Skip to content
  • There are no suggestions because the search field is empty.

ALICE Cloud Security Overview

This article details the security details of the components that make up the ALICE Cloud Services.

ALICE Cloud Services are hosted on the Microsoft Azure cloud infrastructure. Alice cloud databases, services and applications take advantage of built in encryption for both data at rest and in transit. Data stored on the ALICE Cloud infrastructure is encrypted both at rest and in transit. Azure threat detection allows ALICE Cloud Services to monitor and detect anomalous database activities indicating potential security threats to the Alice cloud databases.  Data stored on the Azure cloud a broad set of industry standards including ISO 27001, SOC 1, SOC 2 and FedRAMP.

Azure compliance meets a long list of international, regional and industry specific standards. The security compliance framework includes test and audit phases, security analytics, risk management best practices, and security benchmark analysis to achieve certificates and attestations. Microsoft Azure offers an extensive list of certifications for all in-scope services which are inherited by the ALICE Cloud services and data.

Microsoft Azure Platform

Microsoft Azure provides cloud services for a wide range of enterprise and government customers. The core of Microsoft Azure provides four primary functions on which customers build and manage virtual environments, applications, and associated configurations.

Microsoft, with its unique experience and scale, delivers these services to many of the world’s leading enterprises and government agencies. Today, the Microsoft cloud infrastructure supports over 1 billion customers across our enterprise and consumer services in 140 countries and supports 10 languages and 24 currencies.

Drawing on this history and scale, Microsoft has implemented software development with enhanced security, operational management, and threat mitigation practices, helping it to deliver services that achieve higher levels of security, privacy, and compliance than most customers could achieve on their own.  

Microsoft shares best practices with government and commercial organizations and engages in broad security efforts through the creation of centers of excellence, including the Microsoft Digital Crimes Unit, Microsoft Security Response Center, and Microsoft Malware Protection Center.

Compliance

By being hosted on the Microsoft Azure Cloud platform, ALICE Receptionist’s cloud infrastructure inherits the benefits of Microsoft’s investment in infrastructure security.

Microsoft invests heavily in the development of robust and innovative compliance processes. The Microsoft compliance framework for online services maps controls to multiple regulatory standards. This enables Microsoft to design and build services using a common set of controls, streamlining compliance across a range of regulations today and as they evolve in the future.

Microsoft compliance processes also make it easier for customers to achieve compliance across multiple services and meet their changing needs efficiently. Together, security-enhanced technology and effective compliance processes enable Microsoft to maintain and expand a rich set of third-party certifications.

Azure meets a broad set of international as well as regional and industry-specific compliance standards, such as:

  • ISO 27001
  • FedRAMP
  • SOC 1
  • SOC 2

Azure’s adherence to the strict security controls contained in these standards is verified by rigorous third-party audits that demonstrate Azure services work with and meet world-class industry standards, certifications, attestations, and authorizations.

Azure is designed with a compliance strategy that helps customers address business objectives and industry standards and regulations. The security compliance framework includes test and audit phases, security analytics, risk management best practices, and security benchmark analysis to achieve certificates and attestations. Microsoft Azure offers the following certifications for all in-scope services:

  • CDSA
  • FERPA
  • MLPS
  • CJIS
  • FIPS 140-2
  • MTCS
  • CSA CCM
  • HIPAA
  • PCI DSS
  • EU Model Clauses
  • IRAP
  • SOC 1 and SOC 2
  • FDA 21 CRF Part 11
  • ISO/IEC 27018
  • TCS CCCPPF
  • FedRAMP
  • ISO/IEC 27001/27002:2013
  • UK G-Cloud

 

Data Encryption

DATA AT REST

Data at rest stored on the ALICE Cloud infrastructure is encrypted using Azure SQL Database Transparent Data Encryption.

Azure SQL Database transparent data encryption helps protect against the threat of malicious activity by performing real-time encryption and decryption of the database, associated backups, and transaction log files at rest.

TDE encrypts the storage of an entire database by using a symmetric key called the database encryption key. In SQL Database the database encryption key is protected by a built-in server certificate. The built-in server certificate is unique for each SQL Database server. If a database is in a GeoDR relationship, it is protected by a different key on each server. If 2 databases are connected to the same server, they share the same built-in certificate. Microsoft automatically rotates these certificates at least every 90 days.

DATA IN TRANSIT – TLS 1.2

Data in transit between the ALICE Cloud infrastructure and ALICE deployed applications is transferred securely using TLS 1.2 protocol.

Transport Layer Security (TLS), the successor of the now-deprecated Secure Sockets Layer (SSL), is a cryptographic protocol designed to provide communications security over a computer network. Several versions of the protocol are widely used in applications such as email, instant messaging, and voice over IP, but its use as the Security layer in HTTPS remains the most publicly visible.

The TLS protocol aims primarily to provide privacy and data integrity between two or more communicating computer applications. It runs in the application layer of the Internet and is itself composed of two layers: the TLS record and the TLS handshake protocols.

Company and Customer PII Data Elements

This list includes Company Identifiable and Customer Identifiable Information that can be collected and stored in the ALICE Cloud database. This list only applies to customers who choose to implement the ALICE Cloud configuration. Most of the data elements listed below are optional at the Company’s discretion. Some features of the ALICE system, requires the optional data elements to exist in order to be functional. This list does not include custom data that may be configured and collected by the Company.

COMPANY DATA ELEMENTS:

  • Company Name (required)
  • Office Address (optional)
  • Organization Name(s) (required)
  • Department Name(s) (optional)

Employee data elements

  • Name (optional)
  • Email (optional)
  • Mobile Photo (optional)
  • Title / Position (optional)
  • Primary Contact Number/Address (required)
  • Secondary Contact Number/Address (optional)
  • Mobile Contact Number (optional)

GUEST DATA ELEMENTS (Collected during visitor Check-in)

  • Name (required)
  • Email (optional)
  • Photo (optional)
  • Address (optional)
  • Organization (optional)
  • Mobile Phone (optional)
  • Work Phone (optional)
  • US Citizen (Y/N?) (optional)

GUEST ID DATA ELEMENTS (Collected when visitor scan ID during check-in)

  • Name (required)
  • Photo (required)

PII Retention Policies

Personally Identifiable Information (PII) is managed by ALICE Receptionist using the following processes

COMPANY AND EMPLOYEE DATA ELEMENTS

Company data is retained as long as the Company maintains an active subscription with ALICE Receptionist. ALICE Receptionist automatically archives and purges Company and Employee data based on the below Retention policy triggers.

  • Archive Data: 30 days after the subscription end date, all Company data is archived.
  • Purge Data: 90 days after the subscription end date, all Company data is purged from the ALICE Receptionist databases.

GUEST DATA ELEMENTS

Guest data is retained as long as the Company maintains an active subscription with ALICE Receptionist. ALICE Receptionist automatically archives and purges Guest data based on the below Retention policy triggers.

  • Archive Data: 30 days after the subscription end date, all Guest data is archived.
  • Anonymized Data: 60 days after the subscription end date, PII Guest data is anonymized.
  • Purge Data: 90 days after the subscription end date, all Guest data is purged from the ALICE Receptionist databases.

Customers can download data and reports from the ALICE Receptionist systems as long as they have an active subscription.

After the end of the subscription, data remains available to customers to download data and reports for 30 days. Because the customers’ accounts no longer be active, after the subscription end date, customers must request access to download data.

Archived data can be restored upon request. A processing fee of $450 will be charged.

The process of anonymizing data results in any PII data being scrubbed, while maintaining non-PII data.

Once data has been purged it can no longer be recoverable.

Threat Detection

ALICE cloud infrastructure uses Azure Threat Detection to detect anomalous database activities indicating potential security threats to the ALICE cloud database.

Threat Detection provides a layer of security, which enables ALICE staff to detect and respond to potential threats as they occur by providing security alerts on anomalous activities.

For example, Threat Detection detects certain anomalous database activities indicating potential SQL injection attempts. SQL injection is one of the common Web application security issues on the Internet, used to attack data-driven applications. Attackers take advantage of application vulnerabilities to inject malicious SQL statements into application entry fields, for breaching or modifying data in the database.

Documentation

Certifications, Trust Documents and supporting documents are available upon request.