Chatta subito con l'assistenza
Chat con il supporto

On Demand Global Settings Current - Security Guide

Data Handled by the Notification Service

On Demand Notification Service manages customer email addresses. Every email sent by the Notification Service is scanned for viruses and malware.

All request data sent to On Demand Notification Service is persisted by default. This includes the notification recipients as well as any data placed inside the notification template. For more information about what customer data could be included in a notification, please refer to the security information for the relevant module.

Data Handled by Common Storage Services

Customer search configurations for both shared and private searches. This includes any user entered data that are used to parameterize the search.

Customer alerting configurations for both shared and private alert rules. This includes the email address of the receipts of alert emails.

 

Location of Customer Data

When a customer signs up for On Demand, they select the region in which to run their On Demand organization. All computation is performed in, and all data is stored in the selected region. The currently supported regions can be found https://regions.quest-on-demand.com/.

On Demand customer data is stored in the selected On Demand region, entirely within Azure Services provided by Microsoft. For more information, see Achieving Compliant Data Residency and Security with Azure.

For US Organizations:

For Europe Organizations:

For UK Organizations:

For Canada Organizations:

For Australia Organizations:

Windows Azure Storage, including the Blobs, Tables and Queues storage structures, by default get replicated three times in the same datacenter for resiliency against hardware failure. The data is replicated across different fault domains to increase availability. All replication datacenters reside within the geographic boundaries of the selected region.

See this Microsoft reference for more details: https://docs.microsoft.com/en-us/azure/storage/storage-redundancy.

All computation is performed in, and all data is stored in the selected region. The only exception is transportation and delivery of email notifications for the Canada region is done through the US due to AWS Simple Email Service region availability. Amazon S3 and DynamoDB data is stored redundantly for resiliency against hardware failure. All replication data centers reside within the geographic boundaries of the selected region.

See these AWS references for more details:

Subscription services are provided to On Demand through a combination of internal software and our partners Cybersource, Tradesphere, and Salesforce, all of which are in the US.

Privacy and Protection of Customer Data

Customer data is differentiated using a unique organization identifier. This organization identifier is generated securely during customer sign-up. This organization identifier is passed to the user interface via a tamper proof (signed) token (JSON Web Token). This is passed with all requests made and is used to provide the organization context for all back-end services. The signed token (JSON Web Token) has a ‘Time to Live’ of 10 minutes and must be refreshed and re-authorized at this time. Failure to do so results in access being lost to On Demand Core.

On Demand Core relies on MSAL (Microsoft Authentication Library) cache to silently refresh access tokens. This cache is encrypted at rest and accessible only by service account.

Quest Software employees and Microsoft employees do not have access to and cannot see the keys used for encryption and decryption. The process of encryption and decryption is transparent to On Demand and takes place between the Azure Key Vault Service and Azure Storage Tables. The keys are stored in a Hardware Service Module within the Azure Key Vault which is FIPS-2 level validated by Microsoft Azure. These keys are rotated hourly. For more information, see: https://azure.microsoft.com/en-us/services/key-vault/.

Customer data passed within a notification to the Notification Service is stored but cannot be retrieved.

Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione