Administrative Security

Employee Screening
 

Prior to beginning work for LiveOffice, new employees must pass a thorough background check and be rechecked every three years. In addition, every employee must sign legally binding security agreements and receive security training. LiveOffice administrative offices also feature controlled access and camera surveillance at each ingress and egress point to monitor employee activities 24–7–365.

Confidentiality NDAs
 

Every employee is required to sign and agree to comprehensive confidentiality and nondisclosure agreements prior to beginning work for LiveOffice. Plus, the company requires any employee who has access to any computer or network to acknowledge that any actions may be logged or monitored for acceptable use.

Ongoing Certifications
 

Every employee is required to renew their security certifications annually. Any changes to LiveOffice security policies are communicated in real time and employees must acknowledge receipt and adherence to them. In addition, before accessing any computer or network, employees must acknowledge that any actions may be logged or monitored for acceptable use and agree to the company’s security policies as part of the authentication process.

Change Management
 

LiveOffice releases a variety of enhancements and fixes every month to improve the performance and security of its services. In order to minimize security risk and maximize service uptime, the company follows a detailed change and configuration management process. All changes must have a Change Management Request and required approvals.

Access Management
 

User access management practices exist to support LiveOffice’s Access Control Policy. Access onboarding, change requests or terminations can only be made by a LiveOffice employee at a manager level (or higher). Access is provisioned based on the principles of least privilege and default deny.

Uptime Monitoring
 

LiveOffice employs a variety of monitoring systems, which produce alerts for its Data Center Operations, Engineering and executive staff teams via email and SMS in the event of system availability and/or performance issues. Its Data Center Operations staff has an around-the-clock on-call rotation model, and on-call staff is responsible for tracking alerts and identifying potential issues.

Systems Monitoring
 

LiveOffice uses the SolarWinds IT management software framework for monitoring of core systems, including storage devices, network devices, servers, operating systems, databases and key application processes/services. The company has console views for each of its applications, and SolarWinds provides detailed monitoring of critical server statistics.

Application Monitoring
 

LiveOffice has built customized monitoring for its archiving systems to monitor its archiving processes. This monitoring functionality tracks processing of email across the archive, helps staff identify clients whose journaling traffic may have dropped off abnormally (versus previous trends), trends overall journaling traffic to identify system-wide anomalies and tracks processing at each step in LiveOffice archiving services.

Internet Monitoring
 

LiveOffice uses Uptrends (www.uptrends.com) to monitor its services externally from the Internet. Uptrends is a monitoring service provider that has Points of Presence (POP) throughout the Internet and performs availability and transaction monitoring from each POP on an automated, regular basis. The system is configured to perform many tests every five minutes from every POP.

Incident Response Process
 

The Internet security threat landscape is constantly evolving. Since LiveOffice relies on the Internet to deliver its services, an organized and controlled incident response process is key to quickly responding and containing threats. LiveOffice has a step-by-step process is in place to investigate and respond to any incidents.

Symantec Security Services
 

LiveOffice partners with Symantec Security Services to support its security operations and incident response process. The methodologies Symantec leverages include real-time analysis of security data detects attacks in progress; analyzing both firewall and intrusion detection data raises the awareness of security threats exponentially; correlating external threat activity with the unique requirements of our environment results in actionable, prioritized remediation recommendations; and security log data and detailed reports to support IT policies and regulatory compliance requirements.

LiveOffice also uses Symantec’s leading Endpoint Protection and host intrusion prevention system (SEP and HIPS) technology to provide malware protection for servers and the Symantec Altiris® Patch Management Solution™ to proactively manage patches and software updates by automating the collection, analysis and delivery of patches.

Intrusion Detection Systems
 

For an additional layer of protection, LiveOffice uses intrusion detection systems (IDS) to detect malicious network traffic and computer usage that often cannot be caught by a conventional firewall. LiveOffice partners with Symantec Security Services to support a comprehensive Snort® intrusion detection system security event management system. Snort is the most popular and widely supported open source network intrusion prevention and detection system (IDS/IPS).

Qualys Vulnerability Testing
 

LiveOffice leverages Qualys to proactively monitor every data center network access point. QualysGuard delivers continuous protection against the latest worms and security threats without the substantial cost, resource and deployment issues associated with traditional software.