Operational Security
Source control and build systems can only be accessed by Quest employees on Quest’s corporate network (domain security). If a developer (or any other employee with access to Security Guardian) leaves the company, the individual immediately loses access to the systems.
All code is versioned in source control
Access to Data
Access to Security Guardian data is restricted to:
-
Quest Operations team members
-
Specific Quest Support team members working closely with Security Guardian product issues
-
The Security Guardian development team, providing support for the product
Access to Security Guardian data is restricted through the dedicated Quest Entra ID security groups. For different types of data (e.g., product logs, customer data, and sensitive data), different access levels, and lists of allowed people are assigned.
Permissions Required to Configure and Operate Security Guardian
Quest Operations team members have access to Quest’s production Azure Subscription and monitor this as part of normal day to day operations. Security Guardian developers have no access to Quest’s production Azure Subscription.
To access Security Guardian, a customer representative opens the On Demand website and signs up for an On Demand account. The account is verified via email; thus, a valid email address must be provided during registration.
An organization is automatically created once the new account is created.
Operational Monitoring
Security Guardian internal logging is available to Quest Operations and Security Guardian development teams during the normal operation of the platform. Some customer or Personally Identifiable Information (PII) data can become a part of internal logging for troubleshooting purposes.