Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
security [2019_10_15 20:47] stevensecurity [2020_05_27 16:44] steven
Line 27: Line 27:
  
 [[https://www.ssllabs.com/ssltest/analyze.html?d=storagemadeeasy.com|Check out]] our online sites using [[https://www.ssllabs.com/index.html|Qualys SSL Labs site check]]. [[https://www.ssllabs.com/ssltest/analyze.html?d=storagemadeeasy.com|Check out]] our online sites using [[https://www.ssllabs.com/index.html|Qualys SSL Labs site check]].
 +
 ===== 3 Encryption Algorithm ===== ===== 3 Encryption Algorithm =====
  
Line 39: Line 40:
  
 See also [[https://storagemadeeasy.com/pressrelease/FIPS-140-2-compliance/|FIPS U.S. Federal Government Validation of the Enterprise File Fabric™ Cryptographic Algorithm]]. See also [[https://storagemadeeasy.com/pressrelease/FIPS-140-2-compliance/|FIPS U.S. Federal Government Validation of the Enterprise File Fabric™ Cryptographic Algorithm]].
 +
 ===== 4 Authentication Security ===== ===== 4 Authentication Security =====
  
Line 71: Line 73:
 ===== 7 Restrict by IP Address ===== ===== 7 Restrict by IP Address =====
  
-The File Fabric supports the ability to whitelist or blacklist IP addresses. This can be done at the Organization level (tenant) or on a per user basis. For more information see [[geoip]].+The File Fabric supports the ability to whitelist or blacklist IP addresses. This can be done at the Organization level (tenant) or on a per user basis.
  
-===== 8 Audit Security =====+For more information see [[geoip]].
  
 +===== 8 Audit Security =====
  
 {{:/security:steps:sme_7_audit_security.png}} {{:/security:steps:sme_7_audit_security.png}}
Line 110: Line 113:
  * **Disaster Recovery** - The [[foreverfile|ForeverFile™ archive]] is a backup, disaster recovery and ransomware protection feature that continuously protects data, wherever it is stored. For each primary storage provider that is being protected, a separate secondary or Backup provider is configured. For maximum availability the backup cloud should be located in another data center. It could also be with different cloud vendor, storage technology or tier.  * **Disaster Recovery** - The [[foreverfile|ForeverFile™ archive]] is a backup, disaster recovery and ransomware protection feature that continuously protects data, wherever it is stored. For each primary storage provider that is being protected, a separate secondary or Backup provider is configured. For maximum availability the backup cloud should be located in another data center. It could also be with different cloud vendor, storage technology or tier.
  
-===== 13 Cyber Essentials =====+===== 13 Website Security ===== 
 + 
 +{{ :security:trustedsite_logo.png?nolink&200 |}} 
 + 
 +Our public websites is scanned regularly through [[https://www.trustedsite.com/verify?host=storagemadeeasy.com| Trusted Site]] for security issues including malware, malicious links, and phishing. 
 + 
 +We follow best practices in developing secure software, as mandated by GDPR, protecting for example against injection attacks, cross-site request forgery and session hijacking. We perform a third-party vulnerability code scan for each release. 
 + 
 +The following cookies are used. <site> is the subdomain of your instance. 
 + 
 + * PHPSESSID - Unique ID of session. Retention: Session 
 + 
 + * site__just_logged_in - Start page logic. Retention: 1 year 
 + 
 + * autologin - token for remember me feature. Retention: 14 days 
 + 
 + * site__various - Remembers settings between sessions such as what folders and panels are collapsed, and the last sort order.  Retention: 1 year 
 + 
 +===== 14 Cyber Essentials =====
  
 Storage Made Easy is [[https://www.cyberessentials.ncsc.gov.uk/cert-search/?query=storage%20made%20easy|Cyber Essentials Certified]].Cyber Essentials is a UK government information assurance scheme operated by [[https://www.ncsc.gov.uk|the National Cyber Security Centre]] (NCSC) that encourages organisations to adopt good practice in information security.It includes an assurance framework and a set of security controls to protect information from threats coming from the internet. Storage Made Easy is [[https://www.cyberessentials.ncsc.gov.uk/cert-search/?query=storage%20made%20easy|Cyber Essentials Certified]].Cyber Essentials is a UK government information assurance scheme operated by [[https://www.ncsc.gov.uk|the National Cyber Security Centre]] (NCSC) that encourages organisations to adopt good practice in information security.It includes an assurance framework and a set of security controls to protect information from threats coming from the internet.
Line 116: Line 137:
 It was developed in collaboration with industry partners, including the Information Security Forum (ISF), the Information Assurance for Small and Medium Enterprises Consortium (IASME) and the British Standards Institution (BSI), and is endorsed by the UK Government. It was developed in collaboration with industry partners, including the Information Security Forum (ISF), the Information Assurance for Small and Medium Enterprises Consortium (IASME) and the British Standards Institution (BSI), and is endorsed by the UK Government.
  
-===== 14 London Office of Regional CyberSecurity Advancement (LORCA) =====+===== 15 London Office of Regional CyberSecurity Advancement (LORCA) =====
  
 Storage Made Easy [[https://www.infosecurity-magazine.com/news/lorca-announces-additions-1-1/|was selected]] to be one of the CyberSecurity innovators of LORCA's third cohort. Storage Made Easy [[https://www.infosecurity-magazine.com/news/lorca-announces-additions-1-1/|was selected]] to be one of the CyberSecurity innovators of LORCA's third cohort.
© Copyright 2024 Nasuni.