Security Overview
Overview of the security provisions in Haven OnDemand.

Security Overview

Haven OnDemand ensures the confidentiality, integrity, and availability of customer information. Customers retain ownership of all information that they upload.

The Haven OnDemand team have included multiple layers of security control throughout the Haven OnDemand platform to protect against a wide range of threats, including but not limited to:

Secure Data Centers

The Haven OnDemand service is colocated in dedicated spaces at top-tier data centers. These facilities provide carrier-level support, including:

  • Connectivity. The facilities are serviced by robust world class carrier grade fiber providers.
  • Power. The facilities have power supplied by multiple providers and supplemented with onsite generators, with enough fuel to run for 72 hours uninterrupted, and additional fuel suppliers on stand-by.
  • Security. The facilities are monitored, manned, and patrolled 24x7x365.
  • Cooling. The facility data processing areas are maintained at a temperature of 65-75F with a humidity of 35-42%.

Hewlett Packard Enterprise also provides private cloud versions of Haven OnDemand for customers who require non-Internet connectivity, or a high level of segregation.

Network Protection

  • Haven OnDemand uses multiple subnets with comprehensive Security Group configurations to segregate components.
  • The external facing application tiers are protected by platform-level firewall rules.
  • The data tier is maintained on a private subnet with further Security Group protection from the application tier.
  • Haven OnDemand employs third-party organizations to externally scan its environment for vulnerabilities.
  • When a security event is identified, Haven OnDemand follows a standard security incident response process.
  • Administrative access uses restricted access gateways.

System Protection

  • Haven OnDemand has strict patch policies for all software deployed to its environment.
  • Access as root or administrative users is disabled on all Haven OnDemand servers. Administrative access is permitted only by named accounts for individuals, rather than a shared service account.

Segregation of Duty

Duties for the development, maintenance, and management of Haven OnDemand are clearly defined and segregation of duty principles are followed.

Auditing

Independent internal and third-party teams are responsible for auditing all aspects of the Haven OnDemand security model, including but not limited to:

  • Application vulnerability threat assessments
  • Network vulnerability threat assessments
  • Access permission auditing
  • Security control framework review and testing

Backup and Disaster Recovery

All data in the Haven OnDemand environment is stored in at least triplicate, with user data replicated across global data center locations. Haven OnDemand has hot standby environments, which are available for failover in case of production data center failure.