Securely-hosted enterprise portals
Security in Northern Light hosted enterprise portals is our highest priority because our clients trust us with their most strategic and sensitive market intelligence, competitive intelligence, market research, and business strategy material.
Securely-hosted SinglePoint portals provide multi-level, enterprise grade security and access control. Northern Light has successfully and uneventfully hosted highly sensitive, large-scale SinglePoint implementations for the world’s most well-known enterprises since 2000. Regularly subjected to rigorous review by these industry leaders, Northern Light’s policies, practices, and procedures in our hosted enterprise portals always meet – and frequently exceed – the standards set by our clients’ IT professionals. Market research, market intelligence, and competitive intelligence managers considering a Northern Light solution can rest assured Northern Light will pass the security audit that will be required by your IT department as part of the project.
Transmission of client content
In order to provide the best possible search results Northern Light needs to extract all the text from the original document to index in our data center. The transmission of market intelligence documents can use any method that is most convenient for each client – SSL, FTP, SFTP, VPN, or any dedicated communications channel. In most cases, once the data is indexed, the actual document is served from the originating source – whether it be an internal web server, a secured external content supplier’s website, an Internet site, or a government database.
Storage of client content
We encrypt client content on our network using the same level of encryption used by the U.S. Military to secure its battlefield communications. We host it on a physically separated document server on the Northern Light network which will only respond to requests from the web servers assigned to the client. Since few corporate networks routinely encrypt content, content that resides in Northern Light hosted enterprise portals is arguably more secure than anywhere else.
Northern Light hosted enterprise portals and applications are in two geographically separate datacenters (Boston and Charlotte) both of which are tightly secured against physical entry. Physical access to the servers is attained only after passing a number of security steps including confirmation by onsite security staff of access privileges. The two datacenters communicate with each other via a private 2 gbps fiber line. (Not over the Internet.) The datacenters have fire suppression systems, onsite generators and oil storage, and multiple Internet connections from different corners of the buildings.
Northern Light uses industry best practices for securing the network against intrusion. These practices include employing industry-leading intrusion prevention and detection systems, keeping all applications and operating systems up-to-date and patched, and scanning our applications for security vulnerabilities on a regular basis. Northern Light employs an outside consulting firm to test our network applications and security practices to ensure our client portals are secure. The report from the consulting firm is available for our clients to review.
Northern Light personnel
The policies and processes that Northern Light follows in hiring form the first steps we take in securing our clients’ interests. All prospective employees undergo background checks and resume verification. Additionally, access to client material is tightly restricted on a need-to-have basis relating to immediate development tasks. Employee access to client hosted enterprise portals is managed centrally via Active Directory. In this way access to the Northern Light network and all client portals can be killed simultaneously by deleting an employee account on Active Directory. Also, the system tracks employees’ real identities when they use company portal accounts like QA or Client Support, and all actions are logged.
When it comes to securing document access for use by our clients’ employees, Northern Light recommends that clients use secure means of authentication such as any form of Single-Sign-On (SSO) by which user authentication can be done on the customer LAN, using tools like Active Directory or Siteminder. The client’s network authenticates the user to our network and identifies the user so the SinglePoint portal can be personalized on the fly for that user. An advantage of SSO is that if a client employee leaves the client company, the ex-employee loses access to the SinglePoint portal automatically and immediately. In addition, Northern Light supports network security appliances, IP validation, and VPN’s as security solutions. Clients can combine these methods. For example, some use both SSO and VPN’s. For clients that cannot use SSO or other technical means for user authentication, Northern Light also offers a secure account creation, validation and management system.
Document level security for access privileges
Northern Light enforces access at the document level according to terms of licensing for each third party syndicated source. In addition, we enforce access according to the permissions granted by a company to users, groups, or roles for internal documents. If a document is restricted to certain designated individuals or user groups, SinglePoint can filter the search results so that users who have not been authorized to access the document will not see it in their search results. Restricted documents can alternatively be included in search results, but locked and showing links containing information on access options for users without privileges. The choice is up to our clients.