HomeSecurityPrivacy
Threats &
Best Practices

Clarizen Security

We know the projects and data you build in Clarizen are core to your strategy and competitive advantage.  Clarizen devotes significant resources to keeping your data both secure and private. With Clarizen’s unique architecture and multi-layered approach to protecting your data and monitoring our systems, we have ensured that Clarizen is flexible, scalable and secure.

Clarizen leverages a multi-layer security model, Application firewalls inspect traffic and prevent unauthorized activity, as well provide DDOS protection.
IPS performs deep-packet inspection at the network level and detects unauthorized applications and activities. An antivirus module inspects the stream for viruses, malware and Trojans, and Clarizen uses multi-vendor anti-virus scans to validate virus detection.

Secure Encrypted Connection from the Client to the Clarizen Application

  • Connection to Clarizen is encrypted in transport using SSL certificates from VeriSign. This tunnel protects against data leakage, and ensures the session data cannot be sniffed or manipulated.
  • User authentication is handled with strong passwords and encryption.
  • Individual user sessions are identified and re-verified with each transaction using a unique token created upon login.

Network Protection

Clarizen's firewall, load balancer switches and IPS are clustered to maintain high availability and full redundancy.

  • Perimeter firewalls and intrusion prevention mechanisms block unauthorized activities.
  • Internal firewalls inspect application layer traffic between the application and other tiers.
  • All files uploaded and shared within Clarizen are virus-scanned during upload.
  • Network probes scan for vulnerabilities and trigger alerts if network layer vulnerabilities are uncovered.

Application Layer Security

Clarizen code is regularly scanned for security vulnerabilities before release. Network and system vulnerabilities are scanned by third-party assessments tools.
Clarizen conducts periodic penetration testing using external companies who specialize in penetration testing.

Log Analysis

Clarizen conducts log analysis to identify any events which are relevant to the security and availability of Clarizen systems.
Servers and network equipment logs are delivered to the log analysis server. This server is configured to send alerts any time a threshold has been passed or a correlation rule has been triggered.
Example: If the system will discover threshold that has been passed on multiple component at the Clarizen infrastructure this can indicate on network anomaly activity that need to be investigate.
Email alert will be send to the global Managed Services team.

Security, Privacy and Policy Accreditations

Clarizen has worked extensively to achieve third party security and privacy accreditation, and has been validated by the US Department of Commerce’s Safe Harbor program, SOC2 type 1, and VeriSign.

24x7x365 Monitoring

Our global Managed Services team monitors Clarizen on a 24/7 basis, using external and internal probes to monitor service availability and security issues These probes are configured to send alerts on a wide variety of criteria, including security, availability, or performance degradation.

Backups and Restore Policy

Clarizen’s Database is engineered as a cluster to ensure high availability.
Data is replicated to the disaster recovery site via a dedicated encrypted tunnel. Backups are performed daily and restore capabilities are checked to ensure integrity.

  • All data is backed up to tapes at the data center on a rotating schedule of incremental and full backups.
  • The backups are cloned over secure links to a secure archive.
  • Tapes are never transported offsite and are securely destroyed when retired.
  • Data restore – The backup data is restored automatically into a separate and secured environment in order to determine the integrity of data and the potential data recovery issues.

Disaster Recovery

To protect our customers’ data and ensure service reliability and availability, Clarizen utilizes several data centers. All data within Clarizen is replicated to a disaster recovery and backup site, hosted within a secure, Tier 1 data center facility.
The data is transmitted over dedicate encrypted tunnel, accordingly to Backups and Restore Policy.

Secure Data Center Facilities

Clarizen service is collocated in dedicated spaces at Tier 1 data centers, SOC I type II certified. As such, all security controls are in place. These facilities provide carrier-level support, including:

Access Control and Physical Security

  • 24-hour manned security, including foot patrols and perimeter inspections.
  • 2 Factor access control – both physical (guard ID validation) and Biometric/Badge validation.
  • Personnel access list is maintained and controlled by the Clarizen security team.
  • Dedicated concrete-walled Data Center rooms.
  • Computing equipment in access-controlled steel cages.
  • Video surveillance throughout facility and perimeter.
  • Building engineered for local seismic, storm, and flood risks.
  • Tracking of asset removal.

Environmental Controls

  • All Data Centers are designed with N+1 redundant chilling/heating system.
  • Redundant multi-zone fire suppression systems.
  • Very Early Smoke Detection Apparatus systems are located throughout the raised floor area in all Data Centers.

Power Controls

  • Underground utility power feed.
  • Electric power supplied to the network equipment is from two separate feeds.
  • Redundant (N+1) CPS/UPS systems.
  • Redundant power distribution units (PDUs).
  • Redundant (N+1) diesel generators with on-site diesel fuel storage, help ensure uninterruptible power.
  • Interface will trigger an alert on every power-related incident.

Network

  • Redundant internal networks.
  • High bandwidth capacity.