The general purpose of this white paper is to provide a basic overview of security practices for digital publishing. The intended audience for this document is a publisher, digital marketing professional, or a reseller interested in publishing and distributing content across multiple platforms. A separate and more detailed BlueToad Information Assurance document is available for IT and security departments upon request.
Table of Contents
- Security Overview
- Healthy Coding Standards
- Internet Perimeter & Intrusion Monitoring
- System Penetration Testing
- System Services & Security Updates
- Written Information Security Standards
- Data Center Physical & Environmental Security
Mobility and easy distribution have become enormous assets for improving the reach of the publisher to the reader in the digital publishing enterprise. The ability to digitally access information throughout the world has transformed digital publications. Content and data security should be a top priority when deciding to digitally publishand distribute your content. When choosing a digital publishing partner, it is important that you understand the processes and security measures that are in place to protect your content and user information.
Generally speaking there are six security related questions that you should ask your digital publishing partner:
- How does the prospective partner ensure healthy coding standards?
- What steps are taken to prevent intrusion attempts?
- Does the prospective partner initiate any proactive and independent system penetration testing?
- How quickly does the prospective partner respond to security updates for software and hardware?
- What measures are taken to ensure the prospective partner’s employees are aware and comply with all security policies and procedures?
- How does the prospective partner ensure the physical and environmental security of your hardware?
BlueToad takes data security and system reliability very seriously. BlueToad is committed to maintaining and proactively testing its security systems in an effort to properly monitor its digital infrastructure.
Healthy Coding Standards
- We educate our developers on security best practices and code hygiene.
- We continuously monitor and implement secure coding practices across our enterprise.
- We actively strive to maintain industry security standards throughout all facets of our processes.
Internet Perimeter & Intrusion Monitoring
What steps does BlueToad take to prevent intrusion attempts? 24 hours a day, 7 days a week, BlueToad monitors incoming and outgoing traffic on systems for suspicious traffic and attempted intrusions.
BlueToad ensures a hardened internet perimeter by utilizing the following monitoring and maintenance tools and resources:
- Continuously-updated network firewalling
- Web application firewalling (WAF)
- Intrusion detection systems (IDS)
These resources allow BlueToad to quickly detect and prevent unauthorized access. In addition to our internal efforts, we have engaged two separate security companies to continuously monitor our production systems. BlueToad utilizes industry leading third parties to carry out these tasks.
System Penetration Testing
Does BlueToad initiate any proactive and independent system penetration testing? Proactive system penetration testing is a vital component in BlueToad’s security procedure. Every day of the year, BlueToad systems undergo a proactive security audit performed by our security partners.
At least annually, BlueToad additionally engages external expert security personnel to attempt to penetrate our systems. These constant security efforts allow us to discover any potential areas of concern before they can become problems.
System Services & Security Updates
How quickly does BlueToad respond to security updates for software and hardware? BlueToad monitors the latest developments in software vulnerabilities and quickly responds with appropriate countermeasures. BlueToad maintains its software and hardware with the latest security updates. Our frequent testing allows security measures to be swift and effective.
Written Information Security Standards
What measures does BlueToad take to ensure employees are aware and comply with all security policies and procedures?
BlueToad maintains a set of written security policies and procedures governing:
- BlueToad’s commitment to information security
- Appropriate security education and training of BlueToad personnel
- Acceptable use of BlueToad’s assets by BlueToad personnel, including computing systems, networks, and messaging
- Information security incident management by BlueToad personnel, including data breach notification and collection of evidence procedures
- Authentication rules for the format, content, and usage of passwords for BlueToad personnel and end users, including periodic reviews of BlueToad personnel access rights
- Disciplinary measures for BlueToad personnel who fail to comply with such policies and procedures.
The sum of these procedures ensures that BlueToad’s team and environment are secure.
Data Center Physical & Environmental Security
How does BlueToad ensure the physical and environmental security of its hardware? BlueToad has a written, comprehensive disaster recovery plan to ensure continuous service. BlueToad’s data center incorporates a physical access control and monitoring system for employees and authorized guests. We incorporate industry standards in fire extinguishing, cooling, power, emergency systems, and employee safety.
Key Message: In sum, the practices outlined in this white paper ensure that the content and user information of BlueToad’s customers will remain secure.