White paperShipping & MailingRelay communicationshub data securityTM
Page 2The Relay communications hublets you modify and improve yourprint communications as well asgetting you ready for sending digitalcommunications. Minimize disruptionby working seamlessly with yourexisting systems.The Relay communications hub byPitney Bowes is offered as a hostedbusiness application. Pitney Bowesoffers hosting of this application inorder to simplify deployment, freecustomer IT resources to focus oncore business objectives and toprovide worry-free implementation.More and more businesses are usinghosted versus on premise software.Relay offers a superior solution witha high degree of security and privacy.Pitney Bowes hosting servicesNotable benefits for choosing aPitney Bowes hosting service include: The Relay communications hub,alone, may provide a beneficialbusiness case, and is enhancedfurther by reducing the in-houseIT resource and budget constraints. Corporate policy may call forapplications to be outsourced orto use software as a service (SaaS)whenever possible.This document discusses the hostedoffering, a comprehensive introductionto the inherent security and privacyfeatures of the Relay communicationshub as well as an overview of themanagement and monitoringcomponents of the hosting solutionbeing provided by the Pitney BowesGlobal Hosting team. Corporate firewall restrictionsand/or other security issues maymake external hosting a moreattractive option.For more information on Relay, please contactyour Pitney Bowes technical consultant.RelayTM Communications hub data securityA Pitney Bowes white paper
Page 3Security architectureThe Relay communications hub security architectureincludes both the design and maintenance of a secureplatform and policies. They have been created toprotect the privacy of direct customers and all data,as well as application features which implement stringentPitney Bowes’ security and privacy policies.TMPlatform securityTrustwave external penetration testconcludes Relay hub is low riskAs part of a tier 3 application enrollment in Trustwave’sManaged Security Testing (MST) services, Pitney Bowesengaged Trustwave SpiderLabs to perform an annualpenetration test of the Relay hub application. The primaryobjective of this test was to gauge the resiliency of theapplication to various attacks launched against bothauthenticated and unauthenticated surfaces. Trustwaveconducted the test between the dates of October 5 – 9,2015. After careful review of the systems and accesslevels included in this test, Trustwave feels that theRelay hub application is at a low risk of compromise.Hosting facility security and accessPitney Bowes Relay is hosted in world-class hostingfacilities. These facilities are managed by Amazon WebServices (AWS) located in Frankfurt in Germany for theEuropean and International deployments and Virginiafor the USA deployment. The IT infrastructure that AWSprovides is designed and managed in alignment withbest security practices and meets a variety of IT Securitystandards including: SOC 1/SSAE 16/SAE 3402 SOC 2 SOC 3 FISMA,DIACAP and FedRAMP PCI DSS Level 1 ISO 27001 ISO 9001 ITAR FIPS 140-2AWS provides highly secure data centres which use stateof the art electronic and multi-factor access controlsystems including: Highly secure facility with 24x7 guard protection, closedcircuitry, alarmed doors with secure card-key access,biometric scanner, and restricted access to the data ﬂoor Building and environmental control alarms which areconstantly monitored.Network defensibilityThe Relay modules do not maintain any credit card,procurement card, or other financial information unlessit is already publicly available within the organization.Relay will encrypt and archive all documents for twelvemonths prior to their secure deletion.Essentially, Relay modules only use and/or store informationthat is already available from the customer.A number of approaches are taken to protect againstintruders, including: Redundant, fault-tolerant firewalls segment andsecure traffic SSL Certificate (HTTPS) Only presentation layer services are present in the DMZPre-installation assessmentBefore being accepted into production, all systems undergoa thorough security assessment to scan for operatingsystem or application vulnerabilities. The assessment checksfor the OWASP Top Ten vulnerabilities as well as othercommon attack vectors. The assessment must be passedbefore the software is deployed into production.
Page 4Continuous testingPeriodic penetration testingThird party penetration testing is conducted on an annualbasis to make sure security vulnerabilities are remediated.All input and output pathways are exercised along witha focus on data security.Continuous assessment of operatingsystem vulnerabilitiesAll systems are routinely scanned to detect and protectagainst viruses or other forms of intrusion. Criticaloperating system updates are also applied to ensureprotection against any recently published securityvulnerability. Vulnerabilities are patched usingautomated tools across the entire environment.Application securityPitney Bowes incorporates security into its platformdevelopment processes at all stages. From the softwaredesign and architecture, to hosting architecture, to postrelease support; security considerations are included.From a requirements perspective, Relay incorporatedguidelines from ENISA and FFIEC. These were translatedinto product development and deployment requirements.The security architecture and design was reviewed toensure that appropriate security controls would be appliedto the system with consideration to these specifications.This includes controls for: Data at rest Data in transit Connectivity Business continuity planning Patching strategy Business logic.RelayTM Communications hub data securityA security test plan was put in place and executedto ensure the controls functioned as expected.DefensibilityPitney Bowes follows industry standard best practices forsoftware defensibility. All computers within Pitney Bowesare protected by enterprise level virus scanning software.Additionally, operating system updates are monitored bya centrally managed system and applied on a weekly basis.Any computers found on the Pitney Bowes corporate andhosted networks without the required antivirus andmanagement software are disabled by local administratorsand removed from the network or the facility.The following lists some of the best practices followedwhen developing software solutions: Sensitive communication to servers utilize SSL Security awareness training for software developers Automated penetration testing and code analysis Design and peer reviews with code auditing Ethical hacker training Digitally signed softwareHTTPS and secure FTPPitney Bowes offer HTTPS for the secure transfer of filesto/from your users to our hosted data centres. We alsooffer a secure FTP solution for customers to send orretrieve files to/from third party print facilities. Customerfolders are private, separated and locked down to eachcustomer’s login ID. All files are scanned for virus afterbeing uploaded before transferring them to the applicationserver for processing.A Pitney Bowes white paper
Page 5Health and security status monitoringCPU utilization, available disk space, hardware componentfailure, network availability, application availability and moreare monitored constantly using the various tools describedbelow. The Relay solution uses consolidated logging andanalytics to look for security anomalies and generate alertsto the support team.KeyNote baselines the performance of the solutionduring normal operation and alerts if performancethresholds are breached. KeyNote also allowsPitney Bowes to provide reports of applicationperformance against SLA from an independent source.Amazon CloudWatchAmazon CloudWatch provides server level monitoringof key metrics. Should any of these attributes exceed apredefined threshold, alerts are created which in turngenerate remedy tickets. These tickets are actioned bythe Network Operations Centre who diagnose and triagethe issue as discussed in the Alerts section below. Serverperformance attributes that are monitored via theCloudWatch services include:AlertsAlerts are automatically logged into the Pitney Bowes IssueTracking System Solution. Depending on the severity levelof the alert, appropriate first responders are automaticallycontacted. Each Pitney Bowes hosted application has adesignated Emergency Response Team (ERT) which can beimmediately convened over a dedicated phone bridgedepending on the type of alert that is escalated. ERT’s arecomposed of project managers, technical application leads,hardware administrators, network administrators, databaseadministrators and IT management. CPU Disk Utilization Memory Network Bandwidth OS Paging Services Running Event LogsDifferent groups can receive alerts or identify issues: Deployment Group Operations Call Center CustomerAppDynamicsAppdynamics is used to monitor performance of thevarious solution components. This provides support staffearly warning of possible problems. They are alerted whentransactions between the various tiers of the solution arenot performing to baseline. When thresholds are breached,alerts are generated which in turn generate remedy tickets.These tickets are received by the Network OperationsCenter who diagnose and triage the issue as discussedin the Alerts section below.KeyNoteKeyNote is deployed to monitor user experience of theRelay solution. This is performed via the execution ofsynthetic transactions against the service from multiplepoints around the globe (Note: This eliminates falsealarms due to local network problems at a single keynotemonitoring site).There are several types of alerts generated by the solution.They range from infrastructure, to application, to security.In summary:The Relay communications hub allows users to modifyand improve your print streams. Pitney Bowes offershosting in order to simplify deployment and free customerIT resources to focus on core business tasks.TMPitney Bowes Relay is hosted in world-class hostingfacilities. These facilities are managed by Amazon WebServices located in Frankfurt Germany and Virginia USA.The Relay communications hub is reported as a low riskof compromise — Trustwave, October 2015.More and more businesses are using hosted versus onpremise software and Relay offers a superior solutionwith a high degree of security and privacy.
Page 6GlossaryAWS Amazon Web Services.ITAR International Traffic in Arms Regulations.CPU Central Processing Unit.IT Information Technology.DIACAP Department of Defense Information AssuranceCertification and Accreditation Process.OS Paging Operating System.DMZ DeMilitarised ZoneENISA European Union Agency for Network andInformation Security, originally European Networkand Information Security Agency.ERT Emergency Response Team.FedRAMP Federal Risk and Authorization ManagementProgram.FFIEC Federal Financial Institutions Examination Council.FIPS 140-2 The Federal Information Processing Standard(FIPS) Publication 140-2, is a U.S. government computersecurity standard used to accredit cryptographic modules.OWASP Open Web Application Security Project.PB Pitney Bowes.PCI DSS Level 1 Payment Card Industry Data SecurityStandard.(I)SAE 3402 (International) Standard on AssuranceEngagementsSOC 1 A Report (Service Organization Controls Report)on Controls at a Service Organization which are relevantto user entities’ internal control over financial reporting.SOC 2 This report focuses on a business’s non-financialreporting controls as they relate to security, availability,processing integrity, confidentiality, and privacy ofa system.FISMA Federal Information Security Management Act.FTP File Transfer Protocol.SOC 3 This report is a general-use report that providesonly the auditor’s report on whether the system achievedthe trust services criteria.ID Identification.ISO 27001 International Organization for Standardization.ISO/IEC 27001 is an internationally recognized bestpractice framework for an information securitymanagement system.ISO 9001 is a certified quality management system (QMS)for organizations who want to prove their ability toconsistently provide products and services that meet theneeds of their customers and other relevant stakeholders.RelayTM Communications hub data securitySSAE 16 Statement on Standards for AttestationEngagements (SSAE) No. 16, Reporting on Controlsat a Service Organization.SSL Secure Sockets Layer, is the standard securitytechnology for establishing an encrypted linkbetween a web server and a browser (secure).SSO Single Sign On.A Pitney Bowes white paper
United States3001 Summer StreetStamford, CT 06926-0700800 327 8627United KingdomBuilding 5, Trident PlaceHatfield Business ParkMosquito WayHatfieldHertfordshire AL10 9UJ08444 992 [email protected] E5, Calmount ParkCalmount RoadBallymountDublin 12 353 (0) 1 [email protected] Le Triangle9 rue Paul Lafargue93456 Saint Denis la Plaine cedex0825 850 825GermanyPoststraße 4-664293 [email protected] 5202 0Canada5500 Explorer DriveMississauga, ON L4W5C7855 619 7974Australia/Asia PacificLevel 1, 68 Waterloo RoadMacquarie Park NSW 2113 61 2 9475 [email protected] more information, call 855 619 7974or visit us online: pitneybowes.com/caPitney Bowes, the Corporate logo, and other secondary marks are trademarks of Pitney Bowes Inc.or a subsidiary. All other trademarks are the property of their respective owners. 2012-2015 Pitney Bowes Inc. All rights reserved.15SMB09800 CA ENG
Trustwave external penetration test concludes Relay hub is low risk As part of a tier 3 application enrollment in Trustwave’s Managed Security Testing (MST) services, Pitney Bowes engaged Trustwave SpiderLabs to perform an annual penetration test of the Relay hub application. The primary