October is Cyber Security Awareness Month, and considering the number of data breaches that occured in 2017, this topic has never been more relevant or timely.
As a solution provider to governments around the world, we see our customers’ dedication to protecting their communities and providing public services. The security of their data is critical to our mission as well, and we work everyday to ensure customer confidence around security and compliance.
Accela has been in the business of providing governments with secure solutions for decades. We are a FISMA-NIST compliant solution provider, and fundamental to our solution offering in the cloud is a battle-tested, unwavering commitment to providing our customers with an enhanced security and compliance framework that meets the needs of highly-scalable, enterprise-class workloads. We cover the key areas of identity security, network security, system security, data and key security, monitoring, response, compliance and privacy.
The above framework shows how Accela’s security framework is organized. We have employed several security controls from the FISMA-NIST family of controls such as Identify Management, Multifactor Authentication, Incident Response and Change Control to name a few. Security is an ongoing effort at Accela and we are constanly enhacing our security posture by implementing new controls. Being a seasoned security professional, and witnessing the breaches of our time, our goal is to protect the confidentiality, integrity and availability of our customers’ information.
As a company, we continue to invest in improving our processes and tools to perform activities such as software development, testing, deployment and change management, and overall performance tracking—all within the framework of complete compliance. We have been leveraging our processes and procedures to positively impact operational efficiencies.
Here are few areas of security improvements to share how Accela protects our cloud customers’ data:
⦁ Compliance with the highest standards: Accela’s Security & Compliance program’s foundation is based on NIST 800-53 Moderate level controls, and we adhere to ISO guidelines. We have received FISMA, PCI and SOC2 compliance certifications, and employ strong security controls to continually ensure Accela’s security posture.
⦁ Proactive security measures: We take a proactive stance to security by embedding best practices into early phases of the software development life cycle with static and dynamic code analysis, penetration testing by an industry-leading 3rd party and internal testing and verification.
⦁ User Authentication: Leveraging user authorization through network credentials makes it easier to administer Accela’s system privileges to address the security concerns when an employee changes roles or leaves the organization. In 2018, we’ll see SSO (Single Sign-On) functionality that enables users to seamlessly log in to Accela applications by leveraging their current network and system credentials, with the options to enable strong authentication for certain system users based on requirements.
⦁ Encryption: Our cloud applications are encrypted while in motion and at rest with system configuration using SSL certified standards.
⦁ Backup and recovery: Accela has a robust backup and recovery program for the user, system and information data using cryptographic protection to protect the confidentiality and integrity of the entire database, as well as protection of cryptographic keys.
⦁ Logging and situational awareness: Our system and audit logs capture various types of logs including network, system, application, database access, etc. for security monitoring and audit purposes. We have a regular testing program implemented to protect the vulnerabilities for our codebase and network.
⦁ Performance monitoring: Our investment in real-time performance monitoring helps us proactively monitor various network, system, user and behavior change to address any potential security risks.
As Chief Technology Officer, my goal is to maintain a culture of security and compliance at Accela. As you can see, we’ve taken great care to implement a robust security program that meets the most stringent requirements and standards. Governments of all sizes can benefit from Accela’s cloud offerings to help secure and comply to various regulations.