Having problems with your account or logging in?
A lot of changes are happening in the community right now. Some may affect you. READ MORE HERE

Under the covers: The Digital Safe Security Framework

Micro Focus Frequent Contributor
Micro Focus Frequent Contributor
0 0 1,009

Recently I was discussing the 10 questions to ask yourself when selecting a compliant archiving system.  In response to that post, a few people have asked about our security framework.  In this post, we’ll take a closer look.

We have always taken data security very seriously.  Over the years a security framework has evolved to deliver that security.  Though constantly evolving, there are eight key components of it today.

The first component is SOC II & III compliant datacentres.  SOC Trust Services Principles are met.

Compliant storage not only ensures compliance with regulations but also ensures records are not alterable, in any way, for a predefined period of time known as the retention period.

Artboard 1.pngDigital Safe Security FrameworkPenetration testing is a form of security testing where there is a planned and authorised attempt to simulate an attack on the system.  This identifies weaknesses and opportunities to gain access to the system or its data.  Of course, it also validates the system's strengths.

Threat detection is provided using analytics and machine learning.  Security logs are evaluated to identify threats in real time and, when necessary, elevated to one of our cyber defence centres to respond as appropriate.

Hand in hand with real-time threat detection is real time intrusion detection.  Intrusion detection prevents security breaches by real-time inspection of inbound/outbound messaging to detect and respond to any threats.

All intransit dataflows between the customer and the the secure data centre and on the storage device itself makes any intercepted data unintelligible, it is effectively deleted.  Of course, that encryption needs to be effective, which is why we selected 256 bit AES[2] encryption.

Security application testing requires that all code is subjected to automated testing for security vulnerabilities.  When vulnerabilities are detected, they are subjected to an evaluation and prioritisation process which then feeds the process of vulnerability remediation.

Security environment testing requires the environment be constantly subjected to security testing.  When a vulnerability is identified, it is subject to a similar process of evaluation and remediation as described above.

With these elements Micro Focus’s Digital Safe protects our customer’s information.  Stay tuned for more in the coming months on the development of the framework.

Remember, I am always looking for feedback and ideas; if you have any questions or areas you would like me to explore, please feel free to reach out to me.

 

[1] AICPA, “SOC 2® Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy,” 2018, https://www.aicpastore.com/AST/Main/CPA2BIZ_Primary/AuditAttest/IndustryspecificGuidance/PRDOVR~PC-0128210/PC-0128210.jsp.

[2] “Announcing the ADVANCED ENCRYPTION STANDARD (AES),” 2001, https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.197.pdf.

 

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.