When it comes to using software as a service, security and privacy controls are always a top priority. At ClickSoftware we are committed to the protection of confidentiality, integrity, availability and privacy of our customer’s data and also to their service continuity. We believe that information security is vital for our customer’s business operations and to our own success. These premises govern us and the way we do business.
While there’s no bulletproof solution to cloud data and service protection, we do everything we can to exceed expectations.
ClickSoftware’s cloud service is secure, reliable and trusted. The service offers a platform through which businesses can safely store and process personal and internal data.
We self-certify compliance with:
The ClickSoftware cloud service is based on Amazon Web Services (AWS) as an Infrastructure as a Service (IaaS) provider.
AWS provides top industry security measures and is also compliant with the following certifications, assurance programs and third-party verifications:
ISO 27001- Information Security Management System (ISMS) covering infrastructure, data centers, and services
HIPAA – Health Insurance Portability and Accountability Act
FISMA - Federal Information Security Management Act (FISMA)
CSA – Cloud Security Alliance STAR registry
AWS also protects against common security threats to infrastructure such as:
Distributed Denial of Service (DDoS) attacks
Man In the Middle (MITM) attacks
Packet sniffing by other tenants
The ClickSoftware cloud service leverages various security controls to further protect against security threats:
Virtual Private Cloud (VPC): ClickSoftware cloud service uses a virtual private cloud that provides a private, isolated and controlled section of AWS.
Network Access Lists (ACLs) and Security Groups: ClickSoftware cloud service uses firewall rules to control the network traffic.
TLS: ClickSoftware cloud service uses TLS protocol to encrypt the bidirectional traffic between the customer device and desktop and the service.
Customer Isolated Environment: For large enterprise customers the ClickSoftware cloud service offers a completely application isolated environment.
Authentication: ClickSoftware cloud service customer and internal users are authenticated through Active Directory using strict password policy. ClickSoftware cloud service application interface implements client certificate authentication and validates server certificates.
Customer Identity Management: ClickSoftware cloud service customers can manage their users’ identities, credentials and permissions through a self-serviced identity management system. Customer users’ repositories can also be synchronized. Single Sign-on authentication is also supported using Federation technology and SAML protocol.
Permissions: Permissions to access or modify specific data in the ClickSoftware cloud service applications are managed by the customer’s authorized users. Permissions for access and actions in the ClickSoftware cloud service’s assets are deployed using the segregation of duties and least-privileges principles.
Authorization: Access to cloud servers and customer data is restricted to authorized personnel only, according to documented processes, logged and tracked for auditing purposes. Remote access is also controlled by VPN with multi-factor authentication.
Audit trail: Detailed audit which enables tracking of changes made to data in the ClickSoftware cloud service application.
Web attacks protection: Unauthorized web access attempts to the ClickSoftware cloud service is filtered.
Anti-Malware protection: Malicious software is prevented, detected and removed.
Security patch management: Applications, services and operating systems are regularly patched to provide ongoing protection from exploits.
Hardened systems: Only essential software packages are installed. Systems security policies are enabled. Unnecessary services are stopped and non-required ports closed.
Intrusion detection: Unauthorized intrusions to the ClickSoftware cloud service is monitored using network-based intrusion detection mechanisms.
Monitoring of security events: Audit policies and procedures, which includes log collection, correlation and alerts of security incidents are maintained.
ClickSoftware cloud service architecture has been designed for fault tolerance and high availability with no single point of failure using AWS Availability Zone and Regions management and hardware redundancy, redundant instances, load balancing, availability zones, redundant DNS, and backup policy.
Disaster Recovery (DR) procedures and documented, tested, trained, updated and implemented.
Constant proactive Health Monitoring of both IT and application systems by a dedicated Network Operation Center (NOC).
24x7 Telephone and Email Support: Help is always available, with a “follow the sun” model to provide continuous support around the clock.
The following compliance programs are applicable to ClickSoftware cloud services, address all aspects of security and data privacy and maintains confidence of our customers in the status of information security that we provide.
ClickSoftware cloud service has been ISO 27001:2013 certified since 2012. This security standard outlines the requirements for information security management systems and is the highest level of global information security standard available today. This certification provides our customers the assurance that ClickSoftware cloud service meets stringent international standards on security. You can find the certificate here.
Since ClickSoftware cloud service serves customers in the United States and the European Union, ClickSoftware cloud service is Safe Harbor-certified under the US Department of Commerce.
Customers from the medical services industry need to comply with HIPAA, and, as a cloud service provider, ClickSoftware enters into business associate agreements (BAAs) with HIPAA-covered entities, certifying that ClickSoftware cloud service protects personal health information (PHI) in accordance with HIPAA guidelines.
The ClickSoftware cloud service joined the CloudTrust Enterprise-Ready program, which provides an objective and comprehensive evaluation of the enterprise-readiness of the ClickSoftware cloud service based on a detailed set of criteria developed in conjunction with the Cloud Security Alliance (CSA). Services designated as Skyhigh Enterprise-Ready are the services receiving the highest CloudTrust™ Ratings, which fully satisfy the most stringent requirements for data protection, identity verification, service security, business practices, and legal protection. Go to cloud-trust-program here.
Information Security Policy: The ClickSoftware cloud service maintains a policy document that outlines standards of information security and privacy controls and is the basis for the information security and data privacy framework. This policy also governs all the ClickSoftware cloud service internal employees and contractors.
Background checks: All cloud service candidates are required to pass background checks to the extent permitted by law as a condition of employment.
Security Awareness Training: All internal cloud employees are trained on information security and data privacy procedures.
Information security risks in ClickSoftware cloud service are managed through external and internal audit processes, as detailed here:
Code Security Inspection: For every software major release, security procedures are implemented and code security inspections are conducted by an independent third party.
Penetration Testing: Clicksoftware cloud service performs periodic penetration testing and vulnerability assessments of the service and network by an independent third party.
Audits: Clicksoftware cloud service performs periodic internal and external audits of users activities, systems and applications vulnerabilities, systems and data access controls, configuration changes and security processes in order to detect and mitigate security risks.
Risk Assessment: Clicksoftware cloud service performs periodic risk assessments, by an independent third party, at least once a year, or whenever there is a major change in the technical or legal environment. The purpose is to evaluate the effectiveness of current controls and determine whether new risks require additional mitigating controls.
The ClickSoftware cloud service is committed to the customer’s data protection by implementing the following controls:
Access to Customer Data: Access to the customer data is protected with strict authentication and permission controls.
Personal Information: Static and dynamic data masking of personal information is performed as part of support activities that require accessing the customer data.
Data backup: The customer data is backed up and stored in an encrypted format in the AWS S3 storage service and is available for reliable and secured restore procedure when required.
Data retention: The daily customer data is available in an encrypted format for customer authorized access.
Data sanitization: Upon request, or in accordance with contractual obligations, all the customer data will be deleted, including the backup data, in a reliable manner.
Incident Management: Security incident management policies and procedures are maintained. ClickSoftware cloud service notifies impacted customers of any actual or reasonably suspected unauthorized disclosure of their respective customer data or personal information to the extent permitted by law.