SAP Knowledge Base Article - Public

2397261 - Roambi Cloud Security Overview

Symptom

Roambi Cloud Security Overview

Environment

- SAP Roambi Cloud

Resolution

Roambi Cloud Security Overview

Cloud Security

Roambi Cloud Services is the partnership formed between Roambi and Amazon Web Services to guard your business assets. To guarantee the safety of each Roambi Business account, Roambi Cloud Sevices utilizes many different services including physical security for data centers, intrusion detection systems, customized firewalls and SSL-encryption to ensure secure communications.

 

Roambi Security

Roambi provides administrators with a number of ways to block user access to source files and reports, so you know your users can only see the information they’re supposed to, even if someone else has tried to share a confidential file. Additionally, organizations have the option to use SAML 2.0 integration to authenticate to customer-owned identity services.

Device Security

Several different device-level security capabilities can also be enabled by administrators through the Roambi administrative console:

  • File Expiration: Set a date for a Roambi report to expire and it will be automatically deleted from a user’s device.
  • Application Lock Out: Lock out a Roambi App when a device has been lost or stolen.
  • File Recall: Recall and remove any Roambi file from a user’s device and block it from being downloaded again.
  • Application Passcode: Require users to authenticate with a pin number in order to open a Roambi App.
  • Remote Block/Wipe: Implement a targeted wipe of all Roambi-specific infomration from a lost or stolen device.

Multi-Tenancy - Roambi was created for secure multi-tenancy; your data will always be segregated from other Roambi customers. Databases maintained by Roambi Cloud Services implement row-level security protection. The Roambi Analytics application also contains logic to filter data by a series of unique IDs of organizations, users and content management assets.

Service Availability - The Roambi service is built for resiliency and well-maintained. To ensure high availability, Roambi relies on physically co-located infrastructure, automatic infrastructure failovers and autoscale groups.

Disaster Recovery - Roambi is designed to be fault tolerant with automatic fail overs. Operational fire drills are conducted regularly to enable the operations team to work effectively on various outages and infrastructure component failures. All critical components are backed up regularly, providing the operations team with recent recovery points.

 

FAQ:

Does Roambi own the cloud infrastructure and operations?

Roambi has partnered with Amazon Web Services to provide you Roambi Cloud Services. Amazon Web Services owns the operations and management of the physical infrastructure of the data center. All other server operations and management including but not limited to installation, configuration, maintenance, updates, monitoring are solely operated by Roambi.

 

How does Roambi implement customer segregation?

Roambi is designed to be a multi-tenant environment. Customer data is only accessible to its rightful owner. 
Our databases implements row level security protection and our application contains logic to filter data by a series of unique IDs of organizations, users, and content management assets.

 

Where is customer data stored?

All application data is stored on the Amazon cloud. Depending on location, all customers will have their data stored in one of the Amazon’s regions (US or EU). 
For mobile devices, Roambi uses the iOS security model, and stores the access token in the encrypted key chain. No credentials are stored on the device. On mobile devices, all the files are stored using iOS Data Protection API.

 

How does Roambi perform backups?

Backups are performed daily using encrypted communications. All backups performed by Roambi are stored solely on Amazon S3. The files at rest are encrypted.

 

What is the disaster recovery plan?

Roambi is designed to be fault tolerant with automatic fail overs. In the scenario when automated recovery processes do not resolve the issue, Roambi’s operation team is prepared to resolve any service interruption incidents 24x7. All critical components are backed up regularly, providing the operation team recent recovery points.

Operational emergency drills are conducted regularly to enable the operation team to work effectively on various outages and infrastructure component failures.

 

How does Roambi provide high availability?

There are several factors that can impact the availability. The following are some of the major components:

  • Physically co-located: Roambi infrastructure is co-located in at least two AWS availability zones. Each availability zone runs its own distinct, independent infrastructure. Common points of failures like generators and cooling equipment are not shared across Availability Zones. Additionally, they are physically separate, such that even extremely uncommon disasters such as fires, tornados or flooding would only affect a single Availability Zone.
  • Infrastructure Failovers: All critical components (application servers, data services, databases, etc.) have automatic failovers to protect against from any physical failure of the primary node. All components are monitored 24x7 and have health check triggers for alerts and prompt automatic repair processes.
  • Autoscale Groups: The capacity of Roambi automatically scales with the usage and load on the server. Additional computational nodes are launched when the system detects the resources are reaching capacity.

 

How does Roambi handle infrastructure and server issues?

Roambi strives to make Roambi available 24 hours a day, 7 days a week; however, there are scenarios when Roambi will not be available which include:

  • Scheduled maintenance
  • Unavailability caused by circumstances beyond reasonable control. Examples include events such as acts of God, acts of government, Internet service, provider failures or delays.

 

How can auditing of Roambi be accomplished?

Roambi has subscribed to third party services to audit the system for security on a regular basis. Assessments include:

  • Application vulnerability threat assessments
  • Selected penetration testing and code review
  • Security control framework review and testing

Pending scheduling, custom manual penetration testing is also available. Because Roambi is a multitenant environment, the penetration test must be performed under the supervision of the Roambi operations team.

Are third parties allowed access to the cloud application?

Roambi does not grant any third party access to any part of the application.

 

How are privileged actions monitored and controlled?

All actions performed at the application, database, and operating system level are logged. Only selected members of the operations team have access to these logs. Logs are restricted from modifications and reviewed regularly.

 

Is Roambi patched for security vulnerabilities?

Patches for the operating system and applications are performed regularly during elected maintenance windows. Roambi also performs daily vulnerability scans daily.

 

Does Roambi support in transit and data encryption?

Yes. All client communications are performed over SSL. All data at rest are encrypted using 256-bit AES in Cipher Block Chaining mode with ESSIV.

 

What rights does Roambi have over customer data?

Roambi customers retain all ownership of the data stored in Roambi . Roambi follows these general guidelines:

  • Data or information is not made available or disclosed to unauthorized persons or processes.
  • Data or information has not been altered or destroyed in an unauthorized manner.
  • Data or information is only accessible and usable by Roambi upon approval by an authorized person.


In regards to collection of personal information, please see http://www.roambi.com/privacy/ for additional information.

 

How are updates and maintenance of Roambi performed?

The weekly maintenance window is every Wednesday 7:00 PM - 9:00 PM (PST). The maintenance window is only used as needed.  Establishing this maintenance window serve multiple purposes:

  1. Roambi and customers have a mutual expectation when a planned maintenance will occur
  2. Customers will not schedule key operations or API client jobs during this period, and
  3. Roambi can safely perform maintenance with the least disturbance to end users.

 

How do I know the device is secure?

Roambi app uses OAuth 2 authentication protocol for all authentication requests. It uses a 128 bit encrypted access token which is stored in the device keychain. Under SSL conditions, this access token cannot be intercepted while the device and server are communicating.

Roambi also provides users the ability to lockdown the device remotely and wipe the content retrieved from server.

An administrator of an organization can enforce the user to have passcode for the Roambi app.

The Roambi app is regularly being reviewed and submitted for third-party vulnerability testing.

 

Is data stored on the mobile device?

All data on the iPhone 3GS and later is hardware encrypted. Roambi uses iOS data protection, which means that data stored by Roambi cannot be read from the device unless the user has unlocked their device by entering their passcode. For this reason, a strong alphanumeric passcode is recommended.

 

How do I know the web application is secure?

All communications to the web clients is performed over SSL. Connection between the Internet and Roambi services is via TLS, using global step-up certificates from Verisign, ensuring that our users have a secure connection from their browsers to our service.

Individual user sessions are identified and re-verified with each transaction, using a unique token created at login.

Additionally, organizations have the option to use SAML 2.0 integration to authenticate to a customer-owned identity service. Roambi also provide administrators to block user access via the administration panel.

Web Service is regularly being reviewed and submitted for third-party vulnerability testing.

 

How do I know the server is secure?

Security of the servers is implemented in layers. The servers have specific security groups applied. Roambi customizes and maintains Amazon-provided firewalls.

The traffic may be restricted by protocol, by service port, as well as by source IP address (individual IP or Classless Inter-Domain Routing (CIDR) block).

 

How do I know the API is secure?

The Roambi API follows standard practices in issuing pair of customer key and secret. Only administrators of the organization have the ability to issue keys. Dedicated application pools are reserved for API usage and custom security groups and firewalls have been applied. As with other client server communications, data is transmitted over SSL.

API tier is regularly being reviewed and submitted for third-party vulnerability testing.

 

What controls are in place to enable backup and recovery?

Roambi uses different Amazon services, each of which has different means of backup and recovery. Our databases use Relational Database Structure (RDS) with a default retention period of 30 days. Servers are disposable and are generated as needed. Backup is ongoing and automatic. Recovery for some components are carried out automatically and monitored by Roambi operation staff members.

How does Roambi ensure the secure transmission of data?

Connection between the internet and Roambi services is via TLS, using global step-up certificates from Verisign, ensuring that our users have a secure connection from their browsers to our service.

Individual user sessions are identified and re-verified with each transaction, using a unique token created at login.

What network protections are in place to monitor network security?

Roambi customizes and maintains Amazon-provided firewalls. Inbound firewalls are configured such that customers must explicitly open the ports needed to allow inbound traffic.

The traffic may be restricted by protocol, by service port, as well as by source IP address (individual IP or Classless Inter-Domain Routing (CIDR) block). The firewall can be configured in groups permitting different classes of instances to have different rules.

Are any internal or third party tests and assessments in place?

Roambi tests all code for security vulnerabilities before release, and regularly scans our network and systems for vulnerabilities. Third-party assessments are also conducted regularly in the following areas:

  • Application vulnerability threat assessments
  • Selected penetration testing and code review
  • Security control framework review and testing

 

What is the process for notifying a Roambi customer in case of any security incidents?

In order to coordinate response to and resolution of IT security incidents, Roambi has established an incident response team.  Once the response team has acknowledged and assessed the severity of the incident, the security liaison is alerted and the customer’s point contact is notified.

Does Roambi provide for development or QA servers?

Roambi is completely maintained by Roambi staff and does not require integration with customer’s internal infrastructure.  As such, development and QA servers are not required.

What physical security is provided for AWS data centers?

Amazon Data centers are housed in nondescript facilities. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication a minimum of two times to access data center floors.

All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff. When an employee no longer has a business need for these privileges, his or her access is immediately revoked All physical access to data centers is logged and audited routinely.

What environmental controls are in place to maintain data centers?

Climate control is required to maintain a constant operating temperature for servers and other hardware, which prevents overheating and reduces the possibility of service outages.

Data centers are conditioned to maintain atmospheric conditions at optimal levels. Personnel and systems monitor and control temperature and humidity at appropriate levels.

What controls are in place for the prevention, detection & suppression of fire-related disasters?

Automatic fire detection and suppression equipment has been installed to reduce risk. The fire detection system utilizes smoke detection sensors in all data center environments, mechanical and electrical infrastructure spaces, chiller rooms and generator equipment rooms.

Server environments are protected by either wet-pipe, double-interlocked preaction, or gaseous sprinkler systems.

What power systems are in place in the data centers?

The data center electrical power systems are designed to be fully redundant and maintainable without impact to operations, 24 hours a day, seven days a week.

Uninterruptible Power Supply (UPS) units provide backup power in the event of an electrical failure for critical and essential loads in the facility.  Data centers use generators to provide backup power for the entire facility.

Keywords

KBA , BI-ROM-CLD-SRC , Roambi Cloud Service , How To

Product

SAP Roambi Cloud all versions