserversavailabletocarrythewebsitetrafficandloadswithoutinterruption.
• DatabaseandfileserversusehardwareRAID(redundantarrayofindependentdisks)technologytoensureavailabilityduringstandardmaintenance.Thisalsoensuresdataintegrityandredundancyintheeventofanysingleharddrivefailure–withoutinterruptionordatalosstotheuser/customer.
• Routersandwebserversareoptimizedandconfiguredtoaccommodatemaintenance,softwareupgrades,serverrotation,andconfigurationwithoutadisruptionofservice.
22 / 25WHITEPAPER: SECURITY + INFRASTRUCTURE / ©2015 Central Desktop
Comprehensive disaster recovery plan CentralDesktophasplannedforcomprehensivedisasterrecoveryandcontingenciestoprotectyourdataandtoprovidecriticalaccessandbusinesscontinuitytoourapplications.Businesscontinuityensuresthatyouareabletoconductyourbusinessintheeventofnaturaldisasterorthesuspensionofservicesasaresultofpowerorinternetconnectivity.
Comprehensivedisasterrecoveryensurestheabilitytore-establishaworkingdatacenteratoursecondarysiteifadisasterdestroysorrendersinoperabletheprimarydatacentersite.Intheunlikelyevent of a catastrophic disaster and failure at Central Desktop’s primary data center site, Central Desktop hasacomprehensiveDisasterRecoveryPlaninplace.
AcompletetestofthisDisasterRecoveryPlanisconductedannually.
ContingenciesandplansareinplacetoensurethatCentralDesktopanditscustomersareupandrunningwithcompleteCentralDesktopfunctionalityandrestoreddatawithin12hoursofthedisaster.
Thedisasterrecoveryplanincludesguidelines,procedures,andclearrolesofresponsibilityandcommunicationamongstthepartners.Theplanensurestimelyactionandquickresponseinsuchanunlikelyevent.
• Within2hoursofnotificationofthedisasterattheprimarydatacenterlocation, adisasterteamisactivatedandpreparedtobegintherecovery.
• Oursecondaryfacility(locatedinDallas,Texas)ispreparedandbroughtonline.
• Keyserverconfigurationandcustomerdataisupdatedandrestoredfromthe mostrecentbackup.
• CentralDesktopcustomersregainaccesswithin12hoursofthedisaster.
• Thesecondaryhostingfacilityiscapableofperformingallhostingfunctions intheeventofsuchanemergencyordisaster.Thesecondaryhostingfacility iscomparabletoourprimaryfacility.
23 / 25WHITEPAPER: SECURITY + INFRASTRUCTURE / ©2015 Central Desktop
Uptime / high availabilityCentralDesktopprovidesindustry-leadinguptimeandservicewithhighavailabilityanduptime.
• Real-timeupdatingofsystemscanbefoundathttp://status.centraldesktop.com
• ThemeasureduptimeforCentralDesktoptypicallyexceeds99.9%.(Thisisexclusive of scheduled maintenance, which includes hardware and network maintenanceaswellassoftwareupdates.)
• Hardwaremaintenanceistypicallyperformedinwindowsbetween12:00amand3:00amEasternTimeonweekendstoavoidinconveniencingcustomers.
• Softwareupdateprocedurestypicallyrequirethesitetobedownforlessthan60secondsatatime.CentralDesktopschedulessoftwaremaintenanceforweekendmornings(NorthAmericatime)toensureminimalcustomerdisruption.
• CentralDesktopusesreal-timeonsiteandoffsitealertssystemsandsitemonitoringtoensuretheavailabilityandperformanceofdistributedITinfrastructures—e.g.,servers,operatingsystems,networkdevices,networkservices,applications,andapplicationcomponents.ProactivemonitoringenablesCentralDesktopengineerstoattackproblemsimmediatelybeforetheybecomecriticaloremergencies.
24 / 25WHITEPAPER: SECURITY + INFRASTRUCTURE / ©2015 Central Desktop
Summary: Your data is secure and protectedCentralDesktopprovidesindustryleadingsecurityandprotectionofyourdata.Whetheryouareworkingfromyouroffice,yourhome,orontheroad,youcandependonCentralDesktoptobeavailabletoyouatyourcriticalmoments.
Theabilitytoaccessyourdataanytimefromanywhereensuresthatyouremainproductive,protected,andconnectedtotheinformationthatyouneedtorunyourbusiness.
Formoreinformationorquestions,[email protected].
25 / 25WHITEPAPER: SECURITY + INFRASTRUCTURE / ©2015 Central Desktop
866 900 7646centraldesktop.com
Contact us We don’t bite
About Central Desktop Central Desktop helps people work together in ways never beforepossible. TheCentralDesktopcollaborationplatformconnectspeopleandinformationinthecloud,makingitpossibletosharefiles,combineknowledge,inspireideas,manageprojectsandmore.
CentralDesktopserveshalfamillionusersworldwide.KeyCentralDesktopcustomersincludeCareerBuilder,MLB.com,SesameStreet,PGATour,TheHumaneSociety,CBS,Workday,WD-40,PokemonandPinkberry.
Founded in 2005, Central Desktop is a PGi company located inPasadena,California.
Click here to learn more about Central Desktop
(C’mon just click it !)