This Security Policy describes the procedures employed by Cirrus Lender Services, Inc. (CirrusLS) web services (“Services”) and its licensor, Microsoft, owner of the Microsoft Azure Cloud Computing Platform and Infrastructure (“MS Azure”), for collecting, using, storing and securing information obtained through use of the website CirrusLS.com by CirrusLS customers who have entered a Service Agreement and Purchase Order with CirrusLS for its Services (“Clients”).
CirrusLS contracts with Microsoft as its licensor of the MS Azure for data storage and security. As Client is a sub-licensor of MS Azure, liability for breaches to Client Data processed or stored on MS Azure is specifically limited to the terms of the Microsoft MS Azure service and SLA policies, and as set forth in the CirrusLS Service Agreement.
This document provides an overview of some of the technical and organizational measures designed to help provide and enable security for the MS Azure platform (including Microsoft Azure, MS Azure AppFabric, SQL Azure, and CirrusLS encryption). As used herein, references to “customers “ will mean CirrusLS as a customer of MS Azure, and references to “end users” will mean Client(s) of CirrusLS. Security related treatment of MS Azure customers as set forth herein relates to the end user Client Data transmitted and stored in or through the Services by Clients. “SSE” is the sleep state encryption techniques performed on Client Data by CirrusLS as it resides in the MS Azure cloud platform.
The Hosting Environment
The MS Azure platform environment is composed of computers, operating systems, applications and services, networks, operations and monitoring equipment, and specialized hardware, along with the administrative and operations staff required to run and maintain the services. The environment also includes the physical operations centers that house the services and which themselves must be secured against malicious and accidental damage.
Key Architecture Design Points
The MS Azure platform is designed to provide “Defense in Depth,” reducing the risk that failure of any one security mechanism will compromise the security of the entire environment. The Defense in Depth layers include:
Filtering Routers: Filtering routers reject attempts to communicate between addresses and ports not configured as allowed. This helps to prevent common attacks that use “drones” or “zombies” searching for vulnerable servers. Although relatively easy to block, these types of attacks remain a favorite method of malicious attackers in search of vulnerabilities. Filtering routers also support configuring back end services to be accessible only from their corresponding front ends
Firewalls: Firewalls restrict data communication to (and from) known and authorized ports, protocols, and destination (and source) IP addresses.
Cryptographic Protection of Messages: TLS with at least 128 bit cryptographic keys is used to protect control messages sent between MS Azure datacenters and between clusters within a given datacenter. Customers have the option to enable encryption for traffic between end users and customer VMs.
Software Security Patch Management: Security patch management is an integral part of operations to help protect systems from known vulnerabilities. The MS Azure platform utilizes integrated deployment systems to manage the distribution and installation of security patches for Microsoft software.
Monitoring: Security is monitored with the aid of centralized monitoring, correlation, and analysis systems that manage the large amount of information generated by devices within the environment, providing pertinent and timely monitoring and alerts to MS Azure customers.
Network Segmentation: Microsoft uses a variety of technologies to create barriers for unauthorized traffic at key junctions to and within the datacenters, including firewalls, Network Address Translation boxes (load balancers), and filtering routers. The back-end network is made up of partitioned Local Area Networks for Web and applications servers, data storage, and centralized administration. These servers are grouped into private address segments protected by filtering routers.
Physical security goes hand-in-hand with software-based security measures, and similar risk assessment and risk mitigation procedures apply to both.
MS Azure platform services are delivered to customers through a network of global datacenters, each designed to run 24 x 7, and each employing various measures to help protect operations from power failure, physical intrusion, and network outages. These datacenters are compliant with applicable industry standards for physical security and reliability; managed, monitored, and administered by Microsoft operations staff; and geographically dispersed.
Microsoft uses highly secured access mechanisms, limited to a small number of operations personnel, who must regularly change their administrator access passwords. Datacenter access, and authority to open datacenter access tickets, is controlled by the network operations director in conjunction with local datacenter security practices.
Operations and Personnel Security: Design of the Services
The MS Azure platform is designed to be run without routine access to Client Data of end users by Microsoft personnel. Because Client Data is further encrypted by CirrusLS, neither Microsoft nor CirrusLS, including its employees and contractors, have direct access to Client Data.
CirrusLS Added Encryption
Client Data is encrypted at all times with CirrusLS SSE as it resides in the MS Azure cloud platform. In the event of physical compromise of the MS Azure cloud environment containing Client Data the internal or external sources of the file system containing the encrypted Client Data will not be in clear text and therefore will be unusable by an intruder. The SSE incorporates GUID (globally unique identifier), for unique reference and identification of Client Data, through implementation of the UUID (universally unique identifier) standard. By obscuring folder and file names with GUID and implementing encryption techniques on Files the directory structure becomes undecipherable and offers an improved level of protection to Clients. Through the utilization of this technique, Files are unreadable outside of the application by any user – inclusive of internal CirrusLS employees.
MS Azure platform services have operations personnel staffed 24 x 7. If the incident is a security incident, the documented procedures to follow in the event of such a security incident will be implemented by the Operations personnel. Also, a full communication plan is in place and will likewise be implemented in the event of a security incident.
Microsoft administrative operations are audited. The audit trail can be viewed to determine the history of changes.
In addition to datacenter, network, and personnel security practices, the MS Azure platform incorporates various security practices at the application layer to help ensure a security-enhanced experience for all customers. This includes both how the application is developed and features within the application that are available to the administrators of the service.
MS Azure provides virtual machines to customers, giving them access to most of the same security options available in Windows Server. Customers use SSL client certificates to control updates to their software and configuration.
Fault-Tolerance & Redundancy
Many aspects of the MS Azure platform are designed to be fault-tolerant and redundant. This gives customers the ability to architect and deploy fault tolerant applications. Despite these steps, the MS Azure platform is not guaranteed to be completely fault-tolerant, and developers using the MS Azure platform should utilize additional safeguards where appropriate.
Each layer of the MS Azure platform infrastructure is designed to continue operations in the event of failure, including redundant network devices at each layer and dual Internet service providers at each datacenter. Failover is in most cases automatic (requiring no human intervention), and the network is monitored by the Network Operations Center 24×7 to detect any anomalies or potential network issues.
The MS Azure platform runs in multiple datacenters around the world. In the event of a catastrophic failure involving an entire datacenter, a customer could deploy their application at a backup location.
Microsoft regards personal information as private and will take reasonable and customary measures to appropriately handle personally identifiable information. Microsoft (including, for this purpose, all of our U.S. subsidiaries) is Safe Harbor certified with the U.S. Department of Commerce. This allows for legal transfer of data to Microsoft for processing from within European Union and countries with aligned data protection laws. Microsoft acts as the data processor and, to the extent of the Service’s capabilities, decisions regarding data usage are made by the data controller.
The MS Azure platform, like other Microsoft services and products, is built in accordance with Microsoft Trustworthy Computing Initiative’s privacy guidelines.
Microsoft may modify the security measures described here to address evolving security threats, to implement new security technology and processes, or as warranted by other updates to the MS Azure platform. Microsoft will provide electronic notice to MS Azure platform customers at least 90 days before making security changes that would require an update to this document, unless legal requirements or urgent security or performance issues require Microsoft to act sooner (in which case Microsoft will notify customers as soon as practical).
CirrusLS Access to and treatment of Client Data
CirrusLS, including its employees and contractors, do not have direct access to Client Data in the normal course of operations. Client Data is treated by CirrusLS as Confidential Information pursuant to the terms of CirrusLS Service Agreement.
CirrusLS Added Encryption
In the event of physical compromise of the MZ Azure cloud environment containing Client Data, such Client Data is encrypted and thus the internal or external sources of the file system containing Client Data should not be in clear text and therefore unusable by an intruder. By obscuring folder and file names with GUUIDS and implementing encryption techniques on files the directory structure becomes undecipherable and offers an improved level of protection to Clients. Through the utilization of this technique, files are unreadable outside of the application by any user – inclusive of internal CirrusLS employees.
For information about specific data handling and security practices on the MS Azure platform, please contact Cirrus Lending Services, Inc. at Support@CirrusLS.com.