DATA SECURITY AND CONFIGURATION POLICY
BigWater is using Secure Cloud Servers for its various database requirements. The security parameters defined for the same to secure the critical data contained are as follows:
• BigWater will specify the regions in which our Content will be stored.
• Our consent to the storage of our Content in, and transfer of our Content into, the Cloud Server regions we select.
• The Cloud Server host will not be permitted to access or use our Content except as necessary to maintain orprovide the Service Offerings, or as necessary to comply with the law or a binding order of the local governmental body.
• The Cloud Server host will not (a) disclose our Content to any government or third party or (b), move our Content from the concerned regions selected by us; except in each case as necessary to comply with the law or a binding order of a governmental body. Unless it would violate the law or a binding order of a governmental body,
• The Cloud Server host will give notice of any legal requirement or order referred to in this Section 3.2. The Cloud Server host will only use our Account Information in accordance with the Privacy Policy, and ourconsent to such usage. The Privacy Policy does not apply to our Content.
• Depending upon the data access needs of user’s different global groups are created.
• Associate these local group logins with individual user accounts in the databases and grant them the requiredpermissions using the database roles.
• Created custom database roles, for finer control over permissions.
• Restricted physical access to the Server computer. The server will always be locked while not in use.
• All the files and disk shares on the Server computer are read-only.
• Authentication is done via Key pairs with 128bit encryption.
• Renamed the Root Administrator account on the Server computer to discourage hackers from guessing the administrator password.
• Keep updated with the information on latest service packs and security patches released by Microsoft/Ubuntuand other platforms/protocols.
• Disable guest user account of Windows.
• Constantly monitor error logs and event logs for security related alerts and errors.
• Promptly in drop the Server logins of employees leaving the organization. Especially, in the case of a layoff, drop the logins of those poor souls ASAP as they could do anything to our data out of frustration.
• When using mixed mode authentication, we consider customizing the system stored procedure sp_password,to prevent users from using simple and easy-to-guess passwords.
• Do not save passwords in .udf files, as the password gets stored in clear text.
• Store the data files generated by DTS or BCP in a secure folder/share and delete files once done.
• Install anti-virus software on the Server computer, but excluded our database folders from regular scans. Keepour anti-virus signature files up to date.
