Learn about IntelliCloud™ Security: Overview, Audits, Physical, Access, Monitoring, and Decommissioning.
Your Data and Analytics are Safe with Teradata
Cloud computing has revolutionized the way organizations manage their business and data, but it has also brought a unique set of security concerns. While some businesses are quick to embrace the agility and convenience of the cloud, others remain hesitant because of fear about data breaches and cybercrime.
We’ve got you covered. Security is the number one priority for Teradata IntelliCloud™ services, and that’s why we deliver across-the-board support for every facet of cloud security including physical security, network security, data protection, monitoring, and access controls.
We designed our managed cloud services from the ground up to meet the most advanced data security requirements, giving current and prospective customers the peace of mind that their data is private and secure with Teradata.
Teradata has invested in rigorous third party audits of its managed cloud offerings in order to demonstrate compliance with industry security regulations and industry best practices such as ISO 27001 and SOC 2 and most recently SOC 1, PCI and HIPAA. These audits were also undertaken to support customer compliance needs.
ISO/IEC 27001:2013 Certification
Coalfire ISO Inc, has certified the Teradata Cloud (since rebranded as Teradata IntelliCloud) Information Security Management System (ISMS) as conforming to the ISO/IEC 27001 Information security Standard. Coalfire ISO, Inc is an independent Certification Body (CB) certified by the ANSI-ASQ National Accreditation Board (ANAB) to conduct ISO 27001 IT Audits of Information Security Management Systems per the conforming ISO standards.
The Teradata Cloud (since rebranded as Teradata IntelliCloud) Information Security Management System (ISMS) has been certified in conformance with the ISO/IEC 27001:2013 security standard. The certification is recognized as the most comprehensive international standard available in information security management, indicative of the emphasis Teradata has placed on security, operational processes, and controls in place to meet growing security threats.
View the ISO/IEC 27001:2013 Certificate of Registration.
SOC 1 Type 2 Examination
Coalfire Controls, LLC performed a Statement on Standards for Attestation Engagements No. 16 (SSAE16 SOC 1) Type 2 examination for Teradata Cloud (since rebranded as Teradata IntelliCloud).
The SOC 1 report evaluates the system of internal control for purposes of complying with internal control over financial reporting. This examination results in transparency into Teradata Cloud’s (since rebranded as Teradata IntelliCloud) security principles. Additionally, customers can leverage this report to meet certain Sarbanes–Oxley Act requirements.
Contact us to view the SOC 1 Type 2 Report.
SOC 2 Type 2 Examination
Coalfire Controls, LLC performed an AICPA Service Organization Controls 2 (SOC 2) Type 2 examination for Teradata Cloud (since rebranded as Teradata IntelliCloud).
The SOC 2 report evaluates the criteria set forth by the American Institute of Certified Public Accountants (AICPA) Trust Services Principles. These principles define leading practice controls relevant to security, availability, processing integrity, confidentiality, and privacy. This examination results in transparency into Teradata Cloud (since rebranded as Teradata IntelliCloud) security and availability based on a defined industry standard and further demonstrates Teradata’s commitment to protecting customer data.
Contact us to view the SOC 2 Type 2 Report.
PCI DSS 3.2
The PCI Standards Council published PCI DSS 3.2 in April 2016 as the most updated set of requirements available. Payment Card Industry (PCI) Data Security Standards (DSS) version 3.2 has revised and clarified the online credit card transaction requirements around encryption, access control, change management, application security, and risk management programs.
The PCI Security Standards Council is a global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection. The Council maintains, evolves, and promotes the Payment Card Industry Security Standards. It also provides critical tools needed for implementation of the standards such as assessment and scanning qualifications, self-assessment questionnaires, training and education, and product certification programs.
Maintaining payment security is required for all entities that store, process or transmit cardholder data. Guidance for maintaining payment security is provided in PCI security standards. These set the technical and operational requirements for organizations accepting or processing payment transactions, and for software developers and manufacturers of applications and devices used in those transactions. Teradata IntelliCloud is assessed at the highest level of security, Merchant Level: 1.
Contact us to view the PCI DSS 3.2 Attestation of Compliance (AoC).
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) required the Secretary of the U.S. Department of Health and Human Services (HHS) to develop regulations protecting the privacy and security of certain health information. To fulfill this requirement, HHS published what are commonly known as the HIPAA Privacy Rule and the HIPAA Security Rule.
The Privacy Rule, or Standards for Privacy of Individually Identifiable Health Information, establishes national standards for the protection of certain health information. The Security Standards for the Protection of Electronic Protected Health Information (the Security Rule) establish a national set of security standards for protecting certain health information that is held or transferred in electronic form. The Security Rule operationalizes the protections contained in the Privacy Rule by addressing the technical and non-technical safeguards that organizations called “covered entities” must put in place to secure individuals’ “electronic protected health information” (e-PHI).
The Security Rule requires covered entities to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting e-PHI. Specifically, covered entities must:
- Ensure the confidentiality, integrity, and availability of all e-PHI they create, receive, maintain or transmit;
- Identify and protect against reasonably anticipated threats to the security or integrity of the information;
- Protect against reasonably anticipated, impermissible uses or disclosures; and
- Ensure compliance by their workforce.
Contact us to view the HIPAA Assessment Report.
“Teradata’s commitment to mission-critical security best practices is evidenced by Coalfire ISO Certification of Teradata Cloud’s Information Security Management System (ISMS) in conformance with the ISO/IEC 27001 International Standard for Information Security, as well as SOC 2 certification of the Teradata Cloud. The audit processes for these internationally respected standards are highly structured and follow a number of stages through which certiﬁcation is validated on objective criteria." – Bao Le, PE, CISM, vice president at Coalfire
Security Is Our Top Priority
Teradata understands that any successful cloud security solution requires close collaboration between you and your cloud service provider. We know it’s critical that your organization has a program that covers everything from data governance and compliance to cloud user access.
We also recognize the necessity of having cloud security training available for all employees or contractors who have access to the cloud. Plus, it’s equally important to establish a data breach policy and to know your cloud provider’s incident response plan. And finally, you need the ability to audit your provider on a regular basis. Teradata’s Consulting Services security team is ready to assist you in any or all of those areas.
Physical Security and Compliance
The Teradata IntelliCloud™ service environment has been designed and built to meet the high security control standards set forth in ISO 27001, SOC 1, SOC 2, PCI DSS, and HIPAA requirements as well as the cloud-specific best practices outlined by the Cloud Security Alliance (CSA).
When it comes to physical protection of the data center infrastructure powering Teradata IntelliCloud services, we offer comprehensive support. This includes access control systems, alarm systems, administrator logging, two-factor authentication, codes of conduct, confidentiality agreements, background checks, and monitoring of visitor access.
We log and monitor all physical access to the facility to detect and prevent potential security incidents. And we regularly review access logs to pinpoint any suspected unauthorized facility access then document such events and coordinate review and investigation with Teradata Corporate Security.
Our Uptime Institute Tier 4 Gold Colocation primary hosting facility in the United States is staffed 24 x 7 x 365 and offers complete video surveillance with best-in-class monitoring and fire safety controls. In addition to ensuring that every system component entering or exiting our data center facilities has been authorized, documented, monitored, and controlled, each Teradata IntelliCloud facility meets or exceeds applicable requirements for emergency power, emergency power shutoff, emergency lighting, fire protection, temperature and humidity controls, and water damage protection.
Rigorous Access Control
As part of our access protection policy we assign a risk designation to every Teradata Cloud Operations position and establish screening criteria for individuals who fill those posts. Our program screens individuals prior to authorizing access and makes sure signed agreements are in place before access is assigned. Teradata IntelliCloud services also enforce password complexity, stores and transmits only encrypted password representations, and sets minimum and maximum lifetime restrictions on those passwords.
Additionally, we offer a stringent re-approval process that includes:
- Creating, enabling, modifying, disabling, and removing Teradata IntelliCloud Directory accounts in accordance with account management procedures
- Approving all account management actions
- Monitoring account management operations for any unauthorized actions
- Disabling appropriate Teradata IntelliCloud Directory accounts whenever an individual is terminated or transferred
- Modifying role-based access whenever an individual’s system usage or need-to-know requirements change
- Automatically disabling inactive accounts after 90 days
Two-Tiered Security Defense Plan
Teradata IntelliCloud™ includes two layers of network security defense. The first layer consists of ingress and egress filtering control lists applied to our Internet border routers; these lists have been configured as ‘deny-by-default’ and limit connectivity. Robust application firewalls make up the second layer of defense.
Teradata also configures your site-to-site VPNs (Virtual Private Networks) to terminate on the cloud firewalls and we set ACLs (Access Control Lists) to define which traffic may be transported across your tunnel. Any traffic not matching an “approved traffic” ACL will be blocked.
Data Security and Monitoring
Teradata IntelliCloud™ services encrypt and secure your data whether it’s coming, going, or at rest. For data in transit, we support secure connections between your application and your database. Cloud systems are accessible via IPsec VPN tunnels to your data center infrastructure, which provides an additional layer of security over open-access Internet-based connectivity. For extra protection you can also choose to use MPLS (Multiprotocol Label Switching) or P2P (point-to-point) circuits to connect to Teradata IntelliCloud.
For data at rest, we utilize self-encrypting drives on dedicated database servers. There is also an optional “Enhanced Service” for column-level encryption which allows a database administrator to encrypt and control access to rows/columns within the database. Clients that store Card Holder Data (CHD) can opt for the “Enhanced Service” encryption solution to be compliant with PCI DSS.
Intrusion Detection and Protection
To make it easier for you to proactively detect cyber-attacks and policy violations, the security monitoring process for Teradata IntelliCloud intelligently collects and correlates all security-relevant events. Network devices such as border routers and firewalls send intrusion events to our Security Information and Event Monitoring (SIEM) system. When the SIEM detects an intrusion attempt, it responds appropriately based on the type of event detected.
Storage Device Decommissioning
The only storage media used in the Teradata IntelliCloud environment are hard disk drives and primary memory used in IntelliCloud devices or the storage media you supply for loading your data. These media are stored in locked cabinets within the physically-controlled data center. All media is sent to the data center via secure courier or by another delivery method that can be accurately tracked.
As part of our decommissioning support, the Teradata Cloud Operations team performs the following actions:
- Sanitizes all digital media prior to disposal
- Employs sanitization mechanisms with the strength and integrity commensurate with the security category or classification of the information
- Shreds and destroys non-digital data prior to disposal
- Maintains inventory logs of all media and conducts media inventories at least annually
Don't Let Disruptions Hurt Your Business
To help strengthen your disaster recovery and business continuity efforts, the Teradata Cloud Operations team maintains a contingency plan that identifies essential missions and business functions along with associated contingency requirements. We also provide recovery objectives, restoration priorities, and related metrics and address contingency roles and responsibilities.
The disaster recovery and business continuity plan, which Teradata tests and reviews regularly, also shows you how to maintain vital missions and business functions despite potential information system disruption, compromise, or failure.