Sitrion ONE is a cloud based solution, which is hosted on Microsoft Azure.
General questions in regards of the Microsoft Azure datacenter are mainly covered on Microsoft’s Windows Azure Trust Center: http://www.windowsazure.com/en-us/support/trust-center
In regards of Sitrion ONE specific security questions we covered the most frequent asked questions on the following topics. Sitrion ONE can work with different authentication mechanisms. The most common once are ADFS or our own provider based on Identity Server. In addition to Identity Server and ADFS customers are using already providers like Azure AD, Ping, Siteminder, …
When using Sitrion authentication mode how are the password complexity rules defined and set within the Sitrion ONE logon server?
For authentication we are using the ASP.NET Membership Provider which is configured with a lower password strength. For production use we usually recommend to use ADFS integration.
Is there a way to require the use of a token to authenticate as an administrator and/or the ability to limit the source IP address that is able to logon as an administrator? For example, only someone from within the company’s network could authenticate using an account with administrator authorizations? This question is relevant to the Sitrion Authentication Mode and the Active Directory authentication mode.
For the Sitrion authentication mode this can’t be configured. For providers like ADFS you’re of course free to configure your provider logon according to your security requirements.
If Active Directory authentication mode is used does it prevent the use of managing users separately within the Sitrion ONE cloud logon server?
It doesn't you can leverage different identity providers in parallel.
What controls, other than the username and password, are in place to prevent attackers on the Internet from authenticating with the Sitrion ONE Logon server using one of our company user accounts? I.e., are the mobile devices supplied with certificates that are trusted and used to authenticate?
None. Of course on providers like ADFS it’s according to your security requirements.
How does the Sitrion ONE Hub ensure the authenticity of the Sitrion ONE cloud, i.e., how do you prevent other potentially malicious external sources from authenticating with the Sitrion ONE hub and masquerading as the Sitrion ONE cloud?
The Sitrion ONE Hub uses the Microsoft Azure Service Bus technology. Between the Sitrion ONE Hub and the Microsoft Azure cloud a secure relay access token is used.
I noticed there is a shared key provided. I assume the encryption uses symmetric key algorithm which may not be completely safe.
The shared key is mainly used to authenticate the Hub with your personal ONE tenant, but it’s not used for encryption.
Please elaborate more about the data at rest in Sitrion ONE cloud. Are the credentials and results data stored in Sitrion ONE Cloud ?
In general ONE doesn’t store any data in the cloud. User credentials for backend systems are stored in the database of the Hub, which is installed on premise. We persist user credentials using symmetric encryption in the database you mentioned on the on-prem server. However, there’s no interface for the cloud to retrieve those passwords so the password never leaves the company’s internal network when accessing back-end systems.
The cloud itself contains configuration data like the assignment of micro-apps/cards to roles, endpoint definitions and it contains the Sitrion ONE user.
When "Sitrion Authentication" is used, the users login credentials to ONE itself are stored in the cloud, but we only save a hash of the password.
If you provide cards to users (e.g. on action or information cards), this information gets stored encrypted in the cloud database to improve the end user experience (e.g. in terms of performance and push notifications).
On action cards, the action gets executed directly through the Hub to the given backend system. This data doesn’t get stored in the cloud.
What controls are in place to protect the company account passwords that are being passed through the Sitrion Cloud?
The communication between the mobile device and the Azure cloud is SSL secured. The communication between the Azure cloud and the Sitrion ONE Hub is secured by the Azure Service Bus using a secure relay access token.
In case a user has to provide backend credentials, where are these credentials stored ?
The credentials are stored in the SQL database which is connected to the Sitrion ONE Hub. Based on the fact that the Sitrion ONE Hub is usually installed on premise, this SQL database itself will be most likely also in your data center. The credentials itself are of course stored encrypted.
What level of encryption does Sitrion ONE use ?
Based on the different components, Sitrion ONE has different types of encryptions in place:
SSL: TLS 1.2, connection encrypted with AES 256 CBC, SHA1 for message authentication and ECDHE RSA as the key exchange mechanism.
Cards: The content of cards, which lives in the cloud, is encrypted card content with Rijndael (AES) - 256 bit key. The ONE cloud encryption uses dynamically generated keys per tenant. In general each customer has an own tenant.
ONE Hub: We encrypt maybe given backend credentials using AES 256bit in the Hub SQL database
Do any controls in AppBuilder use external resources or pass data through external services?
SAP Connector / Collector
This questions are specific to the SAP Connector / Collector.
Does the solution require system/communication accounts to be present in SAP if the SAP collector is used? If so, what authorizations are required?
This isn’t required. If users access SAP through the SAP connector, their personal SAP account is used to perform the given SAP call.
Does the solution require any development or customization in the SAP landscape?
This isn’t required. Only for the SAP collector this might be required. For more details please review the SAP collector documentation.
Please describe the network segment using RFC/SNC in both Sitrion authentication mode and in Active Directory authentication mode for the SAP connector.
SNC is used for Windows integration. For the “Sitrion authentication” username/password is used against SAP.