Hundreds of organizations and millions of users across the private and public sectors depend on Jive to keep their information secure every day. Jive leverages multiple layers of defense to protect key information and handle all critical facets of network and application security, including authentication, authorization and assurance.
Jive Security Architecture
Jive’s security architecture is designed to protect the confidentiality, integrity and availability of all customer information that we host. To that end, we apply stringent, risk-adjusted security controls in layers ranging from facilities (physical security) to network infrastructure (network security), IT systems (system/host security) and information and applications (application security).
Network Infrastructure Security
- Highly available and redundant network security architecture.
- Includes firewall and best-of-breed intrusion detection systems that monitor the network for sophisticated attacks ranging from network-based attacks to complex application layer attacks.
Data Security
- Jive hosting supports various encryption methods to protect data transiting over untrusted networks.
- Customers can choose to implement SSL or VPN technology to add a layer of protection to their hosted site.
- Additionally, encryption has been implemented for both transit and storage of offsite backups in the remote data center facilities.
Certification of Compliance
- Regular third party audits.
- Data center facilities are SAS70 TYPE II or SSAE 16 compliant.
- Safe Harbor and Truste certified.
Virtualization
- Virtualization technologies provide key cost efficiencies through multi-tenancy. Virtualization capabilities at the server, storage and network layers to ensure strict separation of customer instances and prevent any information leakage.
Certified Security Personnel
- Jive’s Hosting Operations and Information Technology teams include certified Information Security professionals who help define our security policies and guidelines.
- Members of our security team currently hold CISSP, CEH, and CISM certifications, as well as other respected technical certifications.
Software Engineering Security Process
- Security is continuously improved and tested throughout the Jive product lifecycle.
- All new feature designs are audited for high-level security considerations, and feature implementations are checked for security flaws throughout development.
- Existing features are audited for security vulnerability regressions, and application-wide audits are performed to ensure feature integration is secure.
- Third-party components used by Jive are researched and watched carefully for vulnerabilities.
Best Practices
Jive maintains secure programming best practices documents, which are mandatory reading for all of our developers. Best practice documents are updated on a regular basis to reflect current vulnerability knowledge, and also provide developers with real-world examples of previous programming mistakes and how to avoid them. Topics covered include input/output data sanitation, proper usage of authentication and authorization, avoiding information disclosure and secure file system (and other resource) usage.
QA Security Process
Security Assessment Policy
Jive’s release readiness workflow includes continuous security tests and assessments. Many manual and automated security tests are conducted at milestones leading up to public release. Security vulnerabilities discovered during these tests are then reviewed for criticality and remedied prior to release. This ensures that every release is deemed fully secure out of the gate.
Managing Vulnerabilities
Jive maintains accurate records of discovered vulnerabilities and their remediations. Critical vulnerabilities are fixed within one business week, and customers are notified of critical vulnerabilities. Customers are free to install the security patches in an on-premise instance, and the hosting team is available to apply security patches per customer requests.
Product Security Features
The Jive platform has a number of built-in features for configuring security at a level appropriate to your organization. Our Professional Services team is also available to perform customizations if the out-of-the-box options don’t meet your security requirements.