SlideShare ist ein Scribd-Unternehmen logo

Enterprise level security, the Huddle way

HuddleHQ
HuddleHQ

Huddle provides secure enterprise file sharing and collaboration. It uses multiple layers of security including physical security of data centers, network security through firewalls, and application security with encryption and access controls. Huddle ensures high availability through data redundancy across multiple secure data centers and an uptime SLA of 99.9%. It also offers privacy controls and the ability to export user data.

BusinessTechnologie
1 von 7
Downloaden Sie, um offline zu lesen
Enterprise level security, the Huddle way.
Security whitepaper TABLE OF CONTENTS 1 Huddle’s promise 1 Hosting environment 1 Network infrastructure 2 Multiple levels of security 2 Physical security 2 System & network security 2 Application security 3 SLA & resilience 3 Backup & data recovery 3 Privacy 3 Considerations on the software lifecycle 4 FAQ 4 Security 4 Privacy 5 About Huddle
HUDDLE’S PROMISE Huddle is committed to keeping your data safe and secure. Some of the biggest busi- nesses in the world, and numerous government organizations, trust Huddle with their data. This document will give you an overview of Huddle’s secure infrastructure and policies. You will also find some FAQs at the end of the document. Should you have any further questions regarding our security policies and measures, please don’t hesitate to get in touch with us. HOSTING ENVIRONMENT Huddle’s production systems are hosted by Rackspace in some of the most highly speci- fied data centers available today. They are built to exacting, rigorous standards and de- liver unparalleled security, power, connectivity and environmental control. Rackspace provides the world-class infrastructure necessary to keep Huddle’s servers up and run- ning uninterrupted around the clock. Rackspace has several highly secure data centers in London, UK, all of which are engineered with fully redundant connectivity, power and HVAC to avoid any single point of failure. Each data centre is staffed 24/7 by highly trained technical support staff. Huddle has selected to host it’s data in the UK to ensure that it is protected by EU data laws. NETWORK INFRASTRUCTURE The following diagram illustrates Huddle’s primary and disaster recovery infrastructure. Firewalls (with redundant backups) Load Balancers (with redundant backups) Real time replication Web Servers IIS7, ASP.NET Service Servers SMTP, MSMQ etc Database and Filestore Cluster SQL Server 2008 Windows Server 2008 Storage SAN and DAS 15 minute failover 1
MULTIPLE LEVELS OF SECURITY Huddle has implemented security on multiple levels to offer the maximum level of protec- tion to its customers’ data. The following paragraphs describe each level in more detail. PHYSICAL SECURITY Public access to Rackspace data centers is strictly forbidden. The organization only hosts equipment that it owns and manages, obviating the need for anyone but its highly trained Rackspace Engineers to be allowed into the data center. In addition, Rackspace employs a series of physical security measures, including: • Live video surveillance of each data centre facility, monitored 24 hours per day • Onsite security personnel monitor each site 24 hours per day • Biometric hand scanners restrict access to each data center • A pass card system restricts movement from room to room within each data center Rackspace data centers are unmarked to help maintain a low profile and these physical security measures are audited by an independent company. SYSTEM & NETWORK SECURITY Our servers run a hardened OS, with security patches applied by Rackspace to provide ongoing protection from exploits. Network level security is provided by dedicated Cisco firewalls, together with DDoS mitigation provided by Rackspace’s proprietary RackSpace PrevenTier system. Rackspace’s operational policies and procedures are regularly reviewed as part of its SAS 70 Type II audit, and its data center is ISO 27001 certified. All system access is fully logged and tracked for auditing purposes and all staff with access undergo a thorough background check. Servers are hosted behind sophisticated firewalls, with a protected perimeter. We carry out penetration testing on an ongoing basis and have had formal penetration testing commissioned on a number of occasions by third parties. APPLICATION SECURITY All access to Huddle is protected by Secure Socket Layer (SSL) providing both server au- thentication and 256-bit AES data encryption. This ensures that your data is safe, secure and available only to registered users in your organization, with relevant permissions. Huddle provides each user with a unique username and password that must be entered each time a user logs on. Huddle issues a session cookie only to record encrypted au- thentication information for the duration of a specific session. The session cookie does not include the username, password, or any user data. Huddle’s password control in- cludes a strength indicator and protection against brute-force attempts to discover pass- words. Huddle’s application security ensures that only those invited in to a workspace can ac- cess its contents. Access controls are baked in to the Huddle data model and user per- missions are verified on every request by the core Huddle application framework. These access controls apply not only at the workspace level, but can also be applied to specific file folders to restrict access to certain workspace members. Access can be provided as either “read only”, “edit” or “no access”. Huddle is able to offer IP address locking, meaning you can lock access to Huddle as a whole, or certain workspaces only, to individual IP addresses (i.e. specific computers or office locations). The Huddle application has been rigorously tested against common website vulnerabili- ties such as cross-site scripting (XSS), cross-site request forgery (XSRF) and SQL injec- tion. 2
SLA & RESILIENCE At Huddle, we recognize that uptime is of the upmost importance for a business-critical ABOUT RACKSPACE web application. We employ two separate external monitoring systems to track and re- cord availability and response time from various locations around the globe. We have a 24x7 team available to respond in the unlikely event of a serious application issue. Huddle’s Service Level Agreement (SLA) guarantees uptime of 99.9 per cent over any three month period. Our record shows we are always performing well above this SLA. Huddle has chosen Rackspace as a hosting provider to For example, in the first six months of 2011, Huddle’s application was available 99.99 per offer its customers the best in class Cloud Infrastruc- cent of the time. Our performance against our SLA is publicly available in real-time from ture. Rackspace is a global web host known for its high a third-party who monitor our service (Aware Monitoring). end managed hosting and dedicated services. The company delivers enterprise-level managed services Huddle’s excellent uptime is achieved by planning in redundancy in every part of the sys- to businesses of all sizes and kinds around the world, tem, coupled with careful quality assurance and change management. This redundancy serving more than 14,000 customers in eight data cent- applies to everything from power and network connections in to Rackspace data centres, ers worldwide. Rackspace is positioned as a leader in firewalls, load balancers, switches, web servers, database servers. Gartner’s Magic Quadrant for Cloud Infrastructure as a Service and Web Hosting. http://www.rackspace.com BACKUP & DISASTER RECOVERY To minimize service interruption due to hardware failure, natural disaster, or other ca- tastrophes, Huddle implements a disaster recovery program. All of Huddle’s servers are ABOUT AWARE MONITORING backed up nightly and backups are retained for two weeks. In addition, all data (database and file system) is mirrored almost immediately to standby servers in a second UK data centre. In the event of the most serious of catastrophes, resulting in the complete loss of our primary data centre, workspaces belonging to paying accounts will be available within Huddle has chosen Aware Monitoring to prove our a matter of minutes via our Disaster Recovery site. Data is replicated to this site in near uptime, reliability and stability with independent real-time, so business can proceed as usual. certification. http://uptime.awaremonitoring.com/uptime/huddle/ PRIVACY Huddle maintains a strong privacy policy to protect customer data. Huddle does not own customer data or share it with third parties. Huddle also allows customers to take their data with them, should they decide to stop using Huddle’s services. The full privacy policy is available upon request. CONSIDERATIONS ON THE SOFTWARE LIFECYCLE Huddle employs an Agile development methodology, using Scrum alongside selected Extreme Programming (XP) practices. This iterative approach to development ensures that Huddle can release incremental product enhancements on a very frequent basis, and modify the product plan quickly and easily in response to changing priorities. Each development iteration lasts two weeks . This includes all the planning, design, de- velopment and exhaustive quality assurance activities to ensure that the output is pro- duction ready, following a short but rigorous regression testing process the majority of which is automated. Once the Quality Assurance team have approved the product increment for deployment to the live environment, the Systems Engineering team performs the release. Releases typically take place every four weeks and the dates are published in advance. Standard releases do not involve any application downtime. 3
FAQ SECURITY Where is my organization’s data stored? All customer data is stored in Rackspace data centers, in the UK. More information on these data centers is available upon request . How do you protect your infrastructure against hackers and other threats? Servers are hosted behind sophisticated firewalls, with a protected perimeter. We carry out penetration testing on a regular basis and have had formal penetration test- ing commissioned on a number of occasions by third parties. Our customers are welcome to carry out their own penetration testing by prior arrangement with Huddle. How do you protect from machine downtime? Huddle has a complete disaster recovery plan which makes use of failover to our second data center. This is kept up to date in real time. The worst case scenario for physical disaster at our primary data center has a 15 minute failover time to the sec- ond data center. This redundancy is built into each application layer of the Huddle platform. Huddle as a business runs entirely on cloud based services and our business continu- ity plan reflects this. Our service is designed to continue running even in the event of a major incident at our business premises. All Huddle staff are provisioned with the tools required to work remotely in the event of a major disaster. Does Huddle offer SSL connectivity? All data on Huddle is fully encrypted with 256-bit SSL encryption. PRIVACY Who owns the data that my organization stores on Huddle’s servers? All the data on Huddle’s server belongs to the customer and it can extracted upon request, should this be necessary Does Huddle give third party access to my data? Huddle does not give third parties access to its customers’ data and it enforces a strict privacy policy. Does Huddle have a Safe Harbor certification? “Safe Harbor” is a framework developed by the US Department of Commerce in con- sultation with the European Commission to bridge the differences between the EU and US privacy policy. It allows US companies to comply with the EU’s more rigorous data protection law. Since Huddle is a UK company, and all customer data resides in the UK, it is protect- ed by the EU Data Protection Direction, which is regarded as one of the most rigorous Privacy legislations in the world and does not need Safe Harbor certification. Contact us to have more information on Huddle’s privacy policy. Is my data subject to the Patriot act? The Patriot Act, passed in 2001 by the US, that any US company or wholly-owned subsidiary of a US company must hand over data that they are hosting on behalf of their customers if they are requested to do so by the US authorities. What this means in reality is that, if you are buying a cloud-based service from a US company, your data can be made available to US authorities upon request without your permission. Huddle is a UK company and we use UK-based hosting providers so we can guaran- tee that any data we host on behalf of our customers is not subject to the Patriot Act. 4
Can I extract my data should we wish to archive ? Huddle can provide a data export tool which allows all information stored within Hud- dle to be exported to a local system of your choosing (e.g. network drive/personal hard drive etc.) This includes: • All documents extracted to a standard file and folder format • All web based information (e.g. discussions/whiteboards) in offline HTML format • Tasks - by workspace export It is also possible to run this on a scheduled basis, so that the risk of loss of informa- tion is doubly mitigated (bearing in mind that Huddle already runs industry leading datacentre mirroring and disaster recovery on your behalf). ABOUT HUDDLE Established in November 2006 and based in London and San Francisco, Huddle is the leader in Enterprise Collaboration and Content Management in the cloud. With Huddle, you can manage projects, share files and collaborate with people inside and outside of your organization, securely. It is available online, on mobile devices, on the desktop, via Microsoft Office applications, major business social networks and in multiple languages. Simply: if SharePoint was built today, they would have built Huddle. 5

Empfohlen

Understanding_the_Cloud
Understanding_the_CloudUnderstanding_the_Cloud
Understanding_the_Cloud
Melissa Kattke
 
Gssa datacenter solutions
Gssa datacenter solutionsGssa datacenter solutions
Gssa datacenter solutions
Gss America
 
FedRAMP Compliant FlexPod architecture from NetApp, Cisco, HyTrust and Coalfire
FedRAMP Compliant FlexPod architecture from NetApp, Cisco, HyTrust and CoalfireFedRAMP Compliant FlexPod architecture from NetApp, Cisco, HyTrust and Coalfire
FedRAMP Compliant FlexPod architecture from NetApp, Cisco, HyTrust and Coalfire
Eric Chiu
 
V mware sddc-micro-segmentation-white-paper
V mware sddc-micro-segmentation-white-paperV mware sddc-micro-segmentation-white-paper
V mware sddc-micro-segmentation-white-paper
EMC
 
Data Protection overview presentation
Data Protection overview presentationData Protection overview presentation
Data Protection overview presentation
Andrey Karpov
 
inSync Cloud FAQ
inSync Cloud FAQinSync Cloud FAQ
inSync Cloud FAQ
Druva
 
Healthcare on vSan_VMworld 2019
Healthcare on vSan_VMworld 2019Healthcare on vSan_VMworld 2019
Healthcare on vSan_VMworld 2019
Todd Winey
 
Datacenterarchitecture
DatacenterarchitectureDatacenterarchitecture
Datacenterarchitecture
rlynes
 

Empfohlen

Understanding_the_Cloud
Understanding_the_CloudUnderstanding_the_Cloud
Understanding_the_Cloud
Melissa Kattke
 
Gssa datacenter solutions
Gssa datacenter solutionsGssa datacenter solutions
Gssa datacenter solutions
Gss America
 
FedRAMP Compliant FlexPod architecture from NetApp, Cisco, HyTrust and Coalfire
FedRAMP Compliant FlexPod architecture from NetApp, Cisco, HyTrust and CoalfireFedRAMP Compliant FlexPod architecture from NetApp, Cisco, HyTrust and Coalfire
FedRAMP Compliant FlexPod architecture from NetApp, Cisco, HyTrust and Coalfire
Eric Chiu
 
V mware sddc-micro-segmentation-white-paper
V mware sddc-micro-segmentation-white-paperV mware sddc-micro-segmentation-white-paper
V mware sddc-micro-segmentation-white-paper
EMC
 
Data Protection overview presentation
Data Protection overview presentationData Protection overview presentation
Data Protection overview presentation
Andrey Karpov
 
inSync Cloud FAQ
inSync Cloud FAQinSync Cloud FAQ
inSync Cloud FAQ
Druva
 
Healthcare on vSan_VMworld 2019
Healthcare on vSan_VMworld 2019Healthcare on vSan_VMworld 2019
Healthcare on vSan_VMworld 2019
Todd Winey
 
Datacenterarchitecture
DatacenterarchitectureDatacenterarchitecture
Datacenterarchitecture
rlynes
 
inSync FAQ
inSync FAQinSync FAQ
inSync FAQ
Druva
 
Best Practices Using RTI Connext DDS
Best Practices Using RTI Connext DDSBest Practices Using RTI Connext DDS
Best Practices Using RTI Connext DDS
Real-Time Innovations (RTI)
 
The Data Distribution Service
The Data Distribution ServiceThe Data Distribution Service
The Data Distribution Service
Angelo Corsaro
 
Solution Brief - Cloud Backup Services
Solution Brief - Cloud Backup ServicesSolution Brief - Cloud Backup Services
Solution Brief - Cloud Backup Services
Caitlin Brittingham
 
Introduction to OMG DDS (1 hour, 45 slides)
Introduction to OMG DDS (1 hour, 45 slides)Introduction to OMG DDS (1 hour, 45 slides)
Introduction to OMG DDS (1 hour, 45 slides)
Gerardo Pardo-Castellote
 
DDoS Defense for the Hosting Provider - Protection for you and your customers
DDoS Defense for the Hosting Provider - Protection for you and your customersDDoS Defense for the Hosting Provider - Protection for you and your customers
DDoS Defense for the Hosting Provider - Protection for you and your customers
Stephanie Weagle
 
Hpe Data Protector installation guide
Hpe Data Protector installation guideHpe Data Protector installation guide
Hpe Data Protector installation guide
Andrey Karpov
 
Introduction to DDS
Introduction to DDSIntroduction to DDS
Introduction to DDS
Rick Warren
 
Enabling Integrity for the Compressed Files in Cloud Server
Enabling Integrity for the Compressed Files in Cloud ServerEnabling Integrity for the Compressed Files in Cloud Server
Enabling Integrity for the Compressed Files in Cloud Server
IOSR Journals
 
Tools of noc
Tools of nocTools of noc
Tools of noc
munawarul
 
Managed Hosting Services
Managed Hosting ServicesManaged Hosting Services
Managed Hosting Services
webhostingguy
 
Must Read HP Data Protector Interview Questions
Must Read HP Data Protector Interview QuestionsMust Read HP Data Protector Interview Questions
Must Read HP Data Protector Interview Questions
Laxman J
 
Intrusion Monitoring Standard Content Guide for ESM 6.8c
Intrusion Monitoring Standard Content Guide for ESM 6.8cIntrusion Monitoring Standard Content Guide for ESM 6.8c
Intrusion Monitoring Standard Content Guide for ESM 6.8c
Protect724migration
 
Data Centers In US
Data Centers In USData Centers In US
Data Centers In US
msirmajritchie
 
Distrix_Software_Defined_Infrastructure_White_Paper
Distrix_Software_Defined_Infrastructure_White_PaperDistrix_Software_Defined_Infrastructure_White_Paper
Distrix_Software_Defined_Infrastructure_White_Paper
Thomas Mehlhorn
 
Syed_Network_resume
Syed_Network_resumeSyed_Network_resume
Syed_Network_resume
Farzaan Rahat
 
Why is Core DX the Best DDS?
Why is Core DX the Best DDS?Why is Core DX the Best DDS?
Why is Core DX the Best DDS?
Twin Oaks Computing, Inc.
 
Bhadale group of companies cpsos services catalogue
Bhadale group of companies cpsos services catalogueBhadale group of companies cpsos services catalogue
Bhadale group of companies cpsos services catalogue
Vijayananda Mohire
 
KVH Data Center Solutions
KVH Data Center SolutionsKVH Data Center Solutions
KVH Data Center Solutions
KVH Co. Ltd.
 
4AA4-1812ENW
4AA4-1812ENW4AA4-1812ENW
4AA4-1812ENW
Petar Dimitrov
 
FlexiCloud: Infinitely Scalable
FlexiCloud: Infinitely ScalableFlexiCloud: Infinitely Scalable
FlexiCloud: Infinitely Scalable
Pallavi Vyas
 
paper
paperpaper
paper
Gustavo El Khoury
 

Weitere ähnliche Inhalte

Was ist angesagt?

Best Practices Using RTI Connext DDS
Best Practices Using RTI Connext DDSBest Practices Using RTI Connext DDS
Best Practices Using RTI Connext DDS
Real-Time Innovations (RTI)
 
Solution Brief - Cloud Backup Services
Solution Brief - Cloud Backup ServicesSolution Brief - Cloud Backup Services
Solution Brief - Cloud Backup Services
Caitlin Brittingham
 
Introduction to OMG DDS (1 hour, 45 slides)
Introduction to OMG DDS (1 hour, 45 slides)Introduction to OMG DDS (1 hour, 45 slides)
Introduction to OMG DDS (1 hour, 45 slides)
Gerardo Pardo-Castellote
 
Tools of noc
Tools of nocTools of noc
Tools of noc
munawarul
 
Managed Hosting Services
Managed Hosting ServicesManaged Hosting Services
Managed Hosting Services
webhostingguy
 
Distrix_Software_Defined_Infrastructure_White_Paper
Distrix_Software_Defined_Infrastructure_White_PaperDistrix_Software_Defined_Infrastructure_White_Paper
Distrix_Software_Defined_Infrastructure_White_Paper
Thomas Mehlhorn
 
KVH Data Center Solutions
KVH Data Center SolutionsKVH Data Center Solutions
KVH Data Center Solutions
KVH Co. Ltd.
 

Was ist angesagt? (20)

inSync FAQ
inSync FAQinSync FAQ
inSync FAQ
 
Best Practices Using RTI Connext DDS
Best Practices Using RTI Connext DDSBest Practices Using RTI Connext DDS
Best Practices Using RTI Connext DDS
 
The Data Distribution Service
The Data Distribution ServiceThe Data Distribution Service
The Data Distribution Service
 
Solution Brief - Cloud Backup Services
Solution Brief - Cloud Backup ServicesSolution Brief - Cloud Backup Services
Solution Brief - Cloud Backup Services
 
Introduction to OMG DDS (1 hour, 45 slides)
Introduction to OMG DDS (1 hour, 45 slides)Introduction to OMG DDS (1 hour, 45 slides)
Introduction to OMG DDS (1 hour, 45 slides)
 
DDoS Defense for the Hosting Provider - Protection for you and your customers
DDoS Defense for the Hosting Provider - Protection for you and your customersDDoS Defense for the Hosting Provider - Protection for you and your customers
DDoS Defense for the Hosting Provider - Protection for you and your customers
 
Hpe Data Protector installation guide
Hpe Data Protector installation guideHpe Data Protector installation guide
Hpe Data Protector installation guide
 
Introduction to DDS
Introduction to DDSIntroduction to DDS
Introduction to DDS
 
Enabling Integrity for the Compressed Files in Cloud Server
Enabling Integrity for the Compressed Files in Cloud ServerEnabling Integrity for the Compressed Files in Cloud Server
Enabling Integrity for the Compressed Files in Cloud Server
 
Tools of noc
Tools of nocTools of noc
Tools of noc
 
Managed Hosting Services
Managed Hosting ServicesManaged Hosting Services
Managed Hosting Services
 
Must Read HP Data Protector Interview Questions
Must Read HP Data Protector Interview QuestionsMust Read HP Data Protector Interview Questions
Must Read HP Data Protector Interview Questions
 
Intrusion Monitoring Standard Content Guide for ESM 6.8c
Intrusion Monitoring Standard Content Guide for ESM 6.8cIntrusion Monitoring Standard Content Guide for ESM 6.8c
Intrusion Monitoring Standard Content Guide for ESM 6.8c
 
Data Centers In US
Data Centers In USData Centers In US
Data Centers In US
 
Distrix_Software_Defined_Infrastructure_White_Paper
Distrix_Software_Defined_Infrastructure_White_PaperDistrix_Software_Defined_Infrastructure_White_Paper
Distrix_Software_Defined_Infrastructure_White_Paper
 
Syed_Network_resume
Syed_Network_resumeSyed_Network_resume
Syed_Network_resume
 
Why is Core DX the Best DDS?
Why is Core DX the Best DDS?Why is Core DX the Best DDS?
Why is Core DX the Best DDS?
 
Bhadale group of companies cpsos services catalogue
Bhadale group of companies cpsos services catalogueBhadale group of companies cpsos services catalogue
Bhadale group of companies cpsos services catalogue
 
KVH Data Center Solutions
KVH Data Center SolutionsKVH Data Center Solutions
KVH Data Center Solutions
 
4AA4-1812ENW
4AA4-1812ENW4AA4-1812ENW
4AA4-1812ENW
 

Ähnlich wie Enterprise level security, the Huddle way

Imperative Induced Innovation - Patrick W. Dowd, Ph. D
Imperative Induced Innovation - Patrick W. Dowd, Ph. DImperative Induced Innovation - Patrick W. Dowd, Ph. D
Imperative Induced Innovation - Patrick W. Dowd, Ph. D
scoopnewsgroup
 
10 Things to Look for in a Data Center
10 Things to Look for in a Data Center10 Things to Look for in a Data Center
10 Things to Look for in a Data Center
Jason Basye
 
LoadBalancing_Print_Webair
LoadBalancing_Print_WebairLoadBalancing_Print_Webair
LoadBalancing_Print_Webair
Andrew Paladino
 

Ähnlich wie Enterprise level security, the Huddle way (20)

FlexiCloud: Infinitely Scalable
FlexiCloud: Infinitely ScalableFlexiCloud: Infinitely Scalable
FlexiCloud: Infinitely Scalable
 
paper
paperpaper
paper
 
Cloud Fundamentals PPT.pptx
Cloud Fundamentals PPT.pptxCloud Fundamentals PPT.pptx
Cloud Fundamentals PPT.pptx
 
Ds 354-a hitachi-datasheet-hcp-and-bloombase-storesafe
Ds 354-a hitachi-datasheet-hcp-and-bloombase-storesafeDs 354-a hitachi-datasheet-hcp-and-bloombase-storesafe
Ds 354-a hitachi-datasheet-hcp-and-bloombase-storesafe
 
Hitachi datasheet-hcp-and-bloombase-storesafe
Hitachi datasheet-hcp-and-bloombase-storesafeHitachi datasheet-hcp-and-bloombase-storesafe
Hitachi datasheet-hcp-and-bloombase-storesafe
 
Frequently Used Terms in Data Centers
Frequently Used Terms in Data CentersFrequently Used Terms in Data Centers
Frequently Used Terms in Data Centers
 
IT Resilience Use Case
IT Resilience Use CaseIT Resilience Use Case
IT Resilience Use Case
 
Security_Measures_Rediff
Security_Measures_RediffSecurity_Measures_Rediff
Security_Measures_Rediff
 
Imperative Induced Innovation - Patrick W. Dowd, Ph. D
Imperative Induced Innovation - Patrick W. Dowd, Ph. DImperative Induced Innovation - Patrick W. Dowd, Ph. D
Imperative Induced Innovation - Patrick W. Dowd, Ph. D
 
10 Things to Look for in a Data Center
10 Things to Look for in a Data Center10 Things to Look for in a Data Center
10 Things to Look for in a Data Center
 
Equnix Appliance- Jawaban terbaik untuk kebutuhan komputasi yang mumpuni.pdf
Equnix Appliance- Jawaban terbaik untuk kebutuhan komputasi yang mumpuni.pdfEqunix Appliance- Jawaban terbaik untuk kebutuhan komputasi yang mumpuni.pdf
Equnix Appliance- Jawaban terbaik untuk kebutuhan komputasi yang mumpuni.pdf
 
Let's talk CLOUD!
Let's talk CLOUD!Let's talk CLOUD!
Let's talk CLOUD!
 
Airline DR - AWS Case Study
Airline DR - AWS Case StudyAirline DR - AWS Case Study
Airline DR - AWS Case Study
 
Leveraging The Power Of The Cloud For Your Business
Leveraging The Power Of The Cloud For Your BusinessLeveraging The Power Of The Cloud For Your Business
Leveraging The Power Of The Cloud For Your Business
 
Best Compute Solutions, Backup Services, and Data Storage Center
Best Compute Solutions, Backup Services, and Data Storage CenterBest Compute Solutions, Backup Services, and Data Storage Center
Best Compute Solutions, Backup Services, and Data Storage Center
 
Array Networks Corporate Overview
Array Networks Corporate OverviewArray Networks Corporate Overview
Array Networks Corporate Overview
 
RapidScale Company Presentation
RapidScale Company PresentationRapidScale Company Presentation
RapidScale Company Presentation
 
Efficient Hosting Solutions: Netherlands VPS Server
Efficient Hosting Solutions: Netherlands VPS ServerEfficient Hosting Solutions: Netherlands VPS Server
Efficient Hosting Solutions: Netherlands VPS Server
 
Discover Premium Hong Kong Dedicated Server Solutions by Onlive Server
Discover Premium Hong Kong Dedicated Server Solutions by Onlive ServerDiscover Premium Hong Kong Dedicated Server Solutions by Onlive Server
Discover Premium Hong Kong Dedicated Server Solutions by Onlive Server
 
LoadBalancing_Print_Webair
LoadBalancing_Print_WebairLoadBalancing_Print_Webair
LoadBalancing_Print_Webair
 

Mehr von HuddleHQ

2020: What your marketing will look like.
2020: What your marketing will look like.2020: What your marketing will look like.
2020: What your marketing will look like.
HuddleHQ
 
Social business systems - success factors for Enterprise 2.0 applications
Social business systems - success factors for Enterprise 2.0 applicationsSocial business systems - success factors for Enterprise 2.0 applications
Social business systems - success factors for Enterprise 2.0 applications
HuddleHQ
 
BackToLearn.com turns to Huddle for project management and gains a paperless ...
BackToLearn.com turns to Huddle for project management and gains a paperless ...BackToLearn.com turns to Huddle for project management and gains a paperless ...
BackToLearn.com turns to Huddle for project management and gains a paperless ...
HuddleHQ
 

Mehr von HuddleHQ (20)

2020: What your marketing will look like.
2020: What your marketing will look like.2020: What your marketing will look like.
2020: What your marketing will look like.
 
Shared Services and the Cloud at Cheltenham Borough Council
Shared Services and the Cloud at Cheltenham Borough CouncilShared Services and the Cloud at Cheltenham Borough Council
Shared Services and the Cloud at Cheltenham Borough Council
 
How European policy impacts cloud in the UK public sector
How European policy impacts cloud in the UK public sectorHow European policy impacts cloud in the UK public sector
How European policy impacts cloud in the UK public sector
 
Education Funding Agency – David Ogden
Education Funding Agency – David OgdenEducation Funding Agency – David Ogden
Education Funding Agency – David Ogden
 
Demystifying Enterprise Collaboration
Demystifying Enterprise CollaborationDemystifying Enterprise Collaboration
Demystifying Enterprise Collaboration
 
Huddle Sync - Intelligent File Sync
Huddle Sync - Intelligent File SyncHuddle Sync - Intelligent File Sync
Huddle Sync - Intelligent File Sync
 
True collaboration, or: Why SharePoint is no friend to the CIO
True collaboration, or: Why SharePoint is no friend to the CIOTrue collaboration, or: Why SharePoint is no friend to the CIO
True collaboration, or: Why SharePoint is no friend to the CIO
 
Social business systems - success factors for Enterprise 2.0 applications
Social business systems - success factors for Enterprise 2.0 applicationsSocial business systems - success factors for Enterprise 2.0 applications
Social business systems - success factors for Enterprise 2.0 applications
 
Communication and collaboration in the Enterprise 2.0 world
Communication and collaboration in the Enterprise 2.0 worldCommunication and collaboration in the Enterprise 2.0 world
Communication and collaboration in the Enterprise 2.0 world
 
Comic Relief Case Study
Comic Relief Case StudyComic Relief Case Study
Comic Relief Case Study
 
Centrica Case Study
Centrica Case StudyCentrica Case Study
Centrica Case Study
 
The Cloud by Mark O'Neill
The Cloud by Mark O'NeillThe Cloud by Mark O'Neill
The Cloud by Mark O'Neill
 
Cloud Jonathan Hyde, ICT Lead National Audit Office
Cloud Jonathan Hyde, ICT Lead National Audit OfficeCloud Jonathan Hyde, ICT Lead National Audit Office
Cloud Jonathan Hyde, ICT Lead National Audit Office
 
The science of selling
The science of sellingThe science of selling
The science of selling
 
BackToLearn.com turns to Huddle for project management and gains a paperless ...
BackToLearn.com turns to Huddle for project management and gains a paperless ...BackToLearn.com turns to Huddle for project management and gains a paperless ...
BackToLearn.com turns to Huddle for project management and gains a paperless ...
 
Setting up an office in the valley
Setting up an office in the valleySetting up an office in the valley
Setting up an office in the valley
 
BIS talks about Huddle
BIS talks about HuddleBIS talks about Huddle
BIS talks about Huddle
 
The case for platform adoption: Huddle
The case for platform adoption: HuddleThe case for platform adoption: Huddle
The case for platform adoption: Huddle
 
Liberal Democrats view of Huddle
Liberal Democrats view of HuddleLiberal Democrats view of Huddle
Liberal Democrats view of Huddle
 
Rufus Leonard & Huddle
Rufus Leonard & HuddleRufus Leonard & Huddle
Rufus Leonard & Huddle
 

Kürzlich hochgeladen

Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
amitlee9823
 
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort ServiceEluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
Damini Dixit
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
Aggregage
 
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
lizamodels9
 
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLBAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
kapoorjyoti4444
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
uneakwhite
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
dollysharma2066
 
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Sheetaleventcompany
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
lizamodels9
 
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceMalegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Damini Dixit
 
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service NoidaCall Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
dlhescort
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
amitlee9823
 

Kürzlich hochgeladen (20)

Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
 
Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1
 
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort ServiceEluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
 
Falcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business GrowthFalcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business Growth
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
 
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
 
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLBAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with Culture
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
 
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
 
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
 
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceMalegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
 
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service NoidaCall Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 May
 
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 MonthsSEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
 
Business Model Canvas (BMC)- A new venture concept
Business Model Canvas (BMC)- A new venture conceptBusiness Model Canvas (BMC)- A new venture concept
Business Model Canvas (BMC)- A new venture concept
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
 

Enterprise level security, the Huddle way

  • 2. Security whitepaper TABLE OF CONTENTS 1 Huddle’s promise 1 Hosting environment 1 Network infrastructure 2 Multiple levels of security 2 Physical security 2 System & network security 2 Application security 3 SLA & resilience 3 Backup & data recovery 3 Privacy 3 Considerations on the software lifecycle 4 FAQ 4 Security 4 Privacy 5 About Huddle
  • 3. HUDDLE’S PROMISE Huddle is committed to keeping your data safe and secure. Some of the biggest busi- nesses in the world, and numerous government organizations, trust Huddle with their data. This document will give you an overview of Huddle’s secure infrastructure and policies. You will also find some FAQs at the end of the document. Should you have any further questions regarding our security policies and measures, please don’t hesitate to get in touch with us. HOSTING ENVIRONMENT Huddle’s production systems are hosted by Rackspace in some of the most highly speci- fied data centers available today. They are built to exacting, rigorous standards and de- liver unparalleled security, power, connectivity and environmental control. Rackspace provides the world-class infrastructure necessary to keep Huddle’s servers up and run- ning uninterrupted around the clock. Rackspace has several highly secure data centers in London, UK, all of which are engineered with fully redundant connectivity, power and HVAC to avoid any single point of failure. Each data centre is staffed 24/7 by highly trained technical support staff. Huddle has selected to host it’s data in the UK to ensure that it is protected by EU data laws. NETWORK INFRASTRUCTURE The following diagram illustrates Huddle’s primary and disaster recovery infrastructure. Firewalls (with redundant backups) Load Balancers (with redundant backups) Real time replication Web Servers IIS7, ASP.NET Service Servers SMTP, MSMQ etc Database and Filestore Cluster SQL Server 2008 Windows Server 2008 Storage SAN and DAS 15 minute failover 1
  • 4. MULTIPLE LEVELS OF SECURITY Huddle has implemented security on multiple levels to offer the maximum level of protec- tion to its customers’ data. The following paragraphs describe each level in more detail. PHYSICAL SECURITY Public access to Rackspace data centers is strictly forbidden. The organization only hosts equipment that it owns and manages, obviating the need for anyone but its highly trained Rackspace Engineers to be allowed into the data center. In addition, Rackspace employs a series of physical security measures, including: • Live video surveillance of each data centre facility, monitored 24 hours per day • Onsite security personnel monitor each site 24 hours per day • Biometric hand scanners restrict access to each data center • A pass card system restricts movement from room to room within each data center Rackspace data centers are unmarked to help maintain a low profile and these physical security measures are audited by an independent company. SYSTEM & NETWORK SECURITY Our servers run a hardened OS, with security patches applied by Rackspace to provide ongoing protection from exploits. Network level security is provided by dedicated Cisco firewalls, together with DDoS mitigation provided by Rackspace’s proprietary RackSpace PrevenTier system. Rackspace’s operational policies and procedures are regularly reviewed as part of its SAS 70 Type II audit, and its data center is ISO 27001 certified. All system access is fully logged and tracked for auditing purposes and all staff with access undergo a thorough background check. Servers are hosted behind sophisticated firewalls, with a protected perimeter. We carry out penetration testing on an ongoing basis and have had formal penetration testing commissioned on a number of occasions by third parties. APPLICATION SECURITY All access to Huddle is protected by Secure Socket Layer (SSL) providing both server au- thentication and 256-bit AES data encryption. This ensures that your data is safe, secure and available only to registered users in your organization, with relevant permissions. Huddle provides each user with a unique username and password that must be entered each time a user logs on. Huddle issues a session cookie only to record encrypted au- thentication information for the duration of a specific session. The session cookie does not include the username, password, or any user data. Huddle’s password control in- cludes a strength indicator and protection against brute-force attempts to discover pass- words. Huddle’s application security ensures that only those invited in to a workspace can ac- cess its contents. Access controls are baked in to the Huddle data model and user per- missions are verified on every request by the core Huddle application framework. These access controls apply not only at the workspace level, but can also be applied to specific file folders to restrict access to certain workspace members. Access can be provided as either “read only”, “edit” or “no access”. Huddle is able to offer IP address locking, meaning you can lock access to Huddle as a whole, or certain workspaces only, to individual IP addresses (i.e. specific computers or office locations). The Huddle application has been rigorously tested against common website vulnerabili- ties such as cross-site scripting (XSS), cross-site request forgery (XSRF) and SQL injec- tion. 2
  • 5. SLA & RESILIENCE At Huddle, we recognize that uptime is of the upmost importance for a business-critical ABOUT RACKSPACE web application. We employ two separate external monitoring systems to track and re- cord availability and response time from various locations around the globe. We have a 24x7 team available to respond in the unlikely event of a serious application issue. Huddle’s Service Level Agreement (SLA) guarantees uptime of 99.9 per cent over any three month period. Our record shows we are always performing well above this SLA. Huddle has chosen Rackspace as a hosting provider to For example, in the first six months of 2011, Huddle’s application was available 99.99 per offer its customers the best in class Cloud Infrastruc- cent of the time. Our performance against our SLA is publicly available in real-time from ture. Rackspace is a global web host known for its high a third-party who monitor our service (Aware Monitoring). end managed hosting and dedicated services. The company delivers enterprise-level managed services Huddle’s excellent uptime is achieved by planning in redundancy in every part of the sys- to businesses of all sizes and kinds around the world, tem, coupled with careful quality assurance and change management. This redundancy serving more than 14,000 customers in eight data cent- applies to everything from power and network connections in to Rackspace data centres, ers worldwide. Rackspace is positioned as a leader in firewalls, load balancers, switches, web servers, database servers. Gartner’s Magic Quadrant for Cloud Infrastructure as a Service and Web Hosting. http://www.rackspace.com BACKUP & DISASTER RECOVERY To minimize service interruption due to hardware failure, natural disaster, or other ca- tastrophes, Huddle implements a disaster recovery program. All of Huddle’s servers are ABOUT AWARE MONITORING backed up nightly and backups are retained for two weeks. In addition, all data (database and file system) is mirrored almost immediately to standby servers in a second UK data centre. In the event of the most serious of catastrophes, resulting in the complete loss of our primary data centre, workspaces belonging to paying accounts will be available within Huddle has chosen Aware Monitoring to prove our a matter of minutes via our Disaster Recovery site. Data is replicated to this site in near uptime, reliability and stability with independent real-time, so business can proceed as usual. certification. http://uptime.awaremonitoring.com/uptime/huddle/ PRIVACY Huddle maintains a strong privacy policy to protect customer data. Huddle does not own customer data or share it with third parties. Huddle also allows customers to take their data with them, should they decide to stop using Huddle’s services. The full privacy policy is available upon request. CONSIDERATIONS ON THE SOFTWARE LIFECYCLE Huddle employs an Agile development methodology, using Scrum alongside selected Extreme Programming (XP) practices. This iterative approach to development ensures that Huddle can release incremental product enhancements on a very frequent basis, and modify the product plan quickly and easily in response to changing priorities. Each development iteration lasts two weeks . This includes all the planning, design, de- velopment and exhaustive quality assurance activities to ensure that the output is pro- duction ready, following a short but rigorous regression testing process the majority of which is automated. Once the Quality Assurance team have approved the product increment for deployment to the live environment, the Systems Engineering team performs the release. Releases typically take place every four weeks and the dates are published in advance. Standard releases do not involve any application downtime. 3
  • 6. FAQ SECURITY Where is my organization’s data stored? All customer data is stored in Rackspace data centers, in the UK. More information on these data centers is available upon request . How do you protect your infrastructure against hackers and other threats? Servers are hosted behind sophisticated firewalls, with a protected perimeter. We carry out penetration testing on a regular basis and have had formal penetration test- ing commissioned on a number of occasions by third parties. Our customers are welcome to carry out their own penetration testing by prior arrangement with Huddle. How do you protect from machine downtime? Huddle has a complete disaster recovery plan which makes use of failover to our second data center. This is kept up to date in real time. The worst case scenario for physical disaster at our primary data center has a 15 minute failover time to the sec- ond data center. This redundancy is built into each application layer of the Huddle platform. Huddle as a business runs entirely on cloud based services and our business continu- ity plan reflects this. Our service is designed to continue running even in the event of a major incident at our business premises. All Huddle staff are provisioned with the tools required to work remotely in the event of a major disaster. Does Huddle offer SSL connectivity? All data on Huddle is fully encrypted with 256-bit SSL encryption. PRIVACY Who owns the data that my organization stores on Huddle’s servers? All the data on Huddle’s server belongs to the customer and it can extracted upon request, should this be necessary Does Huddle give third party access to my data? Huddle does not give third parties access to its customers’ data and it enforces a strict privacy policy. Does Huddle have a Safe Harbor certification? “Safe Harbor” is a framework developed by the US Department of Commerce in con- sultation with the European Commission to bridge the differences between the EU and US privacy policy. It allows US companies to comply with the EU’s more rigorous data protection law. Since Huddle is a UK company, and all customer data resides in the UK, it is protect- ed by the EU Data Protection Direction, which is regarded as one of the most rigorous Privacy legislations in the world and does not need Safe Harbor certification. Contact us to have more information on Huddle’s privacy policy. Is my data subject to the Patriot act? The Patriot Act, passed in 2001 by the US, that any US company or wholly-owned subsidiary of a US company must hand over data that they are hosting on behalf of their customers if they are requested to do so by the US authorities. What this means in reality is that, if you are buying a cloud-based service from a US company, your data can be made available to US authorities upon request without your permission. Huddle is a UK company and we use UK-based hosting providers so we can guaran- tee that any data we host on behalf of our customers is not subject to the Patriot Act. 4
  • 7. Can I extract my data should we wish to archive ? Huddle can provide a data export tool which allows all information stored within Hud- dle to be exported to a local system of your choosing (e.g. network drive/personal hard drive etc.) This includes: • All documents extracted to a standard file and folder format • All web based information (e.g. discussions/whiteboards) in offline HTML format • Tasks - by workspace export It is also possible to run this on a scheduled basis, so that the risk of loss of informa- tion is doubly mitigated (bearing in mind that Huddle already runs industry leading datacentre mirroring and disaster recovery on your behalf). ABOUT HUDDLE Established in November 2006 and based in London and San Francisco, Huddle is the leader in Enterprise Collaboration and Content Management in the cloud. With Huddle, you can manage projects, share files and collaborate with people inside and outside of your organization, securely. It is available online, on mobile devices, on the desktop, via Microsoft Office applications, major business social networks and in multiple languages. Simply: if SharePoint was built today, they would have built Huddle. 5