VIZOR Security Summary

Data storage

VIZOR stores all structured data in an underlying Microsoft SQL Server database leveraging the authentication and authorization benefits of the mature SQL Server platform.

On-premise VIZOR deployments can be configured to use Windows Authentication or SQL Server mixed mode at the discretion of the customers security policies. A least privilege practice (PoLP) limiting access to the minimal level using Windows Authentication is recommended.

Cloud VIZOR deployments are configured to use Windows Authentication with least mode privilege (PoLP).

By default Cloud VIZOR deployments do not permit remote database access. No publicly accessible ports are open to the underlying Microsoft SQL Server database. This is recommended best practice for On-premise VIZOR deployments.

Sensitive data fields can be encrypted in the VIZOR database using Microsoft SQL Server at the discretion of the customers security policies.

No passwords are stored in plain text, all passwords stored in the VIZOR database are SHA2-512 hashed.

No passwords are stored in the VIZOR database if Windows Active Directory authentication user model is used (see User model section).

User model

VIZOR supports Windows Active Directory and a proprietary security model for user and group authentication and authorization. Both security models enable assignment of features and access to data based on a user’s allocation to specific groups.

On-premise VIZOR deployments can be configured to use Windows Active Directory authentication or VIZOR’s proprietary security model. Windows Active Directory authentication in On-premise VIZOR deployments is recommended to facilitate support for Single Sign-on.

Cloud VIZOR deployments are configured with VIZOR’s proprietary user and group security model by default.

Data transfer

VIZOR uses Microsoft IIS (Internet Information Services) as the application server leveraging the security benefits of the mature IIS platform.

By default, On-premise and Cloud deployment communication occurs over port 80 (for HTTP) and port 443 (for https) but can be configured to use any port.

All data transfer on VIZOR Cloud deployments are secured with a SHA-256, 2048 bit TSL 1.2 certificate.

It is highly recommended that data transfer for on-premise VIZOR deployments is secured with a SHA-256, 2048 bit TSL 1.2 certificate however this is at the discretion of the customers security policies.

All data transfer between VIZOR Cloud and on-premise ConfigMr (ECM/SCCM) bridge is secured over HTTPS.

All data transfer is secured over HTTPS.

All data transfer between Vector Discovery Client and a VIZOR Cloud deployment is secured with a SHA-256, 2048 bit TSL 1.2 certificate.

VIZOR Cloud hosting security

VIZOR Cloud deployments are hosted on AWS or Microsoft Azure based on customer requirements. VIZOR Cloud deployments benefit from the AWS / Azure data center and network architecture built to meet the requirements of the most security-sensitive organizations.

VIZOR Cloud deployments can utilise any of the geographic regions around the world provided by AWS / Azure.

AWS provides a framework to support a number of assurance and compliance programs such as CSA, ISO 9001, ISO 27001, ISO 27018, SOC 1, SOC 2, SOC 3, FERPA and HIPAA. Details can be found here https://aws.amazon.com/compliance/hipaa-compliance/ https://aws.amazon.com/compliance/pci-data-privacy-protection-hipaa-soc-fedramp-faqs/