Search
Security
Your Data's Safe With Us
OneSource considers security to be an essential and strategic priority for the company and has therefore developed a comprehensive security program along multiple dimensions, including:
- Tier-1 Web hosting provided by Rackspace, with state-of-the art facilities, hardware, security tools and constant monitoring (OneSource is a Rackspace Intensive client)
- Built-in application security.
- Compliance with strict OneSource employee policies and procedures.
- Regularly scheduled hardware and software security patches and updates.
- Regularly scheduled vulnerability assessments and penetration tests conducted by objective, trusted third parties such as Trustwave and Principle Logic.
OneSource Environment Hosted by Rackspace
OneSource has partnered with Rackspace to deliver a state-of-the-art, reliable and secure hosting environment for OneSource systems. OneSource has been using Rackspace since 2001 and has recently re-contracted and upgraded its infrastructure with Rackspace. Rackspace is one of the nation’s leading Web hosting providers, serving thousands of companies including many in the Fortune 500. With seven data centers and over 500 employees, Rackspace has earned numerous rewards over the past several years including the Gartner Research Magic Quadrant designation, Microsoft’s Hosting Provider of the Year in 2005 and certification as a Microsoft Gold Partner. Multiple OneSource testing and production environments are hosted in Rackspace’s Dallas, Texas facility with OneSource-dedicated infrastructure recently upgraded in July 2006, including the following:
- Hardened Servers
- CISCO Firewall
- CISCO Intrusion Detection System (IDS)
- Computer Associates’ e-Trust virus scanning
Rackspace offers industry-leading Service Level Agreements (SLA’s), including 24x7x365 support, one-hour hardware fix/replacement times and 100% Infrastructure uptime performance guarantees.
Rackspace builds and hardens its servers following its standardized, proven processes.
Rackspace completes a SAS-70 Type II audit on an annual basis.
Vulnerability Assessments and Penetration Tests
To ensure OneSource customers receive the highest level of security and to verify a secure system and network, OneSource has committed to having regular vulnerability scans and penetration tests run by objective and unbiased third party security firms, including Ambiron TrustWave and Principle Logic.
A recent assessment conducted by Principle Logic included the following conclusions:
- "The overall security of the Web application is very good. The overall security of the associated database and underlying operating systems is very good as well."
- "A gap analysis based on the OWASP Top Ten Project – a widely accepted framework providing a minimum standard for the Web application security – was performed. In this analysis, no exploitable flaws matching any of the OWASP Top Ten categories were discovered."
- "No pages were noted as being cached by the local browser and session cookies are being used; therefore, a malicious user/attacker won’t be able to return to a previously accessible page without having to log in again."
- "No database-related exploits such as accessing data as an un-trusted outsider or accessing another organization’s customer data as a trusted insider were found."
- "With the intruder lockout feature, the application stands up well to brute-force or dictionary-based login attacks."