Authentication and authorization

Authentication of a client is over secure tunnel. Access is centrally managed over LDAP or Kerberos. The LDAP is configured over SSL. The access control can be also POSIX based. SSH and SSL is used for authentication and connection encryption. Kerberos can use a variety of cipher algorithms to protect data. A Kerberos encryption type (also known as an enctype) is a specific combination of a cipher algorithm with an integrity algorithm to provide both confidentiality and integrity to data.

Data security

Public Key Infrastructure (PKI) is the set of hardware, software, people, policies, and procedures that are needed to create, manage, distribute, use, store, and revoke digital certificates. User authentication, client server session and in rest or in motion data is encrypted using asymmetric 1024 or 2024 bits keys like RSA if needed however it would slow the decryption or 256 bits symmetric keys to avoid brute force attack. Data access, transport and CRUD operation is centrally managed and governed. ATLAS is used to implement data governance and audit control. RANGER is used to define policies to access file system and databases to users. User impersonation, ACL audit control is managed by RANGER. PHI, PII is protected and required safeguards are in place to govern the data security and privacy.

Security in motion

Security in motion is applied using SSL. Web Service calls, or REST based integration is centrally managed by KNOX. KNOX acts a gateway to access several application APIs. The access to gateway is managed and controlled using Kerberos and LDAP over secure later.

Security at rest

Data security is applied using key management service also called KMS. File system or entire mount can be encrypted. Any data written or read is encrypted and decrypted by the KMS service. User access and access to the key and metadata is managed by way of defining policies for the users and KMS zone in KMS RANGER. Zones or file system can be shared and mounted on client machine using NFS or Samba. Data can then be shared across clients over public and private network meeting all security and privacy rules.

Infrastructure and Network security

Infrastructure security is provided by the IaaS and PaaS. However firewall, virtual IPs, Proxy servers are set up. All required services are installed to ensure availability of preventive, deterrent, detective and corrective controls. IaaS providers would ensure identity management, infrastructure privacy and physical security. Text Box: HereOur Infrastructure as a service is FedRAMP, FISMA, FFIEC, SOC, ISO 27001, ISO 27017, ISO 27018, HITRUST and other industry complaint. Please refer the compliance sheet Click here

Governance and monitoring

We define the data governance rules and metadata management in ATLAS. ATLAS can be used by business for defining business glossaries and business metadata. Application access, data access is audited and monitored over Ranger, Nagios. Any breach and incident can be logged into the incident management application.

Incident reporting and service desk

24X7 support is provided to ensure business continuity. Customer portal can be used to raise tickets for service desk. Any incident is logged into the system and customer is informed. Resolution is provided within defined SLA.

Human resource and trainings

Observe strict confidentiality as per the compliance requirement. Employees sign agreement on compliances like HIPAA and others. Regular trainings are organized. No customer data is used for any promotion or marketing purpose and neither any customer data is accessed without prior permission of the customer.