Sisense Cloud is hosted on Amazon Web Services (AWS). This enables Sisense’s software to take advantage of the robust security and compliance certifications available on AWS. More information about AWS Security can be found at https://aws.amazon.com/security/.  A list of certifications and assurance programs can be found at https://aws.amazon.com/compliance/.

If you’re new to Sisense, you can learn more about Sisense security here.

 Sisense’s System Environment Secure Deployment

 AWS Account Access Restriction

The Sisense Cloud is managed by a small number of designated Sisense IT staff with a demonstrated need to service the application or infrastructure. Access to the Sisense server may be required by IT, Sisense Cloud Service, Sisense Support and Sisense NOC staff. Authorized Sisense staff access the AWS account via multifactor authentication (MFA).

 Sisense Server

Sisense deploys a dedicated and isolated virtual server in the AWS for each Licensee. Each Licensee’s deployment is completely independent of, and does not have access to, any other Sisense Licensee’s deployment.

 Windows OS Updates

Sisense Cloud Service keeps the Windows OS up to date with the latest updates and timely installation of security patches.

 Windows Hardening

 Sisense Follows Windows OS is hardened per the best practices described here:

https://technet.microsoft.com/en-us/library/cc526440.aspx

 Sisense Windows Passwords

All passwords are required to meet Windows complexity requirements.

 Control Open Ports

All incoming and outgoing ports are blocked by default. There is a predefined list of ports that are open for the Sisense application, as follows:

  • Incoming port for Sisense UI (HTTPS)
  • Incoming port for access to Sisense ElastiCube Manager (RDWeb)
  • Outgoing ports for DB connectors

 Anti-Virus

Sisense runs anti-virus software on its cloud servers.

 Restricted Access to Sisense Server

 Access to Sisense server is restricted as follows:

 IP Restriction

By Sisense – Sisense’s access to each Sisense Cloud server through the Windows Remote Desktop Protocol (RDP) is enabled from designated Sisense IP addresses only.

By Customer – Customer’s access to approved applications on the Sisense Cloud server through Remote Desktop Web Access (RDWeb) is performed from designated IP’s only

The Cloud Access IP Whitelist is maintained by the Sisense IT.

 Secure Business Flow

 To minimize the possibility of a security breach when working with the Sisense Software on the Sisense Cloud, Sisense has established security controls covering the entire business cycle:

 Sisense Deployment Architecture to Prevent Direct Access to Server

Sisense deploys the Software in a cloud architecture that enables use the Software while restricting the Customer’s direct access to the Sisense server.

 Access to the ElastiCube Manager is performed via RDWeb. This secure and encrypted access is limited to working with a designated application and file folders only.

 Secure Web Access

Web access uses secure HTTPS secure protocol with *.sisense.com certificate (other domain certificate can be configured upon request).

 Moving Assets to the Sisense Software in the Sisense Cloud – Secure FTP

As part of the Sisense BI business lifecycle, a customer may need to move files and other components to the Sisense BI server (such as UI Plugins, REST API Connector, ODBC driver, Rebranding logos, Dash files, ElastiCube and dashboard migration between environments).

Manual transfer of files to designated folders is performed via RDWeb. Automated transfer is performed via SFTP enabled on the Sisense Cloud server.

 No Third Party Software on Sisense Cloud Server

 To ensure the tight security, no Customer software other than Sisense can be installed on the Sisense Cloud server. This restriction includes browsers, which are blocked on the server to prevent infiltration from the internet.

 Customer Security Responsibilities

 The Sisense Cloud is intended to be connected to Customer systems and networks that Sisense does not control. The Customer is responsible for maintaining security on its own systems and networks and ensuring that the channels it uses to access the Sisense Cloud are protected against malicious software and unauthorized access. Customer should ensure that its authorized users adhere to Sisense’s configuration guidance and use the Sisense Cloud only as directed.