noHold application is hosted in a Rackspace data center, which is a physically secure facility with the following security measures:
1. Security Officer posted in a Security Room
2. No Physical access to servers, even for Customers
3. 24/7 monitoring via closed circuit surveillance cameras
4. All entrances secured by Electronic Key Access and logs
5. Only Rackspace employees are authorized to physical access to this facility.
In addition to the above, the facility has dual data feeds into the building, redundant power generators, and dry pipe fire suppression system.
noHold infrastructure is protected by dual Cisco firewall devices. To assure continuous traffic flow, the two Cisco firewalls are configured in a redundant cluster. A high availability connection between devices assures continuous traffic flow should one device fail the other takes over the traffic processing.
Access to customer’s content management and reporting tools is allowed through secure (HTTPS) sessions ensuring that customer site authentication and encryption is verified using SSL Server IDs.
Only designated noHold administrators are granted remote access to noHold’s infrastructure using Secure VPN.
Password Policy for noHold application infrastructure is as follows:
1. Passwords are stored encrypted and are at least eight alphanumeric characters long.
2. Must contain both upper and lower case characters.
3. Have digits and/or punctuation characters as well as letters.
All public web servers, administration, and reporting servers are behind the firewalls. Only HTTP and VPN traffic is allowed to the web servers. Only HTTPS and VPN traffic is allowed to the content management and reporting servers. Access to content management tools requires user authentication through a secure web form.
Vulnerability assessments are made using QualysGuard, an on-demand security audit and vulnerability management service. Weekly security audits provide extensive reports on vulnerabilities and recommends solutions before they can be exploited. Vulnerabilities are evaluated, tested and applied on a bi-weekly basis.
noHold networks and applications are monitored using two software-based monitoring solutions: an external system monitoring the Knowledge Portals websites and internal Rackspace monitoring systems which monitors Knowledge Portals, InstantSupport Services, Windows Services, and resource utilization. Technicians are available 24x7 to attend to and correct any reported malfunction within minutes.
Encryption through the HTTPS protocol is provided using SSL Server IDs. Default security certificates support 128-bit SSL encryption. Additional custom certificates can be uploaded to the infrastructure for custom internet domains.
noHold infrastructure is protected from viruses using Norton Antivirus. Anti-virus updates are automated to check for updates as they become available and monthly scans are run to ensure a virus free environment.
Hardware RAID is used on all storage systems for reliability and redundancy. Backups are maintained daily and offsite storage is done monthly.
noHold Inc., Information Technology understands the continued operation of an organization depend of our awareness of potential disasters, ability to develop a plan to minimize disruptions of critical systems and the capability to recover operations expediently and successfully. The primary objective of Information Technology (IT) contingency & Disaster Recovery planning is to protect the organization in the event that all or parts of its operation are rendered unusable. The planning process should minimize the disruption of operations and ensure some level of organizational stability and an orderly recovery after a disaster. With the right combination of preparing, planning, implementing, and maintaining the IT contingency & disaster recovery plan, we should:
• Provide the highest available systems to our customers
• Minimize potential economic loss
• Decrease potential exposures
• Reduce disruptions to operations
• Ensuring organizational stability
• Provide an orderly recovery
• Protect the assets of the organization
• Meet the service level agreement (SLA) to our customers