Security « NetDocuments SaaS Blog

NetDocuments Achieves SAS 70 and EU Safe Harbor Certifications

OREM, UTAH – February 17, 2010 – NetDocuments, the leading Software-as-a-Service (SaaS) content management service provider, announced today it has completed the SAS 70 Type I audit, and it has also completed the Truste EU Safe Harbor Certification, acknowledging that NetDocuments delivers its SaaS content management service and its web site in accordance with these standards.

The SAS 70 standard (Statement on Auditing Standards No.70) was developed by the American Institute of Certified Public Accountants (AICPA), and is an internationally recognized auditing standard. SAS 70 designation represents that the AICPA or its designees have conducted a rigorous audit of the NetDocuments controls and safeguards over its information technology and all related processes.

SAS 70 Type I audit describes the company’s internal controls at a point in time and assesses whether they were suitably described to achieve control objectives. In six month’s time, NetDocuments will complete the SAS 70 Type II audit demonstrating the operational effectiveness of its controls over a period of time, and then maintain it year after year.

The TRUSTe EU Safe Harbor Seal communicates that a Web site has committed to protecting the privacy of EU visitors through compliance with the EU-US Safe Harbor Framework and participation in TRUSTe’s Watchdog Consumer Dispute Resolution service. The EU-US Safe Harbor Framework was developed by the U.S. Department of Commerce in concert with the European Commission to provide a framework by which US companies may comply with EU privacy directives protecting the personal information of European citizens.

“It’s absolutely essential for NetDocuments’ customers to have confidence in their hosted services provider and ensure we have effective controls, standards and infrastructure in place to comprehensively protect their data,” said Ken Duncan, CEO at NetDocuments. “We are committed to do everything we can to service our customers with the highest standards.”

February 17th, 2010 | Tags: accounting, CPA, law, legal tech, Security, Technology| Category: Cloud Computing, SaaS, business continuity, customer service, legal, legal technology | No Comments »

How Does the Fourth Amendment Relate to the Cloud?

This post was authored by Danny Johnson of the NetDocuments sales and marketing group.

The Fourth Amendment in the Bill of Rights protects against unreasonable searches and seizures and is a vital part of the United States Constitution. As data stored in the cloud continues to proliferate, the debate on how this law relates to the security of this data will become increasingly important.

Recently, a very in depth analysis on this topic was released in the June 2009 edition of the Minnesota Law Review titled, “Defogging the Cloud: Applying Fourth Amendment Principles to Evolving Privacy Expectations in Cloud Computing.” The article discusses how the fourth amendment relates to data stored in the cloud. The article was written by David Couillard, who is in his final year at Minnesota Law School.

The Law Review article was brought to my attention by James Urquhart, who writes on cloud computing for CNET.com. Urquhart breaks down the law review article and provides a clear path for how the law should treat data stored in the clouds in an article titled “Does the Fourth Amendment Cover the ‘Cloud’”?

Urquhart sums up the discussion very nicely and lays a solid framework as to how this issue could be approached:

“Coulliard wraps up with a suggested framework for applying the Fourth Amendment to “the cloud” that is very much in line with my own thinking. Treat digital assets on third-party sites not as transactions (like phone numbers dialed), but in the same way you would treat physical assets kept in an apartment or storage locker:

‘[T]he service provider has a copy of the keys to a user’s cloud “storage unit,” much like a landlord or storage locker owner has keys to a tenant’s space, a bank has the keys to a safe deposit box, and a postal carrier has the keys to a mailbox. Yet that does not give law enforcement the authority to use those third parties as a means to enter a private space.

The same rationale should apply to the cloud. In some circumstances, such as search engine queries, the third party is clearly an interested party to the communication. But when content data, passwords, or URLs are maintained by a service provider in a relationship more akin to that of landlord-tenant, such as private Google accounts, any such data that the provider is not directly interested in should not be understood to be open to search via consent or a waiver of Fourth Amendment protection.’

Amen, Mr. Coulliard. Personally, I hope the courts note this framework, and begin applying it to Fourth Amendment cases arising from Internet-based computing immediately. Furthermore, I call for Congress to explicitly codify a similar framework with laws that clearly and unequivocally state the rights of users with respect to their data in the cloud.”

I would recommend reading the entire Urquhart article to fully understand the implications and possible approaches to addressing the issue of cloud data and the fourth amendment.

January 26th, 2010 | Tags: CNET, Founding Fathers, Govenment, Security| Category: Cloud Computing, SaaS, document management, legal | 2 Comments »

NetDocuments® Announces Support for RSA SecurID® Two-Factor Authentication System

Orem, Utah, October 12, 2009 — NetDocuments, the leading Software-as-a-Service (SaaS) content management service provider, today announced that it has joined the RSA Secured^® Partner Program to certify technical interoperability between NetDocuments and the RSA SecurID^® two-factor authentication system from RSA,The Security Division of EMC (NYSE: EMC). The technically interoperable solution is now released for joint customers.

This certification signifies that a technical partnership has been established to increase security for joint customers to enforce user authentication into NetDocuments via RSA SecurID one-time passwords provided through hardware and software tokens. The RSA SecurID system is as simple to use as entering a password, but significantly more secure. Used in conjunction with RSA Authentication Manager software, an RSA SecurID token functions like an ATM card for a company network, requiring users to identify themselves with two unique factors — something they know (a password or PIN), and something they have (e.g. an RSA SecurID hardware token) — before they are granted access to secure business information stored in NetDocuments.

“RSA SecurID two-factor authentication complements NetDocuments overall security infrastructure which includes wire security, data-at-rest encryption, best-practices for datacenter security, document-based access control lists, ethical walls, smart auto ACL defaulting, Microsoft Active Directory single sign-on, certificate-based authentication, and our patented binding of access privileges into each document under our multi-tenant SaaS model,” said Alvin Tedjamulia, CTO, NetDocuments.

Customers who currently have RSA SecurID in place will now benefit from ease-of-deployment when used in conjunction with NetDocuments. Users of RSA SecurID can now use the same token to access their documents through NetDocuments as well as other existing corporate applications and networked resources. Similarly, current NetDocuments customers and end users can benefit from the ubiquitous presence and industry leadership of the RSA SecurID two-factor authentication system.

“We are pleased that NetDocuments is now technically interoperable with RSA SecurID technology and available to joint customers. Working with NetDocuments, we can meet the unique needs of the enterprise with a broad choice of innovative strong authentication methods that provide the proper balance of risk, cost and user convenience. This is critical in helping to best protect an organization’s information, identities and infrastructures,” said D.J. Long, Senior Director, Corporate Development at RSA.

About NetDocuments

NetDocuments was organized in 1998 as one of the first Software-as-a-Service (SaaS) companies in the world. Our vision is to leverage the Web and the SaaS delivery model to offer the most feature-rich and efficient document service, including the management and collaboration of work in process documents, emails and records. For more information about the company and management, go to www.netdocuments.com. For further information, please contact info@netdocuments.com or call +1.866.netdocs.

About the RSA Secured Partner Program

The RSA Secured Partner Program is one of the largest and longest-running technology alliance programs of its type, bringing over 1,000 complementary solutions across more than 300 organizations together. RSA SecurID®, RSA® Access Manager, RSA^® Adaptive Authentication, RSA^® Digital Certificate Solutions, RSA^® Hybrid Authenticators, RSA^® enVision, RSA^® Federated Identity Manager and RSA^® Key Manager Suite certification programs bring added assurance to customers that their solutions are certified as interoperable to help them achieve faster time to deployment and lower overall cost of ownership. The RSA Secured Partner Program reflects RSA’s commitment to driving inventive collaboration across the industry and support standards-based interoperability with its information-centric security solutions to help protect information, identities and infrastructures. For more information, please visit www.rsa.com/rsasecured.

# # #

RSA, enVision, Secured, and SecurID are registered trademarks or trademarks of RSA Security, Inc. in the U.S. and/or other countries. EMC is a registered trademark of EMC Corporation. All other company and product names may be trademarks of their respective owners.

October 13th, 2009 | Tags: SaaS, Security| Category: Cloud Computing, SaaS | No Comments »

ONLINE COMMUNITY	HOME BLOG FORUMS MARKETPLACE IDEA BANK PARTNERS