Additional InSite Security Information Detail
InSite – Application and Server/Hosting Security FAQs
1How does InSite do what it does?
InSite does its job by pulling and pushing data into and out of your Jive instance via Jive’s ReST APIs.
2Does that mean you have access to all our Jive data?
Yes, but entirely controllable by you – down to the object level. I you don’t want InSite having access to Direct Messages, for instance – we don’t have to even pull that data when InSite is extracting data from Jive.
3So, do you copy all of our Jive data?
We do copy your Jive data to our servers. Specifically, (at this time) Jive User, Invite, Content and Places data. This enables us to perform the queries and implement the functionality you have seen in the product. It also allows you to perform complex, or compute-intensive queries without worrying about any performance impact on your production Jive instance.
4Do you collect or share any of our data outside of our specific InSite instance??
InSite does collect several pieces of aggregated instance data for pricing and performance uses, such as the total number of users and Places on your Jive instance. 411 Labs will never reveal or publish this information in any way, outside the company, except as aggregated (at the 411 Labs level) or anonymized data.
5Is the copying (pulling) of Jive data secure?
Both the data pulls and pushes are accomplished via the use of Jive’s published ReST APIs (v3). All those data pushes and pulls are done via an SSL encrypted connection between the systems., and each API call requires authentication by Jive (UserID and Password).
6Do we need to do anything to our Jive system in order to enable the InSite service?
In order to both push and pull data, the InSite service must be set up as a user with API rights on your connected Jive system. All events (pushes and pulls) that the API user performs are logged in both your Jive system and your instance of InSite, so you always have a record of the data that has been pulled into your InSite system as well as any data changes (record additions, deletions and modifications) that the InSite system is injecting into your Jive system.
7Is our Jive data safe while it is in transit between our Jive server and InSite;s?
As mentioned in Item #3 above, the InSite servers are SSL 256 bit encryption enabled (HTTPS) – the industry standard for the security of data traveling between servers - or between a server and a client browser.
8How do you prevent unauthorized access to my Jive data - once it is residing on InSite's servers?
The InSite system itself has a user ID and password credentialing system that is separate from your Jive system. Only users you designate have rights to view data, create and execute campaigns, or perform bulk edits of Jive data on your InSite system, and all of those actions by InSite users are separately logged in our system. In addition, a browser session connecting to your InSite instance MUST come from within your enterprise network IP range. We have that IP range established in our firewall white list - so any browser attempting to connect to your InSite instance must originate within that IP range, or the connection is refused and the browser won't even see the InSite login screen.
9Once set up and implemented, who can use InSite and see its data?
Only you, those users you specifically designate, and our InSite Support Team have access rights to the InSite system and data.
10What about your hosting company? Are they secure?
Our colocation hosting company is very secure with biometrics for physical access, etc. They maintain many industry standard security certifications. Please contact us directly for specific information about their credentials.
11Is my InSite data co-mingling with other InSite customer's data?
No, Each InSite instance has its own database and credentials to prevent any co-mingling of your data with that of other InSite clients.
12What other security measures do you implement
We implement many other security measures that we are happy to discuss with you directly, however - at a minimum: We enforce a VPN-only connection (via firewall IP range whitelist) between your your browser client and your InSite instance. We implement an “Encryption at Rest” protocol, such that your InSite data is encrypted – even while stored on the InSite servers.
13What other options do you offer regarding security?
While the protocol and security structures listed above should meet most security requirements, we can also implement additional security features, if they are requested or required. Specifically: We can establish IP restrictions such that your InSite service can only communicate with the IP address of your Jive servers and vice versa. We can enforce a VPN only connection between the InSite servers and your Jive instance. Sub-Domain inclusion. This would make your InSite instance URL something like https://InSite.YourCorporateDomain.com (by default your URL would be https://YourCorporateDomain.411labs.net), and the instance would appear as part of your existing corporate network – as if it was a new office building for your enterprise being established.
14We really aren't comfortable with the Cloud yet. How can I still be an InSite customer?
We also offer InSite in an “on-premise” configuration. Under this configuration you would install InSite on your own servers and be responsible for system performance, security, administration, new point release and patch installation, etc. and 411 Labs will only supply the software itself and provide software support. The on-premise model will involve some additional cost annually, but that charge is dependent on how it is implemented and configured. We would price the option after further discussions with you and your IT staff. Please let me know if you would like to pursue this option.