How secure is your data?

Organizations that have undergone third party verifications of their financial systems to meet the requirements of US Sarbanes-Oxley legislation can attest to the time and expense required for audits of privacy policy. Additionally, many companies need to provide security of their critical business strategies and tactics or, against the potential legal risk stemming from litigation when private information becomes compromised.

SuccessFactors is well positioned to provide data security solutions that are simply too time consuming and expensive to deploy within the framework of a single organization, as providers of behind-the-firewall solutions frequently attempt.

SuccessFactors offers:

Access control and physical security

• Secure data centers in top-tier hosting facilities.
• 24-hour manned security. Appropriate identification is required and recorded on each visit.
• Security cameras monitor activity throughout the facility, including equipment areas, corridors and mechanical, shipping and receiving areas.
• Motion detectors and alarms are located throughout the facilities, and silent alarms automatically notify security and law enforcement personnel in the event of a security breach.

Application security

The SuccessFactors application employs extensive security measures to protect against the loss, misuse and unauthorized alteration of data.

• Secure Socket Layer (SSL) technology protects information using both server authentication and data encryption to help ensure that data is safe, secure and available only to you.
• SuccessFactors requires unique user names and passwords that must be entered each time a user logs on.
• Safe Desktops. SuccessFactors only delivers pure HTML and JavaScript, so desktops do not require any changes or special permissions. This ensures the utmost security of the desktop environment.
• Session Timeouts. SuccessFactors times out user sessions if the application is left inactive for 30 minutes.

Data encryption / Cryptographic controls

• SuccessFactors implements Secure Sockets Layer (SSL) technology for transmission of web content to the browser.
• SuccessFactors also offers at rest disk level encryption, which integrates with our SAN storage to provide a reliable safe, secure data storage environment. We use AES 256bit encryption to secure data at the block level of our storage systems, and our key management has passed the FIPS 140-2 level 3 standard.

Anti-virus security

To minimize the threat of viruses and Trojans, SuccessFactors' anti-virus software runs constantly in memory where it scans files and disks every time they are accessed. Configuration restricts disabling the software. All data introduced into the SuccessFactors computing environment is scanned prior to introduction, including via email, discs, CDs, DVDs, Internet, and thumb drives.

Network protection

• SuccessFactors utilizes best-in-class network equipment, including firewall, switches and intrusion detection.
• Perimeter firewalls and edge routers block unused protocols.
• Internal firewalls segregate traffic between the application and database tiers.

Information security incident management

SuccessFactors has put in place monitoring services for 24/7 managed network security and monitoring. These monitoring services help eliminate network vulnerabilities. Real-time notifications of vulnerabilities and security incidents are entered into the SuccessFactors ticketing system and the appropriate SuccessFactors personnel are notified.

Backup, failover and redundancy

• Backup encryption. All data stored on backup tapes is encrypted using 128-bit encryption.
• Backup and restore. Full data backups weekly and incremental data backups nightly.
• Geographical failover. SuccessFactors offers geographical failover as an optional service.
• Complete redundancy. Every component in the SuccessFactors infrastructure is redundant. There are at least two of each hardware component that processes the flow and storage of data.
• Network. Each device in the network has a failover backup to ensure maximum uptime.
• Load balancing and server clustering. SuccessFactors load balances at every tier in the infrastructure, from the network to the database servers.
Application server clusters are enabled to ensure that if servers fail, it will not interrupt the user experience.