Nova Current - Reporting Security Guide

Chatee ahora con Soporte

Obtener ayuda en vivo
Completar registro

Iniciar sesión

Solicitar precios

Comuníquese con Ventas

Introduction About Quest Nova Reporting Architecture overview AWS and Azure datacenter security Overview of data handled by Nova Reporting Admin Consent and Service Principals Location of customer data Privacy and protection of customer data Separation of customer data Network communications Authentication of users Role based access control FIPS 140-2 compliance SDLC and SDL Operational security

Access to data Operational monitoring Production Incident Response Management

Customer measures Technical support resources

FIPS 140-2 compliance

Quest Nova Reporting cryptographic usage is based on Azure FIPS 140-2 compliant cryptographic functions. For more information, see: https://docs.microsoft.com/en-us/azure/storage/blobs/security-recommendations.

SDLC and SDL

The Quest Nova team follows a strict Quality Assurance cycle.

·Access to source control and build systems is protected by domain security, meaning that only employees on Quests corporate network have access to these systems. Therefore, should an On Demand developer leave the company, this individual will no longer be able to access Quest Nova systems.

·All code is versioned in source control.

·All product code is reviewed by another developer before check in.

In addition, the Quest Nova Development team follows a managed Security Development Lifecycle (SDL) which includes:

·MS-SDL best practices

·Threat modelling.

·OWASP guidelines.

·Regularly scheduled static code analysis is performed on regular basis.

·Regularly scheduled vulnerability scanning is performed on regular basis.

·Segregated Development, Pre-Production, and Production environments. Customer data is not used in Development and Pre-Production environments.

Quest Nova developers go through the same set of hiring processes and background checks as other Quest employees.

Operational security

Source control and build systems can only be accessed by Quest employees on Quests corporate network (domain security.) If a developer (or any other employee with access to Quest Nova Reporting) leaves the company, the individual immediately loses access to the systems.

All code is versioned in source control.

Access to data

Access to Quest Nova Reporting data is restricted to:

·Quest Operations team members

·Particular Quest Support team members working closely with Quest Nova Reporting product issues.

·The Quest Nova Reporting development team to provide support for the product

Access to Quest Nova Reporting data is restricted through the dedicated Quest Azure AD security groups. For different types of data (e.g., product logs, customer data, and sensitive data) different access levels and lists of allowed people are assigned.

Documentos relacionados

The document was helpful.

Seleccionar calificación

I easily found the information I needed.

Seleccionar calificación

Seleccione su producto:

Con el fin de ofrecerle un mejor servicio, complete el campo Motivo del chat:

Soluciones recomendadas para su problema

Nova Current - Reporting Security Guide

FIPS 140-2 compliance

SDLC and SDL

Operational security

Access to data