Cybersecurity – Solution Brief
In today’s world, cybersecurity is of the utmost concern for individuals and businesses alike. If not handled with the highest level of care, it could lead to catastrophic effects on your business and day-to-day life.
Stonebranch uses best practices and industry standards in security, privacy, and compliance. These always meet and often surpass the most important goals in both technology and safety for our employees, partners, and customers.
“Data security is a key business challenge for businesses worldwide, and we are pleased to offer our customers the peace of mind provided by a SOC 2 Type II certification. Customers can trust our API and agent-based integrations to safely orchestrate their IT operations and break down data silos.”
SOC 2® Type II Certification
This annual audit confirms the security and availability of the cloud-based, software-as-a-service (SaaS) version of Stonebranch Universal Controller (UC), as defined by the American Institute of CPAs (AICPA):
- Security — Information and systems are protected against unauthorized access, unauthorized disclosure of information, and damage to systems that could compromise the availability, integrity, confidentiality, and privacy of information or systems and affect the entity’s ability to meet its objectives.
- Availability — Information and systems are available for operation and use to meet the entity’s objectives. Capturing how a company safeguards customer data and how well those controls are operating.
Stonebranch’s most recent SOC 2 Type II certification report is available upon request.
ISO/EIC 27001:2013 Certification
ISO/EIC 27001 is a widely recognized international standard that outlines best practices for information security management systems (ISMS). It specifies the requirements to establish, implement, maintain, and continually improve an ISMS within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in ISO/ IEC 27001 are generic and are intended to be applicable to all organizations, regardless of type, size, or nature. Stonebranch’s ISO/EIC 27001 certificate is available upon request.
General Data Protection Regulation (GDPR)
GDPR is a legal framework for the collection and processing of personal information of individuals within the European Union (EU). This law is applicable across the EU and enhances data protection for individuals within the EU. The GDPR replaced the EU’s Data Protection Directive of 1995 and came into effect on May 25, 2018.
- Stonebranch data is primarily hosted in AWS data centers that have been certified as ISO/EIC 27001, PCI DSS Service Provider Level 1, and/or SOC 2 compliant. Learn more about Amazon’s certifications and controls.
- AWS infrastructure services include backup power, HVAC systems, and fire-suppression equipment to help protect servers, and ultimately, your data. Learn more about Amazon’s infrastructure-layer security measures.
- AWS on-site security includes features such as security guards, fencing, security feeds, intrusion detection technology, and other security measures. Amazon’s perimeter-layer security measures.
Data Hosting Locations
Stonebranch leverages AWS data centers in the United States, Europe, and Asia Pacific. Other locations are potentially available upon request.
Encryption in Transit
All communications with the Stonebranch Universal Automation Center (UAC) interface and APIs are encrypted via industry standard HTTPS/TLS (TLS 1.2 or higher) over public and private networks. This ensures that all traffic between you and UAC application is secure during transit.
Encryption at Rest
Application data is encrypted at rest in AWS using AES-256 key encryption.
All new vendors go through a vetting process to ensure they meet or exceed Stonebranch’s high standards for security, privacy, and confidentiality. Vendors commit their adherence to these policies by signing a security addendum. Stonebranch will not enter into a business relationship with any vendor until the vetting process is successfully completed and the security addendum is signed.
Stonebranch performs annual security reviews on all vendors with any level of access to our systems or service data.
Software Development Life Cycle (SDLC)
- All Stonebranch developers go through regular training to reiterate the importance of maintaining a secure SDLC program. In doing so, our teams follow directives from multiple organizations, such as the U.S. Department of Commerce National Institute of Standards and Technology (NIST).
- Static code analysis and vulnerability testing is employed at multiple levels of development to identify and resolve any potential risks prior to product release.
- Communication between all systems, including both production and non-production, is encrypted to protect all data sent internally and externally. See the Network Security: Encryption section below for specific details on encryption in transit and encryption at rest.
- All credentials always remain encrypted in order to protect the integrity of the systems, as well as any logs that might need to be reviewed with the same industry standards noted above.
Transport layer security (TLS) encryption is enabled by default on the web application access points. AWS Relational Database Service (RDS) databases for Universal Controller SaaS environments are set-up with both encryption in transit and at rest.
Security groups are set-up for each component — such as AWS EC2, RDS, and Application Load Balancer (ALB) — to only allow finite ports for specific IPs. Customers can choose to whitelist their IPs for Universal Controller web access.
- AWS Private Link: VPC Networking – AWS PrivateLink – Amazon Web Services is a connectivity service that allows secure communication between your Stonebranch VPC and other AWS Services and/or on-premises networks without exposing traffic to the public internet.
- Site-to-Site VPN: This option establishes a a site-to-site tunnel from the customer’s network to the Stonebranch virtual private cloud (VPC) to ensure a secure connection from the Universal Agents (UA) deployed from the customer to the OMS/Controller. Universal Agents from the customer’s end can be set-up with IP whitelisting and certificate-based authentication.
- IP Whitelisting: Customers can provide a list of IPs to be whitelisted at the Stonebranch VPC for accessing the Controller access or OMS Connectivity from Universal Agents.
- Backend server access is restricted and is available only to the Stonebranch cloud operations team.
- Password-based logins are disabled by default. All secure shell protocol (SSH) access must use key-based authentication.
- SSH ports are restricted and can be accessed only via Stonebranch office locations or Stonebranch internal virtual private network (VPN).
Third-Party Penetration Tests
Stonebranch works with an ethical hacker vendor to run annual penetration tests on our internal company network, as well as our cloud offering, to identify and resolve any weakness that may be exploited by unauthorized parties.
- Username and password credentials are required to gain access to the application. It is the responsibility of the customer to manage users and ensure secure passwords are used. The Universal Controller application allows you to setup password rules for local users.
- Customers can integrate with their onsite lightweight directory access protocol (LDAP) or Active Directory. Single sign-on (SSO) via security assertion markup language (SAML) can also be implemented as needed.
Vulnerability Management and Security Monitoring
- Intelligent agents are installed in each EC2 instance. Agents continuously monitor network connections, user activity, and file integrity. These agents notify the operations team if any anomalies or suspicious behaviors are identified. In addition, the operations team receives vulnerability alerts if any application is installed on the servers.
- AWS CloudTrail is used to notify the operations team of any unusual activity. An artificial intelligence (AI)-based security monitoring tool provides a detailed status of all security controls in place for the SaaS Universal Controller.
Anti-Virus and Malware
- Agents installed in each EC2 instance will continuously run anti-virus and malware scans while also running intrusion detection scans (IDS).
- This service is automatically updated with the newest security engines and definitions whenever a new vulnerability is discovered, allowing Stonebranch to provide a high level of security.
Employees and Third-Party Contractors
- Background checks are conducted on all new employees in accordance with local laws. These checks are also required for contractors. The background check includes criminal, education, and employment verifications.
- Stonebranch follows the principles of least-privileged access for all systems to make sure that no company or client personnel has access to any system that they do not specifically need to be able to access.
All new hires are required to sign non-disclosure and confidentiality agreements.
Security Awareness Training
All employees participate upon hire and annually thereafter. All engineers receive annual secure code training. The security team provides additional security awareness updates via email, blog posts, and in presentations during internal events.
Management System Team
|Team Member & Location
|Information Security Officer (ISO)
|The ISO is responsible for establishing and maintaining a corporate-wide information security management program to ensure that information assets are adequately protected.
|Haitham Ghoneim Frankfurt, Germany
|Data Privacy Officer (DPO)
|The DPO is responsible for ensuring the protection of your personal data collection and processing, as to comply with all regulatory bodies and legal entities.
|Karl Schleps Frankfurt, Germany
|The security/compliance assistant is responsible for assisting both the ISO and DPO in all their tasks and responsibilities.
|Bojana Georgievska Skopje, North Macedonia
Stonebranch builds IT orchestration and automation solutions that transform business IT environments from simple IT task automation into sophisticated, real-time business service automation, helping organizations achieve the highest possible Return on Automation.
No matter the degree of automation, Stonebranch platform is simple, modern, and secure. Using the Stonebranch Universal Automation Platform, enterprises can seamlessly orchestrate workloads and data across technology ecosystems and silos.
Headquartered in Atlanta, Georgia, with points of contact and support throughout the Americas, Europe, and Asia, Stonebranch serves some of the world’s largest financial, manufacturing, healthcare, travel, transportation, energy, and technology institutions.
UAC works in hybrid IT environments across multiple platforms and business applications in real-time. Available on-premises or as a SaaSbased deployment, the UAC is a modern platform built to scale with your business.