SpecLink Cloud Security

Overview

Security is a top priority at RIB. Please review the frequently asked questions below regarding security.

Frequently Asked Questions

How is SpecLink Cloud made available to customers?

SpecLink Cloud is a web-based software application that is hosted on the cloud. The software can be accessed 24x7 via a web-browser (e.g., Google Chrome). This model is also popularly known as Software as a Service (SaaS).

Where is SpecLink Cloud hosted?

SpecLink Cloud uses Microsoft’s Azure cloud platform. Depending on where the customer (tenant) is, SpecLink distributes its database across Azure’s geographical zones, so latency is minimized, and the load is distributed appropriately.

How does Microsoft Azure assure security, compliance, and reliability?

Microsoft Azure holds ISO-27001 for compliance and cloud security and provides the following:

• Network security: availability of built-in firewalls and encryption of data in motion (TLS)
• Private virtual subnets: Inventory and configuration management tool for deployment of hardened VMs as well as tools to identify, track and manage resources
• Data encryption available in storage and database services
• Key management and storage can be done using cloud-based HSM.
• IAM services, including multifactor authentication for privileged accounts
• IAM integration with corporate directories
• DDoS prevention and mitigation
• Monitoring: log aggregation, alert notifications and visibility into API calls
• Frequent independent auditing to ensure compliance is maintained with all major certifications

How is the customer’s project data stored?

SpecLink Cloud uses a Microsoft technology stack with latest Windows Server OS and SQL Server database. The database architecture is based on multi-tenancy, keeping all customer data intact and safe.

Does SpecLink Cloud store project and personal data for customers outside the U.S.?

SpecLink Cloud uses Microsoft’s Azure global cloud platform to store both project and customer information within the U.S. Geographic boundary. Currently the customer’s personal and project data do not leave USA geographical boundary. SpecLink has the option to leverage the Azure Cloud offering to house customer data in the customer’s geographic region.

What is SpecLink Cloud’s Disaster Recovery strategy?

SpecLink Cloud's data and web applications are constantly replicated over Microsoft Azure’s different geographically separated zones. We have set the Recovery Point Objectives to one hour and Recovery Time Objective to 12 hours in the U.S. We are working with Microsoft to set RTO and RPO’s for customers outside the U.S. to an acceptable limit.

How does identity and access management work for SpecLink Cloud?

SpecLink Cloud keeps all customers' personally identifiable information separate from their project data. Access is managed by a named license for each user, maintained by standard user credentials. Entitlement and access privileges are based on the customer's SpecLink Cloud subscription.

Does storing data on the cloud pose a risk to my company?

There is no greater risk storing data in the cloud than there is storing it internally. One of the main differences between a locally managed computing environment and a cloud environment is the concept of multi-tenancy. Because data from different customers is stored side-by-side on the same servers, one common misconception is that “someone sharing my server can get at my data,” which is not a possibility. Multi-tenancy is not a new concept but is an integral part of secure cloud-based applications and storage solutions. In fact, large cloud-based applications such as Salesforce.com have employed multi-tenancy for years with great success.

What happens if the cloud servers crash? Can we still access the database? What is SpecLink Cloud’s backup policy?

SpecLink maintains daily backups of all of customers’ data with a retention policy of 30 days. In addition to this, we have a robust DR (disaster recovery) plan in place. Please see the details in the questions below.

We deal with clients that require limited access for their projects under NDAs. Does the SpecLink Cloud application include options to lock out users to meet these requirements, such as password protected projects?

SpecLink Cloud allows you to designate the level of permission that each user has to both projects and application functionality. For instance, account administrators can make a project private (accessible to only designated users) or hidden from other users on the account, among many other customizable layers of permissions.

How is the data secured at rest and in transit?

All critical data related to personally identifiable information is stored encrypted in the database at rest. The encryption protocol used is SHA256 with a bit length of 256. All data transmitted over the web is encrypted over SSL including calls to its internal APIs.

What is SpecLink Cloud’s data purge and retention policy?

SpecLink Cloud retains all customers’ deleted data for a minimum 30 days following the end of a subscription. Under certain situations, if a customer wants to remove any of their data immediately from the server, we can address this by deleting that data permanently through a customer support ticket.