WIXLIB

March 2012White PaperIBM SmartCloud NotesSecurity

2IBM SmartCloud Notes SecurityContents3Introduction3Service Access4People, Processes, and Compliance4Service Security

IBM Software Group3IntroductionIBM SmartCloud Notes helps to protect our customers’information through governance, tools, technology,techniques, and personnel, each of which we discuss in moredetail below.SmartCloud Notes (https://www.ibmcloud.com/social) is afull-featured email, calendar, contact management and instantmessaging service in the IBM cloud.At IBM and within Lotus, we strive to implement security andprivacy best practices.The SmartCloud Notes security controls provide a range ofprotection of e-mail while enabling business operationsService AccessPhysical access to serviceSmartCloud Notes is deployed in a data center which providesphysical protection to systems and data. The data center islocated in the eastern region of the United States and usesmultiple layers of security controls designed to help eliminateor prevent physical access to our systems. Biometric controlsare utilized on all physical access points to help ensure thatonly authorized persons can acquire physical access tohardware. The data center is actively monitored via CCTV,which also provides logging of staff activities. Security officersare on premises 24 hours a day, 7 days a week.Domino servers are restarted daily to help ensure cleanoperations and failover. Multiple levels of monitoring, bothexternal and internal, provide feedback on configurationhealth and service activity. E-discovery is available as anoptional service provided through integration with a thirdparty service provider. Daily reports provide system healthand performance metrics information to operational anddevelopment staff. Sanitized crash data is also reported to thedevelopment team.High AvailabilityNetwork access to serviceThe data center was built with solid construction practices andincludes fire prevention systems and electrical monitoringsystems designed to help minimize the probability of naturaldisasters interrupting our services. The data center is connectedto multiple power providers via multiple points in the publicpower grid and emergency power is provided by redundantgenerators and UPSs. It also possesses redundant networkconnection providers. Each logical component of the service isredundantly implemented by multiple physical systemsdesigned to prevent the loss of any single CPU or hard drivefrom disabling any portion of the service. All customer data isstored redundantly in an active configuration of Dominoreplicas across multiple servers. All SmartCloud Notes.SmartCloud Notes utilizes a defense-in-depth strategy toprotect against unauthorized access. We use a well recognizedtopology of multiple levels of firewalls designed to provideenhanced network protection. All user authentication occursin a Yellow Zone (DMZ) and only authenticated connectionsare routed into the Green Zone. All web traffic to theSmartCloud Notes data center is encrypted using SSL/TLS.Web servers use higher assurance extended validation (EV)certificates designed to provide stronger user visibleauthentication of SmartCloud Notes and enable users to avoidcommon spoofing and phishing server impersonation attacks.All SSL ciphers below 128 bits are disabled. All Notes clienttraffic in transit to SmartCloud Notes uses Notes port

4IBM SmartCloud Notes Securityencryption with 128 bit keys. Incoming and outgoing SMTPtraffic utilizes opportunistic TLS encryption, if the externalSMTP server also supports STARTTLS. All internal Dominoto Domino server traffic utilizes NRPC port encryption.Server SecurityIBM has deployed real time antivirus support services on theSmartCloud Notes operating systems environment with acommercially available antivirus product. Security audit logsare produced, retained and secured to help enable analysis ofthe appropriate access and activities of provider systemadministrators.People, Processes, and ComplianceComplianceIBM strives to ensure that the data center and operationalprocesses are consistent with SAS70 Type II controls testing.IBM also requires that all third party service providers areSAS70 Type II certified. IBM compliance programs mandateperiodic self-assessments and production scanning andreporting of compliance posture. Business process-basedreviews are conducted through the project cycles. Privacyreviews align SmartCloud for Social Business with IBM’scomprehensive policies on privacy and client data protection,which can be found at cess is restricted by role and task to conform to theprinciple of least privilege and SmartCloud Notes’ separationof duties matrix. Operations personnel are required to usespecific administrative credentials to access the service whenperforming administrative duties. IBM personnel do not havethe ability to reset user passwords or to extract user ID files orcustomers’ certifier ID files. Personnel also do not have readaccess to customer mail files. All provider access is evaluatedquarterly. Security audit logs are produced, retained andsecured to help enable analysis of the appropriate access andactivities of provider system administrators.Code ControlsPeriodic vulnerability scanning is performed on the networkand servers, and there are regular independent application andinfrastructure reviews. Use of IBM Rational AppScan testingchecks for common web exposures such as cross site scripting(XSS), cross site request forgery (CSRF), and SQL injection.Manual ethical hacking supplements the award winningAppScan tool set and targets the specific application andinfrastructure configuration in SmartCloud Notes. Regularapplication testing covers common security exposures. Securitytesting is also integrated into the development cycle andautomated regression testing. IBM has a dedicated securityorganization working across all SmartCloud for Social Businessservices that provides security management activitiessurrounding the network, infrastructure, applications, andsupporting services. The SmartCloud Notes securityorganization is responsible for the delivery of securitycapabilities, security architecture, infrastructure security designand compliance management process and technologies. It alsohas responsibilities within the system development lifecycle,which includes application and service product securityrequirements development, code security, security featuredevelopment and security testing activities. Security relatedfunctionality undergoes specific security design reviews by thecross-SmartCloud for Social Business security organization. Allcode updates are peer reviewed, then approved by adevelopment architect before being merged into the code base.Each update is associated with an escalated problem report orapproved work item. All code updates associated with a singleproblem report or work item are tested and verified. Codeupdates are rolled up into a full system build in preparation fordeployment. After internal system verification testing, thedevelopment team stages the build for handoff to operationsstaff on a designated server. Operations does not have access tosource code and their access to builds is restricted to this server.Operations staff then deploys the system to their staging andtesting systems for another round of system verification testing.The system update is deployed in production only after thosetests are successful.Service SecurityIdentity and Authentication Notes clients authenticate intoSmartCloud Notes using the same ID files they use toauthenticate to on-premises Domino servers. All customers’Notes clients authenticate transparently against theSmartCloud Notes authentication servers in the Yellow Zonebefore connecting to any Green Zone servers that containcustomer data. From the point of view of the Notes client and

IBM Software Groupthe end user, those servers are part of the customer’s namingand certification hierarchies. For customers without an existingon premises Domino infrastructure, the root CertificateAuthority (CA) and all related PKI and naming information(user ID files, server certificates) are generated and managed bythe SmartCloud Notes team. Existing Notes customers willgive a top level or OU level certifier ID file to SmartCloudNotes, and that will be used to generate the virtual server IDfiles for the virtual mail servers. User ID files for thosecustomers are generated by their Domino administrators in thesame fashion as existing user ID files. Critical portions of acustomer’s on-premises Domino directory are synchronizedinto the SmartCloud Notes hosted environment in a mannerdesigned to allow SmartCloud Notes users to interoperateseamlessly with the organization’s on-premises Domino users.The SmartCloud Notes service will automatically andtransparently provide ID file backup and ID file password resetservices through a hosted Notes ID vault for each customer.Customers’ administrators can reset Notes ID file passwordsfor their users with the SmartCloud Notes web administrationinterface. SmartCloud Notes users transparently authenticate toother SmartCloud Notes services from within the Notes 8.5.2 standard client by way of a Domino- based SAML IdentityProvider provided by SmartCloud Notes. SmartCloud NotesWeb and SmartCloud Notes Administration are integrated withthe single sign-on login and log-out mechanisms supported byother web based SmartCloud for Social Business services.Customers who wish to manage the web passwords andauthentication experience of their subscribers to SmartCloudNotes can deploy a SAML Identity Provider on-premise fortheir SmartCloud Notes organization.Mail SecuritySmartCloud Notes supports both Notes and S/MIME signing,and encryption of e-mail through the supported Notes, webbrowser, and mobile clients. All SMTP mail entering or leavingthe SmartCloud Notes service is scanned for viruses and spamby Lotus Protector for E-mail Security. All NRPC mail internalto SmartCloud Notes is also virus scanned. SmartCloud Notesmessages are protected from potentially malicious activecontent in emails by the Notes client Execution Control List(ECL) mechanism when viewed with Notes, and by an activecontent filter which is designed to strip out active content such5as Java and JavaScript when viewed with a browser. Remoteimages inserted in e-mail, which can be used to track users, arenot automatically fetched. The user may choose to show suchimages in an e-mail on a per email basis. SmartCloud NotesWeb returns all message data retrieved from the Domino mailfile to the browser with the Cache-Control: no-store HTTPheader (and Cache-control: no-cache for IE 6) to help facilitatethe browser not leaving behind any e-mail information withinthe browser cache.

Copyright IBM Corporation 2012IBM CorporationIBM Software GroupSomers,NYProduced in the United States of AmericaReferences in this publication to IBM products or services do not implythat IBM intends to make them available in all countries in which IBMoperates. The information is provided “as is” without warranty of any kind,express or implied and is based on IBM’s current product plans and strategy,which are subject to change by IBM without notice. IBM shall not beresponsible for any damagesPlease RecycleBCE-01565-USEN-00

messaging service in the IBM cloud. At IBM and within Lotus, we strive to implement security and privacy best practices. The SmartCloud Notes security controls provide a range of protection of e-mail while enabling business operations Service Access Physical access to service SmartCloud Notes is deployed in a data center which provides