Where is AgilePlace hosted?
AgilePlace is hosted on the Microsoft Azure Cloud platform. For U.S. customers, AgilePlace infrastructure is redundant for failover purposes with the primary site hosted in Virginia with a backup site in Southern-California. For customers outside of the U.S., AgilePlace is hosted in the Netherlands with a backup site in Ireland.
Microsoft Azure provides a reliable platform for software services used by thousands of businesses worldwide, and provides services in accordance with security industry best practices and undergoes industry-recognized certifications and audits (https://azure.microsoft.com/en-us/support/trust-center/).
Who controls the AgilePlace data centers?
For AgilePlace assets deployed in Microsoft Azure all physical components are maintained by Microsoft. This includes the dedicated hardware, storage, network routers and switches, firewalls, etc. Software and operating system components hosted on these devices are controlled by AgilePlace.
Who is responsible for patching?
Patching of all physical hardware is maintained by Microsoft Azure. Software, operating system, application, and all host-based services are patched by AgilePlace network operations. Patching on AgilePlace systems is automated to ensure that the most recent working patches are in place.
Are privileged actions monitored and controlled?
Yes. Application event logs are maintained as well as infrastructure system logs, in a central logging repository. This aggregated log collection is monitored for unauthorized activity, login attempts, excessive network traffic, and other abnormal activity. Activities in these logs include that of privileged users. A host based intrusion detection system (IDS) is in place on infrastructure components, which provides additional monitoring and alerting for AgilePlace systems.
How does AgilePlace isolate customer data?
AgilePlace customer data is logically separated from that of other customers in a multi-tenant database. This allows for proper client segregation as well as an easy way to retrieve said data when a client requests their stored data. AgilePlace offers a Private Cloud product for customers who need the added assurance of physically separate their data from other customers.
Does the AgilePlace service provide in-transit encryption?
Yes. The AgilePlace application forces the user to communicate with TLS encryption for all network communication.
Does Microsoft Azure publish its environmental controls?
Yes. Microsoft Azure documentation can be found here; https://azure.microsoft.com/en-us/support/trust-center/. Additional and more specific documentation can be requested from Microsoft through AgilePlace. Send Microsoft Azure security documentation requests to mailto:firstname.lastname@example.org.
How does AgilePlace protect against infrastructure or application intrusion?
Infrastructure and application logs are maintained in a central, aggregated system that has search parameters in place for detecting unauthorized activity. Intrusion detection is enabled on infrastructure critical hosts, and provides additional insight and alerting to the AgilePlace infrastructure and application.
Does the AgilePlace product undergo periodic penetration tests or secure code analysis?
Yes. The AgilePlace application undergoes regular manual penetration testing, as well as regular static and dynamic code analysis. These tests are performed in a test/lab environment or by a third-party service, which ensures that the production application and data are not affected by such testing.