SlideShare une entreprise Scribd logo

Information Security and Data Privacy Practices

Gigya
Gigya

Gigya’s enterprise class Customer Identity & Access Management platform delivers maximum efficiency and scalability while protecting consumer data with strict security and compliance standards. The four pillars of Gigya’s security and privacy promise are: - Infrastructure: State-of-the-art data centers for optimized performance and scalability. - Data Security: ISO 27001 certification and multiple levels of security protect data with both physical and virtual safeguards. - Compliance: Regional privacy compliance and built in social network terms of service functionality ensure responsible data management. - Privacy Policies: Increased transparency of data practices fosters consumer trust and relationships.

Logiciels
1  sur  9
Télécharger pour lire hors ligne
Information Security and Data Privacy Practices
2 Information Security and Data Privacy Practices Introduction As a leading SaaS Customer Identity & Access Management provider for enterprises, Gigya is committed to maintaining only the highest level of performance and security. Our platform is optimized to deliver maximum efficiency and scalability while protecting your data with a series of strict security and compliance standards. This executive summary provides an overview of Gigya’s standards for the following four categories: • Infrastructure: Our state-of-the-art data centers provide optimized performance and scalability. • Data Security: ISO 27001 certification and multiple levels of security protect your data with both physical and virtual safeguards. • Compliance: Regional privacy compliance and built in social network terms of service functionality ensure responsible data management. • Privacy Policies: Increased transparency of data practices fosters consumer trust and relationships. Infrastructure Gigya’s robust infrastructure guarantees unprecedented performance and scalability with continuous data backup and constant protection. State-of-the-Art Hosting and Physical Security Gigya owns and operates its main U.S. server farm, hosted by one of the top data center providers in the world, Equinix. The Equinix data center is SSAE16-certified and is fully equipped with generator-backed UPS and redundant HVAC systems, as well as fire suppression, flood control and seismic bracing solutions to protect your data in the event of a power outage or natural disaster. The data center also enforces high security protocol, including 24x7 armed guards, multiple biometric checkpoints and full CCTV surveillance. For more information about Equinix security and infrastructure, please visit: http://www.equinix.com/platform-equinix/platform-advantages/ibx-data-centers/ In 2016, Gigya opened another primary data center within the Russian Federation. With hardware wholly owned and operated by Gigya, this facility enables our clients with Russian customers to comply with that government’s data residency requirements while ensuring that attributes stored in Russia remain discrete from all other international data.
3 Gigya also hosts multiple AWS (Amazon Web Services) virtual data centers in Ireland for European companies that prefer to store their data within the EU, and virtual data centers in Sydney, Australia are available for the APAC market. A full disaster recovery environment for the U.S. server farm is also maintained. For more information about AWS security and infrastructure, please visit: https://d0.awsstatic.com/whitepapers/aws-security-whitepaper.pdf Redundancy Gigya supports full disaster recovery in the rare case of a data center outage. This includes real-time data replication to a separate physical location and transfer of critical data on-premise to provide continuous service and transparent recovery, with no data loss, in the case of hardware failure. In the U.S., data centers are located in disparate geographical locations. The DR site has the same components and functionality of the production site and is updated upon any change in production. In order to verify the DR functionality and readiness, Gigya runs automated hourly sanity checks on the DR site. In the EU and AU, Gigya utilizes AWS with two different availability zones for all offered services, where both availability zones are active and serving customers. In Russia, Gigya utilizes two Selectel data centers located in disparate geographical locations, both are active and serving customers. Performance Gigya’s platform was designed to scale horizontally on commodity hardware. Servers never exceed 20% utilization under normal circumstances, providing 5x capacity reserves in order to accommodate unforeseen spikes in traffic. Our performance is proven both by our regular handling of large bursts of traffic during some clients’ live and breaking news events and by the many enterprise companies leveraging our platform to manage more than half a billion user identities. Data Security Gigya is ISO 27001-certified and is registered with IQNet. Gigya invests considerable resources to ensure that the assets our customers entrust to us are safeguarded at all times by employing industry best practices and consistently keeping our information security management system and security practices up-to-date with the latest and most stringent policies and regulations. Gigya has published a very detailed Self-Assessment Report to the Cloud Security Alliance STAR program in order to allow our customers to review our compliance with current security and privacy best practices.
4 Application Development Security Security considerations play an integral role in every step of the product development process. During product specification, technical design, development and testing, security measures are continually tested, optimized and implemented. Gigya uses the OWASP top 10 list as a high-level security guideline during development. OWASP guidelines can be found here: https://www.owasp.org/index.php/Main_Page Security At Rest By default, Gigya encrypts all PII and other sensitive data at rest using the AES-256 algorithm, and hashes passwords with the NIST-approved PBKDF2 algorithm. In addition, to further protect access to the data, Gigya uses HMAC-SHA1 to digitally sign its requests and requires customers using the APIs to sign their requests to Gigya servers with the same algorithm. Alternatively, Gigya offers API access that is fully OAuth 2.0-compliant. Access to information via Gigya’s Administration Console is also protected through a two-factor authentication process and a powerful roles and permissions architecture, providing site administrators granular control over what individual Console users can see and use. Security In Motion Gigya uses a secure channel (TLS) when transferring sensitive data to and from its servers. In addition, REST API calls that perform critical operations, such as deleting users, are only permitted as server-to-server signed requests. Compliance Gigya maintains compliance with trusted organizations and social networks to ensure responsible data management. Regional Privacy Regulations Gigya offers multiple data centers (U.S., EU, AU and Russia), helping our multinational client base to meet in-region storage requirements. As a global company, Gigya is committed to safeguarding the privacy of its customers’ PII (Personally Identifiable Information) according to local and international privacy laws. Gigya tracks relevant privacy regulations and any changes to those regulations, evaluating and addressing any impact they may have on the Gigya platform or Gigya’s clients. PCI DSS Gigya does not collect, store, manage or transfer any credit card data on behalf of our customers, and is therefore not subject to the Payment Card Industry Data Security Standard.
5 COPPA Though responsibility for complying with the Children’s Online Privacy Protection Act (COPPA) falls to Gigya’s customers, Gigya helps facilitate COPPA compliance by enabling age-gating for site access and preventing the storage of PII for users under 13 via our Registration-as-a- Service product. In addition, Gigya customers do not need to be concerned about COPPA compliance as a result of loading Gigya’s JavaScript library, as Gigya never amasses user profiles across websites and only cookies users to the extent necessary for internal reporting and service support. Social Network Policies Gigya offers several tools to help our customers maintain social network policy compliance. These include: Automatic Account Deletion: If a user revokes data access permission from a site’s Facebook app, then all of his non-public profile information will be deleted from the site’s database. Automatic Account Updates: If a user logs into a site using Facebook and later updates his Facebook profile, his profile information will also be updated in the site’s database to ensure the data is always fresh and up-to-date. Security Tests and Audits In order to test the security of the Gigya solution on a regular basis, Gigya has implemented several methodologies and practices to tighten the security of its offerings: • Annual ISO27001 internal and external audits as part of the certification process. • An automated vulnerability scan is performed once a month using a PCI Approved Scanning Vendor. • Third-party security experts are contracted once a year to conduct extensive black-box penetration tests on Gigya’s infrastructure. • An international Bug Bounty program allows and encourages security researchers to test for and responsibly disclose potential vulnerabilities in the platform on an ongoing basis. • Gigya uses an onsite state-of-the-art Automatic Static Code Analysis software to check for security weaknesses and vulnerabilities in its code base. Penetration Tests Special focus is naturally directed toward extensive application level penetration tests. These are conducted once per-year by third-party security experts as white-box penetration tests on the Gigya platform, based on the widely accepted OWASP methodologies.
6 Testing of security elements (potential and actual security flaws) that may enable various attacks by external attackers or malicious system users include, at the minimum: • Unauthorized access to sensitive information tests • Unauthorized modification of information tests • Unauthorized deletion of information tests • Unauthorized handling of audit information tests • Performing of unauthorized operations or transactions • Illegal impersonation of different users or entities • Performing of unauthorized operations that will cause a Denial of Service (DoS) • Exploitation of existing security controls to perform fraudulent activity Gigya also welcomes its customers to perform their own penetration tests with prior coordination and scoping with us. Gigya will strive to fix any real security exposures found and properly disclosed to us in agreed upon time tables. Privacy Gigya operates according to strict privacy principles and is dedicated to building trust between our customers and their end users. We provide several tools to increase data collection transparency and inform users of how their data is being used. Permission-based Social Login When choosing to log into sites using their existing social profiles, users are shown a dialogue asking permission to access specific data points, such as their birthdays or locations, giving users total control over the information they share. User Data Controls When leveraging Gigya’s Registration-as-a-Service forms for user registration and login, sites can easily expose functionality to their end users, allowing them to 1) download the data the site is storing in order to edit or delete that data as needed, and 2) delete their site account if they so choose. Customizable UIs All self-service forms are 100% customizable, enabling clients to include privacy notices, terms & conditions, marketing opt-ins, account preference fields and other notices in the UI.
7 Administrator Roles & Permissions Gigya provides robust Roles and Permissions functionality that enables administrators to control the features and data that can be accessed by internal users. An administrator can create user groups and assign access on a very granular level, including by site/app ID, specific service and even API, ensuring end user PII is protected. Additional Security Practices and Controls Internal Access Control Gigya has implemented access control and authorization mechanisms that are enforced at all levels of the information systems (application source code, operating system, database and the network level). Gigya employees are granted specific permissions based on their roles according to the ‘least privilege’ principle. System Security Practices Gigya’s system security practices include: server and workstation OS hardening, patch management, auditing and event logging, and malware protection. Gigya also uses a provisioning system that automatically enforces the secure configuration and state of critical system settings and services. All management operations are executed over VPNs using Two-factor Authentication for admins. Network Security Practices Gigya’s network security practices include: opening minimum necessary ports, segregating networks (production, development, testing environments), out-of-band secure network device management interfaces and network device hardening. DDoS (Distributed Denial of Service) mitigation Gigya uses a state-of-the-art anti-DDoS solution on premise for its U.S. data center combined with a cloud based DDoS mitigation service provider in the unlikely case there is a need to handle an extreme volume of traffic. For its AWS data centers Gigya relies on Amazon’s ability to scale up in order to handle the increase in traffic. Change Management Gigya has a well-documented and organized change management approval and implementation process that is the key to an efficiently managed and secure service delivery. Vulnerability Management Since new security vulnerabilities are discovered on a daily basis, Gigya has adopted an information gathering process that includes the constant monitoring of relevant vendor security publications, security forums, communities and security alerts (e.g. US-CERT, BugTraq), issued by key industry players for newly published vulnerabilities.
8 Monitoring Gigya provides both automatic and manual monitoring 24x7x365. Gigya’s Network Operations Center team monitors every aspect of its services, down to the individual API level on every provider. Routine manual tests on key aspects of Gigya’s services occur every 15 minutes. Gigya sets predefined thresholds and events and adjusts capacity accordingly. This is relevant also in case a customer notifies Gigya in advance of certain upcoming events that require this customer to receive more resources for a specific point in time. Backup and Recovery Gigya employs a multi-layer data loss protection architecture with special emphasis on short MTTR (Mean Time to Recovery) in case of failure. All data is replicated in real time to standby servers in a secondary data center providing at least n+1 redundancy in two geographic regions. Critical data is also replicated on premise to provide n+2 redundancy and allow for immediate and transparent recovery, with no data loss, in case of hardware failure. In addition to these measures, disk snapshots and offline backups are also regularly taken. Gigya performs extensive restore tests twice per-year. Business Continuity Plan / Disaster Recovery Plan Gigya has a BCP with an RTO (Recovery Time Objective) of 15 minutes and RPO (Recovery Point Objective) of a few seconds, since data is replicated to standby systems in real time. Gigya performs extensive DRP tests twice per-year. Incident Management Gigya acknowledges that each security incident may require different treatment, depending on its nature, source, and potential impact. However, the general process of responding to a security incident will consist of the following steps: • Immediate Response • Information Gathering • Root Cause Analysis • Categorization • Establishing a Response Plan • Action (implementation steps) • Conclusion and Learning • Implementation of Corrective and Preventive Measures
© 2016 Gigya, Inc.  |  2513 Charleston Road #200, Mountain View, CA 94043  |  T : (650) 353.7230  |  www.gigya.com Gigya, the Gigya logo, and Customer Identity Management Platform are either registered trademarks or trademarks of Gigya Incorporated in the United States and/or other countries. All other trademarks are the property of their respective owners. Gigya does not own any end user data or maintain any other rights to this data, other than utilizing it to make Gigya’s services available to our clients and their end users. Gigya acts as an agent or back-end vendor of its client’s website or mobile application, to which the end user of our client granted permissions (if applicable). Gigya facilitates the collection, transfer and storage of end user data solely on behalf of its clients and at its clients’ direction. For more information, please see Gigya’s Privacy Policy, available at http://www.gigya.com/privacy-policy/. Gigya_White_Paper_Infomation_Security_and_Data_Privacy_Practices_201607 The Leader in Customer Identity Management About Gigya Gigya’s Customer Identity Management Platform helps companies build better customer relationships by turning unknown site visitors into known, loyal and engaged customers. With Gigya’s technology, businesses increase registrations and identify customers across devices, consolidate data into rich customer profiles, and provide better service, products and experiences by integrating data into marketing and service applications. Gigya’s platform was designed from the ground up for social identities, mobile devices, consumer privacy and modern marketing. Gigya provides developers with the APIs they need to easily build and maintain secure and scalable registration, authentication, profile management, data analytics and third-party integrations. More than 700 of the world’s leading businesses such as Fox, Forbes, and ASOS rely on Gigya to build identity-driven relationships and to provide scalable, secure Customer Identity Management. To learn how Gigya can help your business manage customer identities, visit gigya.com, or call us at 650.353.7230.

Recommandé

Managing Consumer Data Privacy
Managing Consumer Data PrivacyManaging Consumer Data Privacy
Managing Consumer Data PrivacyGigya
 
White Paper: Internal vs. External Identity Access Management
White Paper: Internal vs. External Identity Access Management White Paper: Internal vs. External Identity Access Management
White Paper: Internal vs. External Identity Access Management Gigya
 
BigID Data Sheet: Smart Data Labeling and Tagging
BigID Data Sheet: Smart Data Labeling and TaggingBigID Data Sheet: Smart Data Labeling and Tagging
BigID Data Sheet: Smart Data Labeling and TaggingBigID Inc
 
BigID Datasheet: CCPA Data Rights Automation
BigID Datasheet: CCPA Data Rights AutomationBigID Datasheet: CCPA Data Rights Automation
BigID Datasheet: CCPA Data Rights AutomationBigID Inc
 
Gigya's China Data Center - Data Sheet
Gigya's China Data Center - Data SheetGigya's China Data Center - Data Sheet
Gigya's China Data Center - Data SheetGigya
 
BigID Data sheet: Consent Governance & Orchestration
BigID Data sheet: Consent Governance & OrchestrationBigID Data sheet: Consent Governance & Orchestration
BigID Data sheet: Consent Governance & OrchestrationBigID Inc
 
BigID Data Sheet: LGPD Compliance Automated
BigID Data Sheet: LGPD Compliance AutomatedBigID Data Sheet: LGPD Compliance Automated
BigID Data Sheet: LGPD Compliance AutomatedBigID Inc
 
Internal vs. external identity access management
Internal vs. external identity access managementInternal vs. external identity access management
Internal vs. external identity access managementTatiana Grisham
 

Recommandé

Managing Consumer Data Privacy
Managing Consumer Data PrivacyManaging Consumer Data Privacy
Managing Consumer Data PrivacyGigya
 
White Paper: Internal vs. External Identity Access Management
White Paper: Internal vs. External Identity Access Management White Paper: Internal vs. External Identity Access Management
White Paper: Internal vs. External Identity Access Management Gigya
 
BigID Data Sheet: Smart Data Labeling and Tagging
BigID Data Sheet: Smart Data Labeling and TaggingBigID Data Sheet: Smart Data Labeling and Tagging
BigID Data Sheet: Smart Data Labeling and TaggingBigID Inc
 
BigID Datasheet: CCPA Data Rights Automation
BigID Datasheet: CCPA Data Rights AutomationBigID Datasheet: CCPA Data Rights Automation
BigID Datasheet: CCPA Data Rights AutomationBigID Inc
 
Gigya's China Data Center - Data Sheet
Gigya's China Data Center - Data SheetGigya's China Data Center - Data Sheet
Gigya's China Data Center - Data SheetGigya
 
BigID Data sheet: Consent Governance & Orchestration
BigID Data sheet: Consent Governance & OrchestrationBigID Data sheet: Consent Governance & Orchestration
BigID Data sheet: Consent Governance & OrchestrationBigID Inc
 
BigID Data Sheet: LGPD Compliance Automated
BigID Data Sheet: LGPD Compliance AutomatedBigID Data Sheet: LGPD Compliance Automated
BigID Data Sheet: LGPD Compliance AutomatedBigID Inc
 
Internal vs. external identity access management
Internal vs. external identity access managementInternal vs. external identity access management
Internal vs. external identity access managementTatiana Grisham
 
Security, GDRP, and IT outsourcing: How to get it right
Security, GDRP, and IT outsourcing: How to get it rightSecurity, GDRP, and IT outsourcing: How to get it right
Security, GDRP, and IT outsourcing: How to get it rightN-iX
 
TrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc Webinar-Advertising, Privacy, and Data Management Working TogetherTrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc Webinar-Advertising, Privacy, and Data Management Working TogetherTrustArc
 
BigID & Collibra Joint Deck: Using BigID’s Privacy-centric Data Discovery to...
BigID & Collibra Joint Deck: Using BigID’s Privacy-centric Data Discovery to...BigID & Collibra Joint Deck: Using BigID’s Privacy-centric Data Discovery to...
BigID & Collibra Joint Deck: Using BigID’s Privacy-centric Data Discovery to...BigID Inc
 
TBEX 2018 - Digital Security and GDPR Considerations for the Travel and Hospi...
TBEX 2018 - Digital Security and GDPR Considerations for the Travel and Hospi...TBEX 2018 - Digital Security and GDPR Considerations for the Travel and Hospi...
TBEX 2018 - Digital Security and GDPR Considerations for the Travel and Hospi...Omo Osagiede
 
BigId GDPRcompliance
BigId GDPRcomplianceBigId GDPRcompliance
BigId GDPRcomplianceFatime Traoré
 
2019 08-21 Automating Privacy Management
2019 08-21 Automating Privacy Management2019 08-21 Automating Privacy Management
2019 08-21 Automating Privacy ManagementTrustArc
 
The Road to Intelligent Authentication Journeys
The Road to Intelligent Authentication JourneysThe Road to Intelligent Authentication Journeys
The Road to Intelligent Authentication JourneysForgeRock
 
Inside Security - Strong Authentication with Smartphones
Inside Security - Strong Authentication with SmartphonesInside Security - Strong Authentication with Smartphones
Inside Security - Strong Authentication with SmartphonesUbisecure
 
Applying Innovative Tools for GDPR Success
Applying Innovative Tools for GDPR SuccessApplying Innovative Tools for GDPR Success
Applying Innovative Tools for GDPR SuccessForgeRock
 
Russian Data Center
Russian Data CenterRussian Data Center
Russian Data CenterGigya
 
How GDPR and Compliance Norms Stabilize Kentico 12
How GDPR and Compliance Norms Stabilize Kentico 12How GDPR and Compliance Norms Stabilize Kentico 12
How GDPR and Compliance Norms Stabilize Kentico 12Ray Business Technologies
 
OneTrust Sponsored Coffee Break
OneTrust Sponsored Coffee BreakOneTrust Sponsored Coffee Break
OneTrust Sponsored Coffee BreakMediaPost
 
The Value of User and Data Centricity Beyond IoT Devices: Stein Myrseth and G...
The Value of User and Data Centricity Beyond IoT Devices: Stein Myrseth and G...The Value of User and Data Centricity Beyond IoT Devices: Stein Myrseth and G...
The Value of User and Data Centricity Beyond IoT Devices: Stein Myrseth and G...ForgeRock
 
General Data Protection Regulation & Customer IAM
General Data Protection Regulation & Customer IAMGeneral Data Protection Regulation & Customer IAM
General Data Protection Regulation & Customer IAMUbisecure
 
2019 10-23 ccpa survival guide
2019 10-23 ccpa survival guide2019 10-23 ccpa survival guide
2019 10-23 ccpa survival guideTrustArc
 
BigID Enterprise Privacy Management Data Sheet
BigID Enterprise Privacy Management Data SheetBigID Enterprise Privacy Management Data Sheet
BigID Enterprise Privacy Management Data SheetDimitri Sirota
 
Gary B. Rodrigue - What is Blockchain? IBM Food Trust Overview
Gary B. Rodrigue - What is Blockchain? IBM Food Trust OverviewGary B. Rodrigue - What is Blockchain? IBM Food Trust Overview
Gary B. Rodrigue - What is Blockchain? IBM Food Trust OverviewJohn Blue
 
How GDPR Guidelines Regulate Marketing Automation and Customer Engagement
How GDPR Guidelines Regulate Marketing Automation and Customer EngagementHow GDPR Guidelines Regulate Marketing Automation and Customer Engagement
How GDPR Guidelines Regulate Marketing Automation and Customer EngagementRay Business Technologies
 
Extending the Power of Consent with User-Managed Access & OpenUMA
Extending the Power of Consent with User-Managed Access & OpenUMAExtending the Power of Consent with User-Managed Access & OpenUMA
Extending the Power of Consent with User-Managed Access & OpenUMAkantarainitiative
 
Making blockchain ready for business
Making blockchain ready for businessMaking blockchain ready for business
Making blockchain ready for businessCoenraad Smith
 
Data Works Berlin 2018 - Worldpay - PCI Compliance
Data Works Berlin 2018 - Worldpay - PCI ComplianceData Works Berlin 2018 - Worldpay - PCI Compliance
Data Works Berlin 2018 - Worldpay - PCI ComplianceDavid Walker
 
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...DataWorks Summit
 

Contenu connexe

Tendances

Security, GDRP, and IT outsourcing: How to get it right
Security, GDRP, and IT outsourcing: How to get it rightSecurity, GDRP, and IT outsourcing: How to get it right
Security, GDRP, and IT outsourcing: How to get it rightN-iX
 
TrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc Webinar-Advertising, Privacy, and Data Management Working TogetherTrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc Webinar-Advertising, Privacy, and Data Management Working TogetherTrustArc
 
BigID & Collibra Joint Deck: Using BigID’s Privacy-centric Data Discovery to...
BigID & Collibra Joint Deck: Using BigID’s Privacy-centric Data Discovery to...BigID & Collibra Joint Deck: Using BigID’s Privacy-centric Data Discovery to...
BigID & Collibra Joint Deck: Using BigID’s Privacy-centric Data Discovery to...BigID Inc
 
TBEX 2018 - Digital Security and GDPR Considerations for the Travel and Hospi...
TBEX 2018 - Digital Security and GDPR Considerations for the Travel and Hospi...TBEX 2018 - Digital Security and GDPR Considerations for the Travel and Hospi...
TBEX 2018 - Digital Security and GDPR Considerations for the Travel and Hospi...Omo Osagiede
 
2019 08-21 Automating Privacy Management
2019 08-21 Automating Privacy Management2019 08-21 Automating Privacy Management
2019 08-21 Automating Privacy ManagementTrustArc
 
The Road to Intelligent Authentication Journeys
The Road to Intelligent Authentication JourneysThe Road to Intelligent Authentication Journeys
The Road to Intelligent Authentication JourneysForgeRock
 
Inside Security - Strong Authentication with Smartphones
Inside Security - Strong Authentication with SmartphonesInside Security - Strong Authentication with Smartphones
Inside Security - Strong Authentication with SmartphonesUbisecure
 
Applying Innovative Tools for GDPR Success
Applying Innovative Tools for GDPR SuccessApplying Innovative Tools for GDPR Success
Applying Innovative Tools for GDPR SuccessForgeRock
 
Russian Data Center
Russian Data CenterRussian Data Center
Russian Data CenterGigya
 
How GDPR and Compliance Norms Stabilize Kentico 12
How GDPR and Compliance Norms Stabilize Kentico 12How GDPR and Compliance Norms Stabilize Kentico 12
How GDPR and Compliance Norms Stabilize Kentico 12Ray Business Technologies
 
OneTrust Sponsored Coffee Break
OneTrust Sponsored Coffee BreakOneTrust Sponsored Coffee Break
OneTrust Sponsored Coffee BreakMediaPost
 
The Value of User and Data Centricity Beyond IoT Devices: Stein Myrseth and G...
The Value of User and Data Centricity Beyond IoT Devices: Stein Myrseth and G...The Value of User and Data Centricity Beyond IoT Devices: Stein Myrseth and G...
The Value of User and Data Centricity Beyond IoT Devices: Stein Myrseth and G...ForgeRock
 
General Data Protection Regulation & Customer IAM
General Data Protection Regulation & Customer IAMGeneral Data Protection Regulation & Customer IAM
General Data Protection Regulation & Customer IAMUbisecure
 
2019 10-23 ccpa survival guide
2019 10-23 ccpa survival guide2019 10-23 ccpa survival guide
2019 10-23 ccpa survival guideTrustArc
 
BigID Enterprise Privacy Management Data Sheet
BigID Enterprise Privacy Management Data SheetBigID Enterprise Privacy Management Data Sheet
BigID Enterprise Privacy Management Data SheetDimitri Sirota
 
Gary B. Rodrigue - What is Blockchain? IBM Food Trust Overview
Gary B. Rodrigue - What is Blockchain? IBM Food Trust OverviewGary B. Rodrigue - What is Blockchain? IBM Food Trust Overview
Gary B. Rodrigue - What is Blockchain? IBM Food Trust OverviewJohn Blue
 
How GDPR Guidelines Regulate Marketing Automation and Customer Engagement
How GDPR Guidelines Regulate Marketing Automation and Customer EngagementHow GDPR Guidelines Regulate Marketing Automation and Customer Engagement
How GDPR Guidelines Regulate Marketing Automation and Customer EngagementRay Business Technologies
 
Extending the Power of Consent with User-Managed Access & OpenUMA
Extending the Power of Consent with User-Managed Access & OpenUMAExtending the Power of Consent with User-Managed Access & OpenUMA
Extending the Power of Consent with User-Managed Access & OpenUMAkantarainitiative
 
Making blockchain ready for business
Making blockchain ready for businessMaking blockchain ready for business
Making blockchain ready for businessCoenraad Smith
 

Tendances (20)

Security, GDRP, and IT outsourcing: How to get it right
Security, GDRP, and IT outsourcing: How to get it rightSecurity, GDRP, and IT outsourcing: How to get it right
Security, GDRP, and IT outsourcing: How to get it right
 
TrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc Webinar-Advertising, Privacy, and Data Management Working TogetherTrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc Webinar-Advertising, Privacy, and Data Management Working Together
 
BigID & Collibra Joint Deck: Using BigID’s Privacy-centric Data Discovery to...
BigID & Collibra Joint Deck: Using BigID’s Privacy-centric Data Discovery to...BigID & Collibra Joint Deck: Using BigID’s Privacy-centric Data Discovery to...
BigID & Collibra Joint Deck: Using BigID’s Privacy-centric Data Discovery to...
 
TBEX 2018 - Digital Security and GDPR Considerations for the Travel and Hospi...
TBEX 2018 - Digital Security and GDPR Considerations for the Travel and Hospi...TBEX 2018 - Digital Security and GDPR Considerations for the Travel and Hospi...
TBEX 2018 - Digital Security and GDPR Considerations for the Travel and Hospi...
 
BigId GDPRcompliance
BigId GDPRcomplianceBigId GDPRcompliance
BigId GDPRcompliance
 
2019 08-21 Automating Privacy Management
2019 08-21 Automating Privacy Management2019 08-21 Automating Privacy Management
2019 08-21 Automating Privacy Management
 
The Road to Intelligent Authentication Journeys
The Road to Intelligent Authentication JourneysThe Road to Intelligent Authentication Journeys
The Road to Intelligent Authentication Journeys
 
Inside Security - Strong Authentication with Smartphones
Inside Security - Strong Authentication with SmartphonesInside Security - Strong Authentication with Smartphones
Inside Security - Strong Authentication with Smartphones
 
Applying Innovative Tools for GDPR Success
Applying Innovative Tools for GDPR SuccessApplying Innovative Tools for GDPR Success
Applying Innovative Tools for GDPR Success
 
Russian Data Center
Russian Data CenterRussian Data Center
Russian Data Center
 
How GDPR and Compliance Norms Stabilize Kentico 12
How GDPR and Compliance Norms Stabilize Kentico 12How GDPR and Compliance Norms Stabilize Kentico 12
How GDPR and Compliance Norms Stabilize Kentico 12
 
OneTrust Sponsored Coffee Break
OneTrust Sponsored Coffee BreakOneTrust Sponsored Coffee Break
OneTrust Sponsored Coffee Break
 
The Value of User and Data Centricity Beyond IoT Devices: Stein Myrseth and G...
The Value of User and Data Centricity Beyond IoT Devices: Stein Myrseth and G...The Value of User and Data Centricity Beyond IoT Devices: Stein Myrseth and G...
The Value of User and Data Centricity Beyond IoT Devices: Stein Myrseth and G...
 
General Data Protection Regulation & Customer IAM
General Data Protection Regulation & Customer IAMGeneral Data Protection Regulation & Customer IAM
General Data Protection Regulation & Customer IAM
 
2019 10-23 ccpa survival guide
2019 10-23 ccpa survival guide2019 10-23 ccpa survival guide
2019 10-23 ccpa survival guide
 
BigID Enterprise Privacy Management Data Sheet
BigID Enterprise Privacy Management Data SheetBigID Enterprise Privacy Management Data Sheet
BigID Enterprise Privacy Management Data Sheet
 
Gary B. Rodrigue - What is Blockchain? IBM Food Trust Overview
Gary B. Rodrigue - What is Blockchain? IBM Food Trust OverviewGary B. Rodrigue - What is Blockchain? IBM Food Trust Overview
Gary B. Rodrigue - What is Blockchain? IBM Food Trust Overview
 
How GDPR Guidelines Regulate Marketing Automation and Customer Engagement
How GDPR Guidelines Regulate Marketing Automation and Customer EngagementHow GDPR Guidelines Regulate Marketing Automation and Customer Engagement
How GDPR Guidelines Regulate Marketing Automation and Customer Engagement
 
Extending the Power of Consent with User-Managed Access & OpenUMA
Extending the Power of Consent with User-Managed Access & OpenUMAExtending the Power of Consent with User-Managed Access & OpenUMA
Extending the Power of Consent with User-Managed Access & OpenUMA
 
Making blockchain ready for business
Making blockchain ready for businessMaking blockchain ready for business
Making blockchain ready for business
 

Similaire à Information Security and Data Privacy Practices

Data Works Berlin 2018 - Worldpay - PCI Compliance
Data Works Berlin 2018 - Worldpay - PCI ComplianceData Works Berlin 2018 - Worldpay - PCI Compliance
Data Works Berlin 2018 - Worldpay - PCI ComplianceDavid Walker
 
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...DataWorks Summit
 
Pega_0625_Pega_Cloud_Security_Reliability_19
Pega_0625_Pega_Cloud_Security_Reliability_19Pega_0625_Pega_Cloud_Security_Reliability_19
Pega_0625_Pega_Cloud_Security_Reliability_19Douglas Kim
 
Data Sheet: Gigya for the IT Buyer
Data Sheet: Gigya for the IT BuyerData Sheet: Gigya for the IT Buyer
Data Sheet: Gigya for the IT BuyerGigya
 
File Sharing Use Cases in Financial Services
File Sharing Use Cases in Financial ServicesFile Sharing Use Cases in Financial Services
File Sharing Use Cases in Financial ServicesBlackBerry
 
Hadoop and Financial Services
Hadoop and Financial ServicesHadoop and Financial Services
Hadoop and Financial ServicesCloudera, Inc.
 
Compliance in the Cloud
Compliance in the CloudCompliance in the Cloud
Compliance in the CloudRapidScale
 
Breaking the Ice: How Broadridge is Helping Customers Transform Cold Archiva...
Breaking the Ice: How Broadridge is Helping Customers Transform Cold Archiva... Breaking the Ice: How Broadridge is Helping Customers Transform Cold Archiva...
Breaking the Ice: How Broadridge is Helping Customers Transform Cold Archiva...Amazon Web Services
 
Case Study: Multi-Billion Dollar Enterprise - Managing Millions of Identities...
Case Study: Multi-Billion Dollar Enterprise - Managing Millions of Identities...Case Study: Multi-Billion Dollar Enterprise - Managing Millions of Identities...
Case Study: Multi-Billion Dollar Enterprise - Managing Millions of Identities...Gigya
 
Optimizing Identity Governance using Perseus IAM
Optimizing Identity Governance using Perseus IAMOptimizing Identity Governance using Perseus IAM
Optimizing Identity Governance using Perseus IAMAldo Pietropaolo
 
GDPR Part 5: Better Together Quest & Cyberquest
GDPR Part 5: Better Together Quest & CyberquestGDPR Part 5: Better Together Quest & Cyberquest
GDPR Part 5: Better Together Quest & CyberquestAdrian Dumitrescu
 
#GDPR Compliance - Data Minimization via ArchivePod
#GDPR Compliance - Data Minimization via ArchivePod#GDPR Compliance - Data Minimization via ArchivePod
#GDPR Compliance - Data Minimization via ArchivePodGaret Keller
 
White Paper - Connect, Collect, Convert
White Paper - Connect, Collect, ConvertWhite Paper - Connect, Collect, Convert
White Paper - Connect, Collect, ConvertIan Gilbert
 
Paradigmo specialised in Identity & Access Management
Paradigmo specialised in Identity & Access ManagementParadigmo specialised in Identity & Access Management
Paradigmo specialised in Identity & Access ManagementJulie Beuselinck
 
Secure Your Web Applications and Achieve Compliance
Secure Your Web Applications and Achieve Compliance Secure Your Web Applications and Achieve Compliance
Secure Your Web Applications and Achieve Compliance Avi Networks
 
Facility Environmental Audit Guidelines
Facility Environmental Audit GuidelinesFacility Environmental Audit Guidelines
Facility Environmental Audit Guidelinesamburyj3c9
 
Shield db data security
Shield db data securityShield db data security
Shield db data securityMousumi Manna
 
Shield db data security
Shield db data securityShield db data security
Shield db data securityMousumi Manna
 

Similaire à Information Security and Data Privacy Practices (20)

Data Works Berlin 2018 - Worldpay - PCI Compliance
Data Works Berlin 2018 - Worldpay - PCI ComplianceData Works Berlin 2018 - Worldpay - PCI Compliance
Data Works Berlin 2018 - Worldpay - PCI Compliance
 
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
 
Pega_0625_Pega_Cloud_Security_Reliability_19
Pega_0625_Pega_Cloud_Security_Reliability_19Pega_0625_Pega_Cloud_Security_Reliability_19
Pega_0625_Pega_Cloud_Security_Reliability_19
 
Data Sheet: Gigya for the IT Buyer
Data Sheet: Gigya for the IT BuyerData Sheet: Gigya for the IT Buyer
Data Sheet: Gigya for the IT Buyer
 
AL_PCI-Cheatsheet_web
AL_PCI-Cheatsheet_webAL_PCI-Cheatsheet_web
AL_PCI-Cheatsheet_web
 
File Sharing Use Cases in Financial Services
File Sharing Use Cases in Financial ServicesFile Sharing Use Cases in Financial Services
File Sharing Use Cases in Financial Services
 
Hadoop and Financial Services
Hadoop and Financial ServicesHadoop and Financial Services
Hadoop and Financial Services
 
Compliance in the Cloud
Compliance in the CloudCompliance in the Cloud
Compliance in the Cloud
 
Breaking the Ice: How Broadridge is Helping Customers Transform Cold Archiva...
Breaking the Ice: How Broadridge is Helping Customers Transform Cold Archiva... Breaking the Ice: How Broadridge is Helping Customers Transform Cold Archiva...
Breaking the Ice: How Broadridge is Helping Customers Transform Cold Archiva...
 
Key Capibilities.pptx
Key Capibilities.pptxKey Capibilities.pptx
Key Capibilities.pptx
 
Case Study: Multi-Billion Dollar Enterprise - Managing Millions of Identities...
Case Study: Multi-Billion Dollar Enterprise - Managing Millions of Identities...Case Study: Multi-Billion Dollar Enterprise - Managing Millions of Identities...
Case Study: Multi-Billion Dollar Enterprise - Managing Millions of Identities...
 
Optimizing Identity Governance using Perseus IAM
Optimizing Identity Governance using Perseus IAMOptimizing Identity Governance using Perseus IAM
Optimizing Identity Governance using Perseus IAM
 
GDPR Part 5: Better Together Quest & Cyberquest
GDPR Part 5: Better Together Quest & CyberquestGDPR Part 5: Better Together Quest & Cyberquest
GDPR Part 5: Better Together Quest & Cyberquest
 
#GDPR Compliance - Data Minimization via ArchivePod
#GDPR Compliance - Data Minimization via ArchivePod#GDPR Compliance - Data Minimization via ArchivePod
#GDPR Compliance - Data Minimization via ArchivePod
 
White Paper - Connect, Collect, Convert
White Paper - Connect, Collect, ConvertWhite Paper - Connect, Collect, Convert
White Paper - Connect, Collect, Convert
 
Paradigmo specialised in Identity & Access Management
Paradigmo specialised in Identity & Access ManagementParadigmo specialised in Identity & Access Management
Paradigmo specialised in Identity & Access Management
 
Secure Your Web Applications and Achieve Compliance
Secure Your Web Applications and Achieve Compliance Secure Your Web Applications and Achieve Compliance
Secure Your Web Applications and Achieve Compliance
 
Facility Environmental Audit Guidelines
Facility Environmental Audit GuidelinesFacility Environmental Audit Guidelines
Facility Environmental Audit Guidelines
 
Shield db data security
Shield db data securityShield db data security
Shield db data security
 
Shield db data security
Shield db data securityShield db data security
Shield db data security
 

Plus de Gigya

Case Study: DC Thomson Media Creates a Single Customer View Across Multiple D...
Case Study: DC Thomson Media Creates a Single Customer View Across Multiple D...Case Study: DC Thomson Media Creates a Single Customer View Across Multiple D...
Case Study: DC Thomson Media Creates a Single Customer View Across Multiple D...Gigya
 
Case Study: STV Boosts Viewer Engagement and Campaign Yields with Gigya
Case Study: STV Boosts Viewer Engagement and Campaign Yields with GigyaCase Study: STV Boosts Viewer Engagement and Campaign Yields with Gigya
Case Study: STV Boosts Viewer Engagement and Campaign Yields with GigyaGigya
 
White Paper: Gigya's Information Security and Data Privacy Practices
White Paper: Gigya's Information Security and Data Privacy PracticesWhite Paper: Gigya's Information Security and Data Privacy Practices
White Paper: Gigya's Information Security and Data Privacy PracticesGigya
 
Gigya und die Erfüllung globaler behördlicher Auflagen (Global Regulatory Com...
Gigya und die Erfüllung globaler behördlicher Auflagen (Global Regulatory Com...Gigya und die Erfüllung globaler behördlicher Auflagen (Global Regulatory Com...
Gigya und die Erfüllung globaler behördlicher Auflagen (Global Regulatory Com...Gigya
 
The Chutes and Ladders of Customer Identity
The Chutes and Ladders of Customer IdentityThe Chutes and Ladders of Customer Identity
The Chutes and Ladders of Customer IdentityGigya
 
White Paper: DIY vs CIAM
White Paper: DIY vs CIAMWhite Paper: DIY vs CIAM
White Paper: DIY vs CIAMGigya
 
Data Sheet: Gigya and Global Regulatory Compliance
Data Sheet: Gigya and Global Regulatory ComplianceData Sheet: Gigya and Global Regulatory Compliance
Data Sheet: Gigya and Global Regulatory ComplianceGigya
 
White Paper: 2017 Predictions - French
White Paper: 2017 Predictions - FrenchWhite Paper: 2017 Predictions - French
White Paper: 2017 Predictions - FrenchGigya
 
White Paper: 2017 Predictions - German
White Paper: 2017 Predictions - GermanWhite Paper: 2017 Predictions - German
White Paper: 2017 Predictions - GermanGigya
 
Case study - American Kennel Club
Case study - American Kennel ClubCase study - American Kennel Club
Case study - American Kennel ClubGigya
 
Data Sheet: Corporate Overview
Data Sheet: Corporate OverviewData Sheet: Corporate Overview
Data Sheet: Corporate OverviewGigya
 
Gigya Infographic - Death Of A Password
Gigya Infographic - Death Of A PasswordGigya Infographic - Death Of A Password
Gigya Infographic - Death Of A PasswordGigya
 
GDPR Implications Customer Identity Management - German
GDPR Implications Customer Identity Management - GermanGDPR Implications Customer Identity Management - German
GDPR Implications Customer Identity Management - GermanGigya
 
White Paper: Managing consumer data privacy with Gigya (German)
White Paper: Managing consumer data privacy with Gigya (German)White Paper: Managing consumer data privacy with Gigya (German)
White Paper: Managing consumer data privacy with Gigya (German)Gigya
 
White Paper: Managing consumer data privacy with Gigya (French)
White Paper: Managing consumer data privacy with Gigya (French)White Paper: Managing consumer data privacy with Gigya (French)
White Paper: Managing consumer data privacy with Gigya (French)Gigya
 
Case Study: International CPG Company
Case Study: International CPG CompanyCase Study: International CPG Company
Case Study: International CPG CompanyGigya
 
Case Study: Travel and Hospitality Company
Case Study: Travel and Hospitality CompanyCase Study: Travel and Hospitality Company
Case Study: Travel and Hospitality CompanyGigya
 
Case Study: Enterprise Media Company
Case Study: Enterprise Media CompanyCase Study: Enterprise Media Company
Case Study: Enterprise Media CompanyGigya
 
Case Study: Large Enterprise eCommerce Company
Case Study: Large Enterprise eCommerce CompanyCase Study: Large Enterprise eCommerce Company
Case Study: Large Enterprise eCommerce CompanyGigya
 
Gigya Corporate Overview - French Edition
Gigya Corporate Overview - French EditionGigya Corporate Overview - French Edition
Gigya Corporate Overview - French EditionGigya
 

Plus de Gigya (20)

Case Study: DC Thomson Media Creates a Single Customer View Across Multiple D...
Case Study: DC Thomson Media Creates a Single Customer View Across Multiple D...Case Study: DC Thomson Media Creates a Single Customer View Across Multiple D...
Case Study: DC Thomson Media Creates a Single Customer View Across Multiple D...
 
Case Study: STV Boosts Viewer Engagement and Campaign Yields with Gigya
Case Study: STV Boosts Viewer Engagement and Campaign Yields with GigyaCase Study: STV Boosts Viewer Engagement and Campaign Yields with Gigya
Case Study: STV Boosts Viewer Engagement and Campaign Yields with Gigya
 
White Paper: Gigya's Information Security and Data Privacy Practices
White Paper: Gigya's Information Security and Data Privacy PracticesWhite Paper: Gigya's Information Security and Data Privacy Practices
White Paper: Gigya's Information Security and Data Privacy Practices
 
Gigya und die Erfüllung globaler behördlicher Auflagen (Global Regulatory Com...
Gigya und die Erfüllung globaler behördlicher Auflagen (Global Regulatory Com...Gigya und die Erfüllung globaler behördlicher Auflagen (Global Regulatory Com...
Gigya und die Erfüllung globaler behördlicher Auflagen (Global Regulatory Com...
 
The Chutes and Ladders of Customer Identity
The Chutes and Ladders of Customer IdentityThe Chutes and Ladders of Customer Identity
The Chutes and Ladders of Customer Identity
 
White Paper: DIY vs CIAM
White Paper: DIY vs CIAMWhite Paper: DIY vs CIAM
White Paper: DIY vs CIAM
 
Data Sheet: Gigya and Global Regulatory Compliance
Data Sheet: Gigya and Global Regulatory ComplianceData Sheet: Gigya and Global Regulatory Compliance
Data Sheet: Gigya and Global Regulatory Compliance
 
White Paper: 2017 Predictions - French
White Paper: 2017 Predictions - FrenchWhite Paper: 2017 Predictions - French
White Paper: 2017 Predictions - French
 
White Paper: 2017 Predictions - German
White Paper: 2017 Predictions - GermanWhite Paper: 2017 Predictions - German
White Paper: 2017 Predictions - German
 
Case study - American Kennel Club
Case study - American Kennel ClubCase study - American Kennel Club
Case study - American Kennel Club
 
Data Sheet: Corporate Overview
Data Sheet: Corporate OverviewData Sheet: Corporate Overview
Data Sheet: Corporate Overview
 
Gigya Infographic - Death Of A Password
Gigya Infographic - Death Of A PasswordGigya Infographic - Death Of A Password
Gigya Infographic - Death Of A Password
 
GDPR Implications Customer Identity Management - German
GDPR Implications Customer Identity Management - GermanGDPR Implications Customer Identity Management - German
GDPR Implications Customer Identity Management - German
 
White Paper: Managing consumer data privacy with Gigya (German)
White Paper: Managing consumer data privacy with Gigya (German)White Paper: Managing consumer data privacy with Gigya (German)
White Paper: Managing consumer data privacy with Gigya (German)
 
White Paper: Managing consumer data privacy with Gigya (French)
White Paper: Managing consumer data privacy with Gigya (French)White Paper: Managing consumer data privacy with Gigya (French)
White Paper: Managing consumer data privacy with Gigya (French)
 
Case Study: International CPG Company
Case Study: International CPG CompanyCase Study: International CPG Company
Case Study: International CPG Company
 
Case Study: Travel and Hospitality Company
Case Study: Travel and Hospitality CompanyCase Study: Travel and Hospitality Company
Case Study: Travel and Hospitality Company
 
Case Study: Enterprise Media Company
Case Study: Enterprise Media CompanyCase Study: Enterprise Media Company
Case Study: Enterprise Media Company
 
Case Study: Large Enterprise eCommerce Company
Case Study: Large Enterprise eCommerce CompanyCase Study: Large Enterprise eCommerce Company
Case Study: Large Enterprise eCommerce Company
 
Gigya Corporate Overview - French Edition
Gigya Corporate Overview - French EditionGigya Corporate Overview - French Edition
Gigya Corporate Overview - French Edition
 

Dernier

Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on IdentityPost Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identityteam-WIBU
 
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxUI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxAndreas Kunz
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Cizo Technology Services
 
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...OnePlan Solutions
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesŁukasz Chruściel
 
Xen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfXen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfStefano Stabellini
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesPhilip Schwarz
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtimeandrehoraa
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)jennyeacort
 
Sending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdfSending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdf31events.com
 
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...Akihiro Suda
 
Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsPowering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsSafe Software
 
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Developmentvyaparkranti
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaHanief Utama
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作qr0udbr0
 
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsSensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsChristian Birchler
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odishasmiwainfosol
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmSujith Sukumaran
 

Dernier (20)

Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on IdentityPost Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identity
 
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxUI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
 
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New Features
 
Xen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfXen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdf
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a series
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtime
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
 
Sending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdfSending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdf
 
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort ServiceHot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
 
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
 
Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsPowering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data Streams
 
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Development
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief Utama
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作
 
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsSensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalm
 

Information Security and Data Privacy Practices

  • 1. Information Security and Data Privacy Practices
  • 2. 2 Information Security and Data Privacy Practices Introduction As a leading SaaS Customer Identity & Access Management provider for enterprises, Gigya is committed to maintaining only the highest level of performance and security. Our platform is optimized to deliver maximum efficiency and scalability while protecting your data with a series of strict security and compliance standards. This executive summary provides an overview of Gigya’s standards for the following four categories: • Infrastructure: Our state-of-the-art data centers provide optimized performance and scalability. • Data Security: ISO 27001 certification and multiple levels of security protect your data with both physical and virtual safeguards. • Compliance: Regional privacy compliance and built in social network terms of service functionality ensure responsible data management. • Privacy Policies: Increased transparency of data practices fosters consumer trust and relationships. Infrastructure Gigya’s robust infrastructure guarantees unprecedented performance and scalability with continuous data backup and constant protection. State-of-the-Art Hosting and Physical Security Gigya owns and operates its main U.S. server farm, hosted by one of the top data center providers in the world, Equinix. The Equinix data center is SSAE16-certified and is fully equipped with generator-backed UPS and redundant HVAC systems, as well as fire suppression, flood control and seismic bracing solutions to protect your data in the event of a power outage or natural disaster. The data center also enforces high security protocol, including 24x7 armed guards, multiple biometric checkpoints and full CCTV surveillance. For more information about Equinix security and infrastructure, please visit: http://www.equinix.com/platform-equinix/platform-advantages/ibx-data-centers/ In 2016, Gigya opened another primary data center within the Russian Federation. With hardware wholly owned and operated by Gigya, this facility enables our clients with Russian customers to comply with that government’s data residency requirements while ensuring that attributes stored in Russia remain discrete from all other international data.
  • 3. 3 Gigya also hosts multiple AWS (Amazon Web Services) virtual data centers in Ireland for European companies that prefer to store their data within the EU, and virtual data centers in Sydney, Australia are available for the APAC market. A full disaster recovery environment for the U.S. server farm is also maintained. For more information about AWS security and infrastructure, please visit: https://d0.awsstatic.com/whitepapers/aws-security-whitepaper.pdf Redundancy Gigya supports full disaster recovery in the rare case of a data center outage. This includes real-time data replication to a separate physical location and transfer of critical data on-premise to provide continuous service and transparent recovery, with no data loss, in the case of hardware failure. In the U.S., data centers are located in disparate geographical locations. The DR site has the same components and functionality of the production site and is updated upon any change in production. In order to verify the DR functionality and readiness, Gigya runs automated hourly sanity checks on the DR site. In the EU and AU, Gigya utilizes AWS with two different availability zones for all offered services, where both availability zones are active and serving customers. In Russia, Gigya utilizes two Selectel data centers located in disparate geographical locations, both are active and serving customers. Performance Gigya’s platform was designed to scale horizontally on commodity hardware. Servers never exceed 20% utilization under normal circumstances, providing 5x capacity reserves in order to accommodate unforeseen spikes in traffic. Our performance is proven both by our regular handling of large bursts of traffic during some clients’ live and breaking news events and by the many enterprise companies leveraging our platform to manage more than half a billion user identities. Data Security Gigya is ISO 27001-certified and is registered with IQNet. Gigya invests considerable resources to ensure that the assets our customers entrust to us are safeguarded at all times by employing industry best practices and consistently keeping our information security management system and security practices up-to-date with the latest and most stringent policies and regulations. Gigya has published a very detailed Self-Assessment Report to the Cloud Security Alliance STAR program in order to allow our customers to review our compliance with current security and privacy best practices.
  • 4. 4 Application Development Security Security considerations play an integral role in every step of the product development process. During product specification, technical design, development and testing, security measures are continually tested, optimized and implemented. Gigya uses the OWASP top 10 list as a high-level security guideline during development. OWASP guidelines can be found here: https://www.owasp.org/index.php/Main_Page Security At Rest By default, Gigya encrypts all PII and other sensitive data at rest using the AES-256 algorithm, and hashes passwords with the NIST-approved PBKDF2 algorithm. In addition, to further protect access to the data, Gigya uses HMAC-SHA1 to digitally sign its requests and requires customers using the APIs to sign their requests to Gigya servers with the same algorithm. Alternatively, Gigya offers API access that is fully OAuth 2.0-compliant. Access to information via Gigya’s Administration Console is also protected through a two-factor authentication process and a powerful roles and permissions architecture, providing site administrators granular control over what individual Console users can see and use. Security In Motion Gigya uses a secure channel (TLS) when transferring sensitive data to and from its servers. In addition, REST API calls that perform critical operations, such as deleting users, are only permitted as server-to-server signed requests. Compliance Gigya maintains compliance with trusted organizations and social networks to ensure responsible data management. Regional Privacy Regulations Gigya offers multiple data centers (U.S., EU, AU and Russia), helping our multinational client base to meet in-region storage requirements. As a global company, Gigya is committed to safeguarding the privacy of its customers’ PII (Personally Identifiable Information) according to local and international privacy laws. Gigya tracks relevant privacy regulations and any changes to those regulations, evaluating and addressing any impact they may have on the Gigya platform or Gigya’s clients. PCI DSS Gigya does not collect, store, manage or transfer any credit card data on behalf of our customers, and is therefore not subject to the Payment Card Industry Data Security Standard.
  • 5. 5 COPPA Though responsibility for complying with the Children’s Online Privacy Protection Act (COPPA) falls to Gigya’s customers, Gigya helps facilitate COPPA compliance by enabling age-gating for site access and preventing the storage of PII for users under 13 via our Registration-as-a- Service product. In addition, Gigya customers do not need to be concerned about COPPA compliance as a result of loading Gigya’s JavaScript library, as Gigya never amasses user profiles across websites and only cookies users to the extent necessary for internal reporting and service support. Social Network Policies Gigya offers several tools to help our customers maintain social network policy compliance. These include: Automatic Account Deletion: If a user revokes data access permission from a site’s Facebook app, then all of his non-public profile information will be deleted from the site’s database. Automatic Account Updates: If a user logs into a site using Facebook and later updates his Facebook profile, his profile information will also be updated in the site’s database to ensure the data is always fresh and up-to-date. Security Tests and Audits In order to test the security of the Gigya solution on a regular basis, Gigya has implemented several methodologies and practices to tighten the security of its offerings: • Annual ISO27001 internal and external audits as part of the certification process. • An automated vulnerability scan is performed once a month using a PCI Approved Scanning Vendor. • Third-party security experts are contracted once a year to conduct extensive black-box penetration tests on Gigya’s infrastructure. • An international Bug Bounty program allows and encourages security researchers to test for and responsibly disclose potential vulnerabilities in the platform on an ongoing basis. • Gigya uses an onsite state-of-the-art Automatic Static Code Analysis software to check for security weaknesses and vulnerabilities in its code base. Penetration Tests Special focus is naturally directed toward extensive application level penetration tests. These are conducted once per-year by third-party security experts as white-box penetration tests on the Gigya platform, based on the widely accepted OWASP methodologies.
  • 6. 6 Testing of security elements (potential and actual security flaws) that may enable various attacks by external attackers or malicious system users include, at the minimum: • Unauthorized access to sensitive information tests • Unauthorized modification of information tests • Unauthorized deletion of information tests • Unauthorized handling of audit information tests • Performing of unauthorized operations or transactions • Illegal impersonation of different users or entities • Performing of unauthorized operations that will cause a Denial of Service (DoS) • Exploitation of existing security controls to perform fraudulent activity Gigya also welcomes its customers to perform their own penetration tests with prior coordination and scoping with us. Gigya will strive to fix any real security exposures found and properly disclosed to us in agreed upon time tables. Privacy Gigya operates according to strict privacy principles and is dedicated to building trust between our customers and their end users. We provide several tools to increase data collection transparency and inform users of how their data is being used. Permission-based Social Login When choosing to log into sites using their existing social profiles, users are shown a dialogue asking permission to access specific data points, such as their birthdays or locations, giving users total control over the information they share. User Data Controls When leveraging Gigya’s Registration-as-a-Service forms for user registration and login, sites can easily expose functionality to their end users, allowing them to 1) download the data the site is storing in order to edit or delete that data as needed, and 2) delete their site account if they so choose. Customizable UIs All self-service forms are 100% customizable, enabling clients to include privacy notices, terms & conditions, marketing opt-ins, account preference fields and other notices in the UI.
  • 7. 7 Administrator Roles & Permissions Gigya provides robust Roles and Permissions functionality that enables administrators to control the features and data that can be accessed by internal users. An administrator can create user groups and assign access on a very granular level, including by site/app ID, specific service and even API, ensuring end user PII is protected. Additional Security Practices and Controls Internal Access Control Gigya has implemented access control and authorization mechanisms that are enforced at all levels of the information systems (application source code, operating system, database and the network level). Gigya employees are granted specific permissions based on their roles according to the ‘least privilege’ principle. System Security Practices Gigya’s system security practices include: server and workstation OS hardening, patch management, auditing and event logging, and malware protection. Gigya also uses a provisioning system that automatically enforces the secure configuration and state of critical system settings and services. All management operations are executed over VPNs using Two-factor Authentication for admins. Network Security Practices Gigya’s network security practices include: opening minimum necessary ports, segregating networks (production, development, testing environments), out-of-band secure network device management interfaces and network device hardening. DDoS (Distributed Denial of Service) mitigation Gigya uses a state-of-the-art anti-DDoS solution on premise for its U.S. data center combined with a cloud based DDoS mitigation service provider in the unlikely case there is a need to handle an extreme volume of traffic. For its AWS data centers Gigya relies on Amazon’s ability to scale up in order to handle the increase in traffic. Change Management Gigya has a well-documented and organized change management approval and implementation process that is the key to an efficiently managed and secure service delivery. Vulnerability Management Since new security vulnerabilities are discovered on a daily basis, Gigya has adopted an information gathering process that includes the constant monitoring of relevant vendor security publications, security forums, communities and security alerts (e.g. US-CERT, BugTraq), issued by key industry players for newly published vulnerabilities.
  • 8. 8 Monitoring Gigya provides both automatic and manual monitoring 24x7x365. Gigya’s Network Operations Center team monitors every aspect of its services, down to the individual API level on every provider. Routine manual tests on key aspects of Gigya’s services occur every 15 minutes. Gigya sets predefined thresholds and events and adjusts capacity accordingly. This is relevant also in case a customer notifies Gigya in advance of certain upcoming events that require this customer to receive more resources for a specific point in time. Backup and Recovery Gigya employs a multi-layer data loss protection architecture with special emphasis on short MTTR (Mean Time to Recovery) in case of failure. All data is replicated in real time to standby servers in a secondary data center providing at least n+1 redundancy in two geographic regions. Critical data is also replicated on premise to provide n+2 redundancy and allow for immediate and transparent recovery, with no data loss, in case of hardware failure. In addition to these measures, disk snapshots and offline backups are also regularly taken. Gigya performs extensive restore tests twice per-year. Business Continuity Plan / Disaster Recovery Plan Gigya has a BCP with an RTO (Recovery Time Objective) of 15 minutes and RPO (Recovery Point Objective) of a few seconds, since data is replicated to standby systems in real time. Gigya performs extensive DRP tests twice per-year. Incident Management Gigya acknowledges that each security incident may require different treatment, depending on its nature, source, and potential impact. However, the general process of responding to a security incident will consist of the following steps: • Immediate Response • Information Gathering • Root Cause Analysis • Categorization • Establishing a Response Plan • Action (implementation steps) • Conclusion and Learning • Implementation of Corrective and Preventive Measures
  • 9. © 2016 Gigya, Inc.  |  2513 Charleston Road #200, Mountain View, CA 94043  |  T : (650) 353.7230  |  www.gigya.com Gigya, the Gigya logo, and Customer Identity Management Platform are either registered trademarks or trademarks of Gigya Incorporated in the United States and/or other countries. All other trademarks are the property of their respective owners. Gigya does not own any end user data or maintain any other rights to this data, other than utilizing it to make Gigya’s services available to our clients and their end users. Gigya acts as an agent or back-end vendor of its client’s website or mobile application, to which the end user of our client granted permissions (if applicable). Gigya facilitates the collection, transfer and storage of end user data solely on behalf of its clients and at its clients’ direction. For more information, please see Gigya’s Privacy Policy, available at http://www.gigya.com/privacy-policy/. Gigya_White_Paper_Infomation_Security_and_Data_Privacy_Practices_201607 The Leader in Customer Identity Management About Gigya Gigya’s Customer Identity Management Platform helps companies build better customer relationships by turning unknown site visitors into known, loyal and engaged customers. With Gigya’s technology, businesses increase registrations and identify customers across devices, consolidate data into rich customer profiles, and provide better service, products and experiences by integrating data into marketing and service applications. Gigya’s platform was designed from the ground up for social identities, mobile devices, consumer privacy and modern marketing. Gigya provides developers with the APIs they need to easily build and maintain secure and scalable registration, authentication, profile management, data analytics and third-party integrations. More than 700 of the world’s leading businesses such as Fox, Forbes, and ASOS rely on Gigya to build identity-driven relationships and to provide scalable, secure Customer Identity Management. To learn how Gigya can help your business manage customer identities, visit gigya.com, or call us at 650.353.7230.