ManageEngine Security Practices, Policies & Infrastructure for MDM MSP Cloud

Security and data protection are paramount for us. We take security very seriously and have developed a comprehensive set of practices, technologies and policies to help ensure your data is secure.

If you are currently maintaining your data on personal computers or your own servers, the odds are that we offer a better level of security than what you currently have in place.

This document outlines some of the mechanisms and processes we have implemented to help ensure that your data is protected. Our security practices are grouped in four different areas: Physical Security; Network Security; People Processes and Redundancy and Business Continuity.

Physical Security

Our data centers are hosted in some of the most secure facilities available today in locations that are protected from physical and logical attacks as well as from natural disasters such as earthquakes, fires, floods, etc.

  • 7x24x365 Security. The data centers that host your data are guarded seven days a week, 24 hours a day, each and every day of the year by private security guards.

  • Video Monitoring. Each data center is monitored 7x24x365 with night vision cameras.

  • Controlled Entrance. Access to the ManageEngine MDM MSP Cloud data centers is tightly restricted to a small group of pre-authorized personnel.

  • Biometric, two-Factor Authentication. Two forms of authentication, including a biometric one, must be used together at the same time to enter a ManageEngine MDM MSP Cloud data center.

  • Undisclosed locations. ManageEngine MDM MSP Cloud servers are located inside generic-looking, undisclosed locations that make them less likely to be a target of an attack.

  • Bullet-resistant walls. ManageEngine MDM MSP Cloud servers are guarded safely inside bullet-resistant walls.

Network Security

Our network security team and infrastructure helps protect your data against the most sophisticated electronic attacks. The following is a subset of our network security practices. These are intentionally stated in a very general way, since even knowing what tactics we use is something hackers crave. If your organization requires further detail on our network security, please contact us.

  • Secure Communication. All data transmission to ManageEngine Cloud services are encrypted using TLS 1.2 protocols, and we use certificates issued by SHA 256 based CA ensuring that our users have a secure connection from their browsers to our service. We use the latest and strong ciphers like AES_CBC/AES_GCM 256 bit/128 bit keys for encryption, SHA2 for message authentication and ECDHE_RSA as the key exchange mechanism

  • IDS/IPS. Our network is gated and screened by highly powerful and certified Intrusion Detection / Intrusion Prevention Systems.

  • Control and Audit. All accesses are controlled and also audited.

  • Secured / Sliced Down OS. ManageEngine MDM MSP Cloud applications run inside a secured, sliced-down operating system engineered for security that minimizes vulnerabilities.

  • Virus Scanning. Traffic coming into ManageEngine MDM MSP Cloud Servers is automatically scanned for harmful viruses using state of the art virus scanning protocols which are updated regularly.

People Processes

Designing and running data center infrastructure requires not just technology, but a disciplined approach to processes. This includes policies about escalation, management, knowledge sharing, risk, as well as the day to day operations. ManageEngine MDM MSP Cloud's security team has years of experience in designing and operating data centers and continually improves our processes over time. ManageEngine MDM MSP Cloud has developed world class practices for managing security and data protection risk.

  • Select Employees. Only employees with the highest clearance have access to our data center data. Employee access is logged and passwords are strictly regulated. We limit access to customer data to only a select few of these employees who need such access to provide support and troubleshooting on our customers' behalf.

  • Audits. Audits are regularly performed and the whole process is reviewed by management

  • As-Needed Basis. Accessing data center information as well as customer data is done on an as-needed only basis, and only when approved by the customer (i.e. as part of a support incident), or by senior security management to provide support and maintenance.

Redundancy and Business Continuity

One of the fundamental philosophies of cloud computing is the acknowledgment and assumption that computer resources will at some point fail. We have designed our systems and infrastructure with that in mind.

  • Distributed Grid Architecture. ManageEngine MDM MSP Cloud services run on a distributed grid architecture. That means a server can fail without a noticeable impact on the system or our services. In fact, on any given week, multiple servers fail without our customers ever noticing it. The system has been designed knowing that server will eventually fail - we have implemented our infrastructure to account for that.

  • Power Redundancy. ManageEngine MDM MSP Cloud configures its servers for power redundancy – from power supply to power delivery.

  • Internet Redundancy. ManageEngine MDM MSP Cloud is connected to the world –and you- through multiple Tier-1 ISPs. So if any one fails or experiences a delay, you can still reliably get to your applications and information.

  • Redundant Network Devices. ManageEngine MDM MSP Cloud runs on redundant network devices (switches, routers, security gateways) to avoid any single point of failure at any level on the internal network.

  • Redundant Cooling and Temperature. Intense computing resources generate a lot of heat, and thus need to be cooled to guarantee a smooth operation. ManageEngine MDM MSP Cloud servers are backed by N+2 redundant HVAC systems and temperature control systems.

  • Geo Mirroring. Customer data is mirrored in a separate geographic location for Disaster Recovery and Business Continuity purposes. Please note geo mirroring is available on select products and plans.

  • Fire Prevention. The ManageEngine MDM MSP Cloud data centers are guarded by industry-standard fire prevention and control systems.

  • Data Protection & Back-up. User data is backed-up periodically across multiple servers, helping protect the data in the event of hardware failure of disaster.

Security Certifications

ISO/IEC 27001 is one of the most widely recognized independent international security standards. This certificate is awarded to organizations that comply with ISO's high global standards. ManageEngine has earned ISO/IEC 27001:2013 certification for Applications, Systems, People, Technology, and Processes.

ISO/IEC 27017 offers guidelines for information security controls applicable to the provision and use of cloud services by providing additional implementation guidance for relevant controls specified in ISO/IEC 27002, along with additional controls with implementation guidance that specifically relate to cloud services. ManageEngine is certified with ISO/IEC 27017 — Information technology — Security techniques — Code of practice for information security controls based on ISO/IEC 27002 for cloud services.

ISO/IEC 27018 establishes commonly accepted control objectives, controls, and guidelines for implementing measures on safeguarding PII processed in a public cloud. These controls are an extension of ISO/IEC 27001 and ISO/IEC 27002. ManageEngine is certified in ISO/IEC 27018, which provides guidance to organizations concerned about how their cloud providers are handling personally identifiable information (PII).

SOC 2 Type 2 is an evaluation of the design and operating effectiveness of controls that meet the AICPA's (American Institute of Certified Public Accountants) Trust Services Principles criteria. ManageEngine is SOC 2 Type 2 (Security, Confidentiality, Processing Integrity, Availability, and Privacy) compliant.

For more information on our security policy and certifications or to get a copy of the compliance report, kindly contact msp-mdmcloud-support@manageengine.com .

Vulnerability Reporting:

ManageEngine values the work done by security researchers in improving the security of our service offerings and we are committed to working with the community to verify, reproduce, and respond to legitimate reported vulnerabilities. To report a security issue please contact msp-mdmcloud-support@manageengine.com .

bsi-assurancebsi-assurance