SharePath SaaS (Beta)
Security Compliance Overview
About Correlsense and SharePath
Correlsense, founded in 2005, is a leading provider of Application Performance Management (APM) software.
Correlsense SharePath provides both a birds-eye and detailed view of how business transactions perform across the four dimensions of end-users, applications, infrastructure and business processes.
While other service management and performance management applications focus on identifying problems at individual components (servers, databases, etc.), SharePath automatically detects and traces each entire transaction path, from a click in the browser through all its hops across data center tiers.
By being able to record and correlate every single transaction activation across both physical and virtual components, IT gains full visibility of the transaction metrics for packaged and homegrown applications.
The rich data from SharePath is used by major enterprises to rapidly pinpoint and solve problems and to gain deeper insights for their IT Service Management initiatives.
More about SharePath
SharePath is the most advanced Business Transaction Management (BTM) product available. It provides the unique ability to manage and monitor cross-tier transactions at the transaction level, manage transaction Service Level Agreements (SLAs) and enable root-cause performance analysis on any platform for any application.
SharePath records and analyzes each transaction in your system and provides a complete view of the user experience throughout your infrastructure. This provides a clear, end-to-end view of a transaction's complete path through all the components of your infrastructure.
SharePath gathers information of all kinds, including anything that is measurable, and connects the dots to understand and display each system transaction with full accuracy and drill-down detail.
SharePath views the entire system and each of its services and applications as a whole, and provides an executive, actionable assessment for optimizing performance, usage and troubleshooting. Unlike all other solutions on the market, SharePath has full coverage across all environments, making it the only one to provide true end-to-end visibility and control of your system.
The SharePath Flow
SharePath collects raw application performance data and sends that data to the SharePath Backend where it is analyzed through a secure web interface.
Here is a summary of how SharePath works:
• The SharePath Host Manager is installed on application’s servers.
• The SharePath Host Manager sends performance metrics to the SharePath Backend.
• Real End User experience metrics are enabled by dedicated java script injection that provides SharePath with complete browser visibility. Thus SharePath dynamically monitors End User experience for any application in any location without implementing changes to code, network appliances or configurations.
• SharePath aggregates and stores enterprise performance data in a secured data repository.
• SharePath presents the collected application performance information through a secure web based user interface.
Protecting your application performance data
The security of your application’s performance data is a top priority for Correlsense. We employ the best security technologies and best practice procedures to maintain the integrity of your application performance data, protecting it from unauthorized access for any purpose.
Our SaaS offering is hosted on the Amazon Web Services (AWS) cloud, which provides its services on a highly secure and controlled platform and providing a wide array of security features for customer use.
SharePath configuration enables you to assure that sensitive data processed by monitored applications is not exposed or otherwise made vulnerable as a result of SharePath processing and functionality.
In addition, we recommend that any SharePath customer implement sound security policies that:
- Follow strict policies of non-sharing of Administrator and Manager Accounts
- Grant the narrowest suitable privileges to regular users (i.e. access to relevant application data only)
- Make sure your application complies with your functionality requirements without compromising your data security and privacy goals.
Data Collection and Payload Filtering Policies
SharePath only collects performance data for the applications and/or servers on which a SharePath Host Manager is installed. Collected data usually includes only transaction duration data, rendering times, error information and transaction paths. Using SharePath’s event transformation rules engine, transactions that include sensitive data as part of their request payload information, such as credit card information, passwords, account information can be filtered before the transaction information is stored by SharePath .
SharePath collects or computes the following aggregate metric data for each application on which a SharePath application monitoring agent is installed:
• Application request response time statistics (average, minimum, maximum, and standard deviation)
• Application request error code information
• Application request content, such as
- HTTP request URIs and their parameters
- Database query activity, including create, select, update, and delete breakdowns
- Java/.Net method calls (method names and arguments, call count, response time statistics)
Inbound Data Transmission
SharePath supports SSL-encrypted inbound data transmission from the SharePath agent to the SharePath service using RC4 and AES encryption protocols.
Authentication and Authorization
SharePath users access the SharePath service by logging into the SharePath user interface via a web browser, or programmatically by calling the SharePath APIs. In both cases, all data transmission can be SSL-encrypted using HTTPS.
Both Website and API access require username and password authentication. User accounts are associated with an email address and are secured by a password selected by the user. SharePath user passwords are stored in an industry standard encrypted hash format.
SharePath users are differentiated by the monitored applications to which they have access and by their permissions (Roles). There is no limitation on the number of authorized users that can be associated with a monitored application.
SharePath also supports user authentication based on LDAP integration, and authorization based on enterprise’s LDAP role.
Permitted SharePath user activities are defined for Roles, which define permission levels and associated applications. Every SharePath user is assigned one of the three permission levels – Administrator, Application Manager and Application Viewer (restricted user).
Administrative users are permitted to:
- Manage SharePath users – add, remove, set their user permissions and application access
- Modify SharePath global settings including the creation and modification of new application domains, locations, host managers, nodes, etc.
- Important: Correlsense recommends restricting Administrator-Privilege accounts to a small number of trusted users within your organization in order to maintain optimal SharePath tuning and user account compliance that incorporates enterprise security standards and best IT practices.
- Application Managers are permitted to:
- View data collected by SharePath for specific applications
- Create, modify or delete certain items related to the applications they manage (e.g. SLAs, Alert Thresholds, Alerts)
The SharePath backend implements industry-accepted best practices to harden all underlying host computers that support the various software layers of the product. For instance, all hosts use Linux distributions with non-default software configurations and minimal processes, user accounts, and network protocols. Host services log their activity in a central location for safekeeping.
The SharePath backend uses a certified and secured database platform, which protects customer passwords by storing them in an industry standard, encrypted strong hash format and supports the encryption of field data in custom fields. It enforces strict control of database administrator access.
SharePath enforces authentication and authorization policies as outlined in Authentication and Authorization section above.
To protect established sessions, SharePath confirms that the user context (session, ID) accompanies each request to the backend and monitors idle sessions, terminating them after a configurable period of time. Such termination is intended to prevent unauthorized system access when users leave their workstations unattended while they are still logged into SharePath.
Assuring Security and Privacy of Sensitive Data
Some applications handle sensitive information whose confidentiality must be protected. Such information can include credit card details or information related to other payment methods, personal health information, insurance, banking, real-estate, legal confidential details, etc. When such applications are monitored by SharePath, the following recommendations should be followed:
• Transmit data via HTTPS
• Use SharePath transformation engine rules to filter all request parameters that may contain sensitive information or disable parameter tracking entirely, as outlined in the Data Collection and Payload Filtering section above.
• Use SharePath transformation engine rules to filter SQL statement sensitive parameters before they are collected by SharePath.
• By configuration, prevent the collection and SharePath Data Repository storage of sensitive HTTP parameters.
If these instructions are followed, only URIs, action names, class names, errors and performance metrics are exposed for monitored applications.
Shared Hosting Environment
The SharePath SaaS offering is hosted on Amazon EC2 Web Service (AWS). AWS is part in this shared responsibility includes providing its services on a highly secure and controlled platform and providing a wide array of security features customers can use, such as host based firewalls, host based intrusion detection/prevention, encryption and key management. In terms of physical security, AWS provides fully redundant power backup systems, fire suppression systems, security guards, and biometric authentication systems.
Amazon's specific information on cloud security compliance issues is described in the following document:
Through a combination of security technologies, built-in safeguards, and customer-implemented Correlsense recommendations regarding best practices, SharePath protects your data and that of your customers from unauthorized access, use, or disclosure. SharePath customers benefit from valuable SharePath performance tracking without compromising enterprise or customer data security and know that Correlsense Support is always available to address SharePath customer security concerns.
If you have additional questions or need further clarification, please contact us at firstname.lastname@example.org or +1 508-318-6488
© Correlsene.com. This document is provided for informational purposes only. It represents Correlsense current product offering as of the date of issue of this document, which is subject to change without notice. Customers are responsible for making their own independent assessment of the information in this document and any use of Correlsense products or services, each of which is provided “as is” without warranty of any kind, whether express or implied. This document does not create any warranties, representations, contractual commitments, conditions or assurances from Correlsense, its affiliates, suppliers or licensors. The responsibilities and liabilities of Correlsense to its customers are controlled by Correlsense agreements, and this document is not part of, nor does it modify, any agreement between Correlsense and its customers.