|
Offshore Outsourcing
Best Practicesoutsourcing@dataart.com
|
 |
Risk Management
Software Development Center Security
DataArt's St. Petersburg development center is located in a 6-story secure modern office building. The building was fully renovated in 1996. The building's other tenants are primarily Western companies. Building access is controlled by security staff 24x7 and is based on strict photo identification.
Communications:
DataArt uses digital phone lines for voice communication. In terms of Internet connectivity, DataArt's offices have 2 independent high-speed ADSL links to different providers.
Network security:
DataArt uses a secure network architecture to ensure protection of all our systems, networks, applications, and intellectual properties. This security architecture is emulated in various configurations throughout DataArt. The core architecture uses the following components:
- Connection Points - External routers provide a connection between DataArt's network and the Internet and provide basic protection (based on packet filters) from traffic spoofing.
- Our firewall is the first line of defense for our network to prevent unauthorized access (penetration) from external entities and controls internal traffic policy. Our firewall policy is based on communications protocol, traffic source and destination, and protocol state restrictions.
- The Network Address Translation function and our Proxy ensure a higher level of network security during communications between the DataArt LAN and external resources.
- Tunneling. We use tunnels for connecting our premises with common computing networks through the public Internet. Our tunnels are built on the Ipsec protocol and provide 64-bit traffic encryption. In addition, we maintain a secure VPN between DataArt's NYC and St. Petersburg offices.
- PartSecure Segments. The PartSecure Segment is a portion of our network that is in essence a protected firewall system. The computing systems on this network have direct access to/from the Internet and are typically used only for demonstrating our products to customers.
- Authentication Authorization Accounting (AAA) Domain. A user (DataArt employee, customer, partner etc) gains access to computing resources after authentication (based on login/password and source control schemas). User is also verified to have permission to use the resource through an access list. All important user actions are logged. DataArt's AAA domain is implemented using Microsoft Active Directory on Microsoft-based computers and other variants (local authorization, RADIUS-server) on non-Microsoft platforms.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
