Serena On Demand

Security & Compliance

Serena On Demand is a multi-tenanted environment where each customer implementation resides in its own isolated namespace ensuring complete data security. All business data is stored in separate tables specific to the namespace and is isolated from other customers' data.

In addition, Serena On Demand features strong identity and access management with multiple levels of access control, network security through 128-bit SSL, firewall protection for all servers with databases protected with an additional firewall, as well as intrusion detection and prevention systems.

  • Network Security – The hosted deployment is firewalled, accessible only through specific SSL-enabled ports and certain external virtual IP addresses. All communication between components within the firewall happens via internal virtual IP addresses
  • Single Sign-On (SSO) – With SSO, the login process automatically captures the user’s namespace and other credentials, and all further access to the system is governed by this information. Serena also offers a hybrid authentication model, enabling customers to integrate Serena On Demand with their existing on premises authentication provider such as LDAP
  • Physical Security – The hosted infrastructure is SAS70 Type II certified. All physical access to the machines is restricted through physical isolation. Network access is restricted through firewalls and by authentication mechanisms. Users can only access Web pages and the Web services API through secure HTTPS ports
  • Data Backup and Disaster Recovery – Serena On Demand provides enterprise-level data protection and backups to facilitate quick recovery in case of a disaster. Backups range from full weekly backups to daily incremental backups as well as transaction logs that are captured every 4 hours. The hosting provider has been certified by PCI Security Council DSS 1.2 for data protection

Read the Security in the Cloud whitepaper »

Compliance requirements are always on the rise and are a source of constant concern in every area of business. Serena's hosting partner holds the following credentials that aid transparency and security:

  • SAS70 Type II Audited
  • PCI Compliant Level 1 Service Provider
  • Safe Harbor Certified
  • ISO 27001 Certified
  • FISMA and DIACAP Compliant Federal Cloud
  • ITIL v3 based best practices
  • Top Secret Facility Clearance: (as assigned by DSS) – NCR and NAPMIA
  • SANS GIAC Certified Staff: 100% of Security Operations Center staff hold this certification
  • Compliant with NIST 800-86, 800-61 and US-CERT Concept of Operations for Federal Cyber Security Incident handling
  • Implemented Director of the Central Intelligence Directive (DCID) 6/9 Environments: Sensitive Compartmented Information Facilities (SCIF)

 

Learn more about Serena On Demand features:

Architecture
Availability
Scalability and Reliability
Security and Compliance
Authentication
Integrations
Hybrid Cloud Support
Configurations
Hosting Details