- REVIEW SPIDEROAK PATCH
- REVIEW SPIDEROAK CODE
- REVIEW SPIDEROAK SERIES
NIST Compliant - Follows measurements and standards for data center infrastructure and deployment of information technology and applications. HIPAA Compliant - HIPAA Security Rule 45 CFR 160, 160 and 164. PCI DSS 2.0 Compliant - (Payment Credit Industry) Certified. SSAE-16 Type II Certified - (formerly SAS 70). Company-wide VPN - Protects traffic of SpiderOak employees from interception, including protection on insecure Wi-fi networks.ĭata Center - Numerous Compliance Certifications - SpiderOak's server facilities are compliant with the following requirements:.
REVIEW SPIDEROAK SERIES
Availability Monitoring and Assurance - A series of availability and functionality checks ensure service uptime and provide early warnings for DDOS mitigation. REVIEW SPIDEROAK PATCH
Regular Security Patch Monitoring - Staff regularly monitor lists for new vulnerabilities relevant to software used by SpiderOak, supporting quick remediation.
Continuous Port Scanning - Internal port scans help mitigate unapproved services, minimizing attack surface of core services.
Employee Education - Employees are provided security awareness materials, and company-wide notifications are sent regarding active threats. Social Engineering - Surprise Social Engineering programs, including "phishing attacks", test employee awareness and measure effectiveness of employee education. Distributed Firewall Deployment - Centralized configuration and deployment of Firewalls. Internal Penetration Testing - All internal networks and servers tested annually for exploitable vulnerabilities. External Penetration Testing - All external networks and servers tested annually for exploitable vulnerabilities. External Vulnerability Assessment - All external networks and servers assessed quarterly for vulnerabilities. Internal Vulnerability Assessment - All internal networks and servers assessed quarterly for vulnerabilities. Security Roadmap - Establishes an ongoing baseline of security requirements implemented and maintained by SpiderOak. Virtual CSO - SpiderOak supplements internal security leadership with third-party expertise. Internal Designated Security Officer - Lead Developer, Tomás Touceda is currently the Designated Security Officer within SpiderOak. Quality Assurance Checks - QA performs additional security checks, including Man-in-the-Middle tests, to ensure all security measures provide the intended protections. REVIEW SPIDEROAK CODE
Third-Party Security Code Review - Third-Party experts are engaged to perform code reviews on critical code. Internal Security Code Review - Features are internally "code reviewed" for security by Designated Security Reviewers, ensuring secure implementation. 
Secure Development - Secure Features are developed based upon the approved Feature Specification.Even if data is compromised, Zero Knowledge security ensures that customer data remains unreadable. Ground-up Security Design - Feature Specifications are designed with Zero Knowledge security from the ground-up.SpiderOak's InfoSec Best Practices "Security-First" Design Process for Core Services
0 kommentar(er)
