Chat now with support

Get Live Help
Complete Registration

Sign In

Request Pricing

Contact Sales

On Demand Global Settings Current - Security Guide

Table of Contents

About On Demand Shared Services

About On Demand Core About the On-Premises Agent About the Notification Service About the Data Egress Service

Architecture Overview Azure Datacenter Security AWS Datacenter Security Overview of Data Handled by On Demand Core

Data Handled by Core Data Handled by the Notification Service Data Handled by Common Storage Services

Admin Consent and Service Principals Location of Customer Data Privacy and Protection of Customer Data Separation of Customer Data Network Communications Authentication of Users Role Based Access Control FIPS 140-2 Compliance Auditing SDLC and SDL Third party Assessments and Certifications

Penetration testing Certification

Operational Security

Access to Data Permissions Required to Configure and Operate On Demand Operational Monitoring Production Incident Response Management Security Incident Response Management

Customer Measures

Auditing

On Demand Core provides an activity trail log for the following actions:

•

Adding and removing an Office 365 tenant

•

Granting of Admin Consent for the tenant

•

Adding and removing hybrid agents, domains and relevant capabilities

•

Authorizing and de-authorizing users as an On Demand administrator

•

Notification settings modification

•

Privileged actions on system objects for On Demand modules

Audit data is stored in Azure SQL database and is available via JWT authenticated access to On Demand administrators only.

The Quest Identity Broker provides an audit trail log for all interactions, including login, logout, and account creation. Access is limited to the QIB administrators only.

SDLC and SDL

The On Demand team follows a strict Quality Assurance cycle.

•

Access to source control and build systems is protected by domain security, meaning that only employees on the Quest corporate network have access to these systems. Therefore, should an On Demand developer leave the company, this individual can no longer access On Demand systems.

•

All code is versioned in source control.

•

All product code is reviewed by another developer before check in.

In addition, the On Demand Development team follows a managed Security Development Lifecycle (SDL) which includes:

•

MS-SDL best practices

•

Threat modeling.

•

OWASP guidelines.

•

Regularly scheduled static code analysis is performed on regular basis.

•

Regularly scheduled vulnerability scanning is performed on regular basis.

•

Segregated Development, Pre-Production, and Production environments. Customer data is not used in Development and Pre-Production environments.

On Demand developers go through the same set of hiring processes and background checks as other Quest employees.

Third party Assessments and Certifications

Penetration testing

On Demand has undergone a third party security assessment and penetration testing yearly since 2017. The assessment includes but is not limited to:

•

Manual penetration testing

•

Static code analysis with Third Party tools to identify security flaws

A summary of the results is available upon request.

Penetration testing

Third party Assessments and Certifications

On Demand has undergone a third party security assessment and penetration testing yearly since 2017. The assessment includes but is not limited to:

•

Manual penetration testing

•

Static code analysis with Third Party tools to identify security flaws

A summary of the results is available upon request.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating

© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center