SaaS Environment and Security
Our SaaS environment is hosted within AWS. These secure facilities offer environmental protection, advanced network security, and both the processes and appliances to maintain the highest levels of data security.
Security
At TreeRing Workforce Solutions, our top priority is keeping our customers' data secure. We employ rigorous security measures at the organizational, architectural, and operational levels to ensure that your data, applications, and infrastructure remain safe.
Data Encryption
TreeRing Time encrypts every attribute of customer data before it’s persisted in a database. This is a fundamental design characteristic of the TreeRing Workforce Solutions technology. Because TreeRing is an in-memory, object-oriented application instead of a disk-based RDBMS, we can achieve the highest level of encryption. We use the Advanced Encryption Standard (AES) algorithm with a key size of 256 bits and a unique encryption key for each customer.
Transport Layer Security (TLS) protects user access via the internet, helping to secure network traffic from passive eavesdropping, active tampering, or message forgery. File-based integrations can be encrypted via PGP or a public/private key pair generated by TreeRing, using a customer-generated certificate. WS-Security is also supported for web services integrations to the TreeRing Time API.
Logical Security
TreeRing security access is role-based, supporting LDAP Delegated Authentication, SAML for single sign-on, and x509 certificate authentication for both user and web services integrations.
Operational Security
Physical Security
TreeRing Workforce Solutions applications are hosted in state-of-the-art data centers designed to protect mission-critical computer systems with fully redundant subsystems and compartmentalized security zones. Our data centers adhere to the strictest physical security measures including, but not limited to, the following:
• Multiple layers of authentication for server area access
• Two-factor biometric authentication for critical areas
• Camera surveillance systems at key internal and external entry points
• 24/7 monitoring by security personnel
All physical access to the data centers is highly restricted and stringently regulated.
Network Security
TreeRing Workforce Solutions has established detailed operating policies, procedures, and processes designed to help manage the overall quality and integrity of the TreeRing Workforce Solutions environment. We’ve also implemented proactive security procedures, such as perimeter defense and network intrusion prevention systems (IPSs).
Network IPSs monitor critical network segments for atypical network patterns in the customer environment as well as traffic between tiers and service. We also maintain a global Security Operations Center 24/7/365.
Application Security
TreeRing Workforce Solutions has implemented an enterprise Secure Software Development Life Cycle (SDLC) to help ensure the continued security of TreeRing Workforce Solutions applications.
This program includes an in-depth security risk assessment and review of applications features. In addition, both static and dynamic source code analyses are performed to help integrate enterprise security into the development lifecycle. The development process is further enhanced by application security training for developers and penetration testing of the application.
Vulnerability Assessments
TreeRing Workforce Solutions contracts with third-party expert firms to conduct independent internal and external network, system, and application vulnerability assessments.
Application
We contract with a leading third-party security firm to perform an application-level security vulnerability assessment of our web and mobile application prior to each major release. The firm performs testing procedures to identify standard and advanced web application security vulnerabilities, including, but not limited to, the following:
• Security weaknesses associated with Flash, Flex, AJAX, and ActionScript
• Cross-site request forgery (CSRF)
• Improper input handling (such as cross-site scripting, SQL injection, XML injection, and cross-site flashing)
• XML and SOAP attacks
• Weak-session management
• Data validation flaws and data model constraint inconsistencies
• Insufficient authentication or authorization
• HTTP response splitting
• Misuse of SSL/TLS
• Use of unsafe HTTP methods
• Misuse of cryptography
Network
External vulnerability assessments scan all internet-facing assets, including firewalls, routers, and web servers for potential weaknesses that could allow unauthorized access to the network. In addition, an authenticated internal vulnerability network and system assessment is performed to identify potential weaknesses and inconsistencies with general system security policies.