CellarStone Inc. (herein referred to as CellarStone in this document) is committed to ensuring the confidentiality, integrity, and availability of our customers’ information, which is vital to their business operations and therefore to our success. We use a multi-layered approach to protect that key information, constantly monitoring and improving our applications, systems, and processes to meet the changing demands and challenges of security. CellarStone will implement procedures and controls at all levels to protect the confidentiality and integrity of information stored and processed on its systems and ensure that information is available only to authorized persons as and when required. This document details CellarStone policies to ensure the protection of its information assets, and to allow the use, access, and disclosure of such information in accordance with appropriate standards, laws, and regulations.
- 24×7 monitoring by guard force and cameras
- Data center space is physically isolated and accessible only by specified administrators
- Fully-managed, hardened, stateful inspection firewall technology
- Fully-managed Intrusion Detection System (IDS)
- Security, visibility and carrier-class threat management and remediation utilizing Virtual Cloud Networks to compare real-time network traffic, immediately flagging anomalies such as:
- Distributed Denial of Service (DDoS) attacks, worms or botnets
- Network issues such as traffic and routing instability, equipment failures, or misconfigurations
- 24x7x365 Virtual Firewall, IPSec VPN, and IDS support and maintenance
- 24/7 incident response teams ready to detect and respond to events.
Key Security Features
Security is part us, and part you. That’s why we’ve developed best practices for securing CellarStone.
- Customer isolation: Allow customers to deploy their application and data assets in an environment that commits full isolation.
- Data encryption: Protect customer data at-rest and in-transit in a way that allows customers to meet their security and compliance requirements with respect to cryptographic algorithms and key management.
- Security controls: Offer customers effective and easy-to-use application, platform, and network security solutions that allow them to protect their workloads, have a secure application delivery using a global edge network, constrain access to their services, and segregate operational responsibilities to reduce the risk associated with malicious and accidental user actions.
- Visibility: Offer customers comprehensive log data and security analytics that they can use to audit and monitor actions on their resources, allowing them to meet their audit requirements and reduce security and operational risk.
- Secure hybrid cloud: Enable customers to use their existing security assets, such as user accounts and policies, as well as third-party security solutions when accessing their cloud resources and securing their data and application assets in the cloud.
- High availability: Offer fault-independent data centers that enable high availability scale out architectures and are resilient against network attacks, ensuring constant uptime in the face of disaster and security attack.
- Verifiably secure infrastructure: Follow rigorous processes and use effective security controls in all phases of cloud service development and operation. Demonstrate adherence to strict security standards through third-party audits, certifications, and attestations. Help customers demonstrate compliance readiness to internal security and compliance teams, their customers, auditors, and regulators.
- Redundant UPS and generator backups for all systems HVAC (Heating Ventilation Air Conditioning) systems arranged in an N2 redundancy configuration.
- Automated controls that provide the appropriate levels of airflow, temperature, and humidity.
- Multi-zoned, dry pipe, water-based fire suppression systems.
- Monitors to sample the air and provide alarms prior to pressurization.
- Dual-alarm activation necessary for water pressurization.
- Water discharge specific to fire alarm location.
- All facilities built above sea level with no basement areas.
- Moisture barriers on exterior walls.
- Dedicated pump rooms for drainage/evacuations systems.
- Moisture detection systems.
- Location-specific seismic compliance.
- All facilities meet or exceed requirements for local seismic building codes.
- Perimeter virtual firewalls and virtual routers block unused protocols.
- Internal firewalls segregate traffic between the application and database tiers.
- A third-party service provider continuously scans the network externally and alerts changes in baseline configuration.
- Web application vulnerability assessments
- Network vulnerability assessments
- Selected penetration testing and code reviews
- Security control framework review and testing
If you or any of your users are unsure about whether a CellarStone email is legitimate, forward the email to .
System failures, suspected breach, or general incident
If you are experiencing a system failure, suspect some type of technical incident or breach, or have a general issue, please contact us at .
If you believe you may have received a fake email, forward the entire email – including the header information – to us at: , then delete it from your mailbox.
If you find or suspect a security incident, please report this to us at: .
Administrators – Protect Your Company by Implementing IP Restrictions
A great tool for protecting your applications is restricting login to those IP addresses that you specifically approve. To restrict IP addresses, click Setup > Users > User Information, and enter the appropriate address in the IP address field. When enabled, the specified user can only log into the CellarStone Incent application using the specified IP address.
To notify CellarStone about your primary administrative/security contact, contact CellarStone Support.
Secure Employee Systems
One of your goals should be to keep email fraud, malware and phishing attempts, from reaching your users. To help do this, secure all computers used by your employees by doing the following:
- Update all users to the latest supported browser version.
- Deploy email filtering technology. Make sure you white list CellarStone Incent IP addresses.
- Install and maintain virus and malware protection software on all user machines and keep all applications and definitions up to date.
Decrease Session Timeout Thresholds
Users sometimes leave their computers unattended or they don't log off. You can protect your applications against unauthorized access by automatically closing sessions when there is no session activity for a period of time.
Read Privacy Policies
Yes, they can be long and complex, but they tell you how the site maintains accuracy, access, security, and control of the personal information it collects; how it uses the information, and whether it provides information to third parties.