Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Added missing "Eficode" by ROOT

Introduction

This document describes the basic principles of Eficode ROOT security. As such, the document offers an overview of the security practices and policies. Due to security reasons this document is not a comprehensive account of Eficode ROOT security. It does not offer a deep dive to technical security features or describe the security practices in detail.

All security of Eficode ROOT is based on general security requirements of Eficode. The security policy of Eficode is the primary security guidance for all activities within the company, it’s affiliates and partners. The security controls ensure that the security policies and processes are systematically followed across the while organizationorganisation. Personal data shall be processed according to data protection policy and the security policy.

This document details Eficode ROOT specific security that is built on top of the general security policies to further strengthen the security of Eficode ROOT.

Table of Contents

Table of Contents

Overview

Eficode ROOT security is considered to be a continuous process. Eficode ROOT environments are constantly evolving and new features and tools are added to the offering frequently. Security processes must therefore be agile and adaptable to change. Due to the evolving environment, proper change management is an important part of the security.

...

Layered approach to user access permissions

Continuous security measures and practices

The following continuous security measures and practises are used throughout the support and maintenance organisation and apply to all customer specific Eficode ROOT platform instances:

  • Regular (monthly) maintenance breaks
  • Security vulnerability tracking
  • Security testing (automatic and process based)
  • Controlled change management
  • Code reviews
  • Maintenance and support personnel security
  • Physical security measures
  • Network security measures

Regular maintenance breaks

The latest security patches are installed to the system during regular pre-scheduled service breaks, usually on a monthly basis.

Eficode informs the customers and their end users in advance 1 - 2 weeks prior to scheduled service breaks. Notification methods include a maintenance page (when working on larger changes) and tool specific notification banners.

Security vulnerability tracking and security patching

The Eficode ROOT maintenance and support team systematically follows security patch releases and other security announcements related to all software products and solutions in Eficode ROOT scope. We also have an automated process of gathering and distributing information on relevant security notices and releases.

Stable patches are applied during the regular maintenance breaks. Off-cycle updates are done when necessary.

Security testing

Eficode ROOT is subject to regular security tests conducted by Eficode IT security team. The tests cover all Eficode Root ROOT instances in production. The tests aim to expose security vulnerabilities and issues. Additionally, Eficode ROOT platform instances are open to 3rd party security assessments and tests if required by an end user.

Controlled change management

All platform configurations and related changes are managed as code and under version control. Eficode tracks changes in an issue tracking system and follows them through to production.

Changes are deployed first to a generic Eficode ROOT test environment, then to customer specific test environments (if necessary). After extensive testing the new, changed configurations are installed in customer specific production environments during the next available service break. Changes are merged back to the master (configuration) codeline and used as part of the new base configuration.  

Code review practises

All platform changes go through a peer review process before being released to production. Critical security related fixes may momentarily by-pass the peer review process before being released. In these rare cases the changes are reviewed retrospectively.

Maintenance and support personnel security

In most cases, Eficode ROOT staff uses personal user accounts to perform maintenance and support tasks. The only exceptions are customer mandated e.g. with smaller platform instances where we may have to minimize license use with shared maintenance and support accounts due to customer cost actions. For security and traceability reasons we always recommend the licence pools to include enough seats for personal user accounts. In larger platform environments the use of personal accounts is always mandatory. 

...

Anti-virus scanners and other applicable security software are installed in all Eficode computers. All computer hard drives are encrypted. We track and manage the full lifecycle of all hardware and components. Using personal equipment is not allowed.

System security

On the system level Eficode ROOT is subject to security practices covering the following areas:

...

The below described practices are based on general system security principles and the actual implementations are specialized per environment. 

Customer isolation

All customer specific environments (e.g. HW, OS) , tools, and supporting infrastructure are isolated from one another.

Eficode implements per customer hardware isolation. Each customer has isolated hardware or hardware virtualizationvirtualisation

All tools and supporting infrastructure are specific to a single platform instance. On the infrastructure level Eficode ROOT platforms do not use shared backups, frontend servers or network configurations across different instances. 

Shared services

Shared services include:

  • Eficode ROOT platform monitoring, which runs in Eficode monitoring network.
  • Jira Service Desk, which is used as a service support ticketing system for all platform instances

Operating system level security

All environments are installed with orchestrated "Infrastructure as Code" principle. This enables robust change management, peer reviews and straightforward rollbacks.

On the server OS level Eficode ROOT maintenance team applies patches on regular maintenance breaks. This includes updates to infrastructure server OS kernels whenever applicable. 

Protection against cyber attacks

Eficode ROOT systems are protected against cyber attacks with

  • DDoS protection
  • Intrusion detection systems
  • Virus scanning
  • Server hardening (using CIS standard where applicable)

Networks and network security

Eficode ROOT services usually have 4 major networks:

  • Eficode support network
  • Eficode monitoring network
  • Customer specific Eficode ROOT network
  • Customer network

...

NOTE: For security reasons, Eficode intranet is completely separated from Eficode support and monitoring networks and allows no connectivity to any customer networks.

Eficode support network

Eficode support network is a network located at the Eficode offices. It is separated from Eficode intranet due to security. Deficated Eficode Dedicated Eficode ROOT on-site maintenance and support personnel use the network for tool access, platform configuration and service management. 

Eficode support network is protected and monitored by Eficode IT. Eficode ROOT support and maintenance personnel are able to create a remote VPN connection to this network with personal access tokens. The security policy offers detailed instructions in regards to remote connections.

Eficode monitoring network

Eficode ROOT has a separate system monitoring network. The network is located in Germany in a data center behind a private switch and a firewall. The monitoring system is connected to Customer Networks through VPN.

...

The monitoring system monitors system status such as CPU load, memory usage and process count. Additionally, it monitors platform (tool) availability and performance.

Customer specific Eficode ROOT network

Eficode ROOT platform tools run in a customer specific Eficode ROOT network. Eficode connects Eficode support network, Eficode monitoring network and the customer private network with Customer specific Eficode ROOT network to enable overall platform usage.

Customer Eficode ROOT network is very dependent on customer environment requirements. Because of this, the networks are designed and configured on a customer to customer basis. 

...

Eficode reserves a minimum of one (virtual) server per tool in this network to prevent shared resource related conflicts (i.e. tools causing issues with one another).

Customer (private) network

Customer (private) networks are used by the customers while they access the Eficode ROOT service. All customer specific private runtime environments (e.g. target environments for software deployments/releases) or environments that run customer hosted external tooling belong to this category. Public and 3rd party networks are discussed in the next chapters.

...

By default, Eficode ROOT does not have access to customer networks. Exceptions are made e.g. with LDAP/LDAPS for Active Directory integration. In this case Eficode ROOT requires access to ports 389, 3268 or 636. Mail services, if connected through the customer mail server, require the use of port 25.

Additional networks - Public network

If necessary, Eficode ROOT services can be accessed via public network with port 443 (https). While not recommended, some customers require their services to be available via a public network. Typical workaround to this is to run two instances where one is open to the public and the other is not. This allows using the more secure internal instance in cases where no public collaboration is necessary while allowing exposing assets to the general public from the external facing instance.

...

2FA and stronger authentication is recommended while providing platform access via public networks. A second layer of authentication can be included with authentication services such as Microsoft Azure AD and Google authentication.

Additional networks -  3rd party network

Selected 3rd party networks can be provided with an access to the Eficode ROOT service. This option is not relevant if a) the service is not meant to be available outside of customer premises, b) the service is available via a public network, c) the service will not be used by any third party developers, or d) there are no deployments to any 3rd party network.  

...

Selecting the correct access mechanism depends on the required integrations.

Backups

Eficode manages system wide backups. The daily backups are typically stored for 30 days. Additionally, it is possible to store the backups in another location for added system robustness. Backups can also be delivered to customer premises. 

...