Important information about the specifics of OpenBlend security measures.Hosting
Open Blend is hosted on the Microsoft Azure cloud computing platform which is a global network of Microsoft managed data centres. Microsoft Azure runs in geographically distributed Microsoft facilities, sharing space and utilities with other Microsoft Online Services. Each facility is designed to run 24 x 7 and employs various measures to help protect operations from power failure, physical security and reliability and they are managed, monitored, and administered by Microsoft operations personnel.
Information about Microsoft’s Service Level Agreements with guarantees for uptime can be found here - https://azure.microsoft.com/en-us/support/legal/sla/
Azure has reached ISO27001 accreditation – https://www.microsoft.com/en-us/TrustCenter/Compliance/ISO-IEC27001
Network
The OBM web application uses SSL (Secure Sockets Layer) to securely encrypt communications over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security. A key benefit of HTTPS is authentication of the visited web application and protection of the privacy and integrity of the exchanged data.
The networking hardware that connects all Microsoft Azure components is subject to the Microsoft security measures employed by the service at this layer.
The Microsoft Azure internal network is isolated by strong filtering of traffic to and from other networks. This provides a “backplane” for internal network traffic that is highspeed and at low risk from malicious activity generally. The configuration and administration of network devices such as switches, routers, and load balancers is performed only by authorized Microsoft operations personnel. The virtualization provided by the Windows Azure Fabric makes environment changes practically invisible to users.
Furthermore, any hardware that does not implement adequate communications security features (such as SSL) is administered over a separate LAN that is isolated from nodes that are exposed to the Internet, or customer access, in effect acting as a firewall.
Data Security
The OBM web application utilises Azure SQL Server for data storage with real-time I/O encryption and decryption of all data and log files, ensuring that data “at rest” is secured. This real-time encryption utilises AES and 3DES encryption algorithms to protect the Azure SQL Database and Data Warehouse against the threat of malicious activity.
As per industry best practise, authentication credentials are stored separately from systems data. Users passwords are encrypted with Hash-based Message Authentication Code (HMAC) using the SHA1 hash function. The cryptographic services required for this operation are provided by Microsoft through the .NET Framework.