Cloud Service Information Security Statement


Prior to the adoption of any cloud-based services, organizations must assess the safeguarding of their data stored at or processed through the particular cloud service infrastructure. This document outlines the various security measures currently employed by Blue Coat Systems to safeguard the processing of an organization’s data across the Blue Coat Cloud Service offerings. 

The safeguards apply across the Blue Coat Cloud Service, including the following offerings:

  • Secure Gateway Service
  • Hosted Reporting Service
  • Mobile Device Security Service

Data Centers Security

Blue Coat is equipped and continues to deploy data centers across the globe. Each of these data centers are equipped with several security measures designed for a high level of reliability and security. These measures include:

  • SSAE16 SOC-1 Type II Certification
  • Uninterruptable Power Supply (UPS) system with n+1 levels or greater
  • Backup generator
  • 24x365 onsite security
  • Motion-detection CCTV
  • Alarm system
  • Equipment installed in locked cabinet/cages with restricted access
  • Access to data centers is limited to authorized personnel as well as being monitored, logged, and tracked

System Access Controls

Blue Coat implements measures to prevent unauthorized access to its systems and networks using the following measures:

  • Access to systems require unique user ID and password
  • Two-factor authentication required for administrative access
  • Centralized security access controls
  • Centralized password management
  • Network equipment passwords managed by enterprise management tools
  • Access to system and data contents is logged, tracked and audited

Customer Data Security

Protecting, managing access to, and securing communication of customer data are critical aspects of cloud-based service.  Some of the key measures utilized by the Blue Coat Cloud Service include:

  • Security standard of Least Privilege
  • Site-to-site communication encrypted via AES
  • Perimeter routers and firewalls policies configured to allow only intended services
  • Role-based access controls
  • Vulnerability and penetration tests

Access Permissions

Blue Coat employs measures designed to restrict employee access to only the data required for them to do their jobs, and to the extent covered by their respective access permission/authorization.  These measures are designed to protect personal data from being accessed, copied, modified or removed without authorization. These measures include:

  • Employee training regarding their access rights to personal data
  • Allocation of individual terminals
  • Internal monitoring capabilities to identify employees who accessed or modified any personal data
  • Policies for disciplinary action against individual who access personal data without authorization
  • Scheduled and documented destruction of data
  • Policies controlling the retention of backup data

Availability Control

Blue Coat implements measures to protect personal data from accidental destruction or loss. These measures include:

  • Redundant systems and networks across servicing components
  • DNS-based load balancing for transparent routing in case of component failure
  • Data stored in redundant locations using encrypted connections

Administration

Blue Coat limits access or use of customer data to narrow circumstances:

  • Providing services to customers
  • Maintaining and improving products and services
  • Complying with legal, governmental or contractual terms

In addition, Blue Coat may aggregate the data to statistically analyze the content and may use malicious or unwanted content anonymously for the purpose of further improving the services

Restricted Access

Blue Coat implements measures designed to restrict data access to a limited number of Blue Coat system administrators in accordance with instructions received from the respective customers. These measures include:

  • Monitoring of systems (24x365) by the network operations center
  • Monitoring and logging system administrator’s access logs, retaining the logs for a minimum of six months
  • Quarterly audits of system administrators’ activity to assess compliance according to assigned tasks
  • Up-to-date system administrators‘ identification details and assigned tasks

Transmission Control

Blue Coat implements measures to prevent access, replication, or alteration of personal data by unauthorized parties during transmission. These measures are achieved by:

  1. Firewall and encryption technologies protecting the gateways and network connections
  2. End-to-end monitoring for completeness and accuracy of data transfers

Separation of Data

Blue Coat implements measures to process separately data collected for different purposes. The separation of data processing is accomplished by:

  • Access to data being separated through application security to restrict access appropriately by user profile
  • Information in database is separated by purpose (i.e., functionality and function)
  • Information in database is stored in different normalized tables
  • Administrative access to data is restricted to small number of closely managed Blue Coat administrators
  • Applications used to access the database are only allowed from approved accounts
  • Access to the database is only allowed from trusted servers
  • Interfaces, batch processing, and reports are designed with specific purpose/function and hence processed separately.

Additional Standards

Blue Coat operates and manages  the Blue Coat Cloud Services in accordance with ISO27001 standards. Blue Coat is self-certified under the United States Department of Commerce Safe Harbor Framework for personal information received through the Blue Coat Service.  See our Safe Harbor Statement.