General System Description
Planview Spigit SaaS enables you to harness the collective intelligence of your employees, customers and partners to solve today’s problems, maximize tomorrow’s opportunities, and accelerate innovation.
The Spigit platform is backed by proprietary crowd science algorithms and a proven methodology that together deliver bottom line business results. Spigit’s ideation management platform enables organizations to create and manage a pipeline of ideas to drive new business strategies, product development, operational efficiencies, and employee engagement.
Using Spigit, business leaders find the best ideas, make the right decisions, and foster a culture of innovation. Spigit's designers believe that ideation is a systematic process that can and should be managed. Spigit replaces the siloed and often one-off pursuits of the next “big idea,” by managing ideation as a business-critical function across the entire organization. Ideation in companies is often ad-hoc, high-risk, and hard to value.
Spigit introduces a structured process that’s predictable, scalable, engaging, and transparent. This new model is built around powerful patented algorithms and industry-proven methodology that replace guesswork with science. Spigit enables the collective intelligence of a company’s “crowd” – employees, customers and partners – to accelerate innovation. In turn, Spigit allows companies to create fully predictable ideation processes that produce measurable, bottom line business results.
SaaS System Components and Architecture
Spigit is deployed as a software as a service (SaaS) hosted in one of several dedicated Rackspace tier 3 ISO 27001 certified data centers. This allows you to select your hosting location from a choice of United States, United Kingdom, Hong Kong, or Australia. Your choice of location is primarily driven by being closest to the location of your intended users, and influenced by regulatory considerations. Each data center location can serve a global organization.
The SaaS environment is CentOS (Linux) based and uses Hewlett Packard enterprise class servers, enterprise class SSD storage configured in fault tolerant RAID 10 configurations with full disk encryption (AES256), high availability Cisco network switches, high availability Cisco firewalls, and both security and vulnerability monitored by Alert Logic intrusion detection (IDS), intrusion prevention (IDP), Threat Manager, and log management (SEIM) systems. Only ports 80 and 443 are open to the Internet, and port 80 is redirected to port 443. All other ports are blocked.
Each customer is deployed on shared or dedicated servers (depending upon option ordered) in a customer dedicated application instance and database to provide secure segregation of the customers’ data and operation. The application itself is written in Java and uses Apache web server, Apache Tomcat application server, Shibboleth SP for SAML integration, Apache SOLR search server, Thumbor image server, Sophos malware file scanning, and MariaDB.
Spigit is designed to use our Shibboleth SAML SP service to integrate with customer SSO services that support SAML 2.0.
External Third-party Components
Spigit uses GoodData’s Insight business analytics system to provide best in class reporting and dashboards. The GoodData platform is co-located in the United States and United Kingdom Rackspace data centers. Spigit uses Amazon Web Services S3 for offsite storage of customer specific data backups that have been fully encrypted (using AES256 encryption) prior to their secure online transfer to S3.
Spigit utilizes transport layer security (TLS) for all API and user communications between the users’ browser and the application using strong Diffie Hellman ciphers and SSL digital certificates with RSA 4096 bit key strength. Currently Spigit supports the use of TLS 1.2. Upon customer request, access to their Spigit instance can be further restricted to specific IP ranges (typically the customer’s Internet gateway(s)) or via VPN using IPsec.
Spigit application notifications via email that require TLS transport, are signed, and use DKIM authentication and DMARC.
Spigit provides SSO and/or application authentication depending upon the customer’s preference and intended application usage. If using application authentication, the password policy is configured for the specific customer’s requirement. If using SSO, using a SAML 2.0 compliant identity provider is Spigit’s preferred approach. Common identity providers in use include ADFS, LDAP, Okta, Ping Identity, and Google Auth.