Sisense Cloud Security Controls
Sisense Cloud is hosted on Amazon Web Services (AWS). This enables Sisense's software to take advantage of the robust security and compliance certifications available on AWS. For more information about AWS Security, see AWS Cloud Security. For a list of certifications and assurance programs, see AWS Compliance.
If you are new to Sisense, you can learn more about Sisense security here.
Sisense's System Environment Secure Deployment
AWS Account Access Restriction
The Sisense Cloud is managed by a small number of designated Sisense IT staff with a demonstrated need to service the application or infrastructure. Access to the Sisense server may be required by IT, Sisense Cloud Service, Sisense Support and Sisense NOC staff. Authorized Sisense staff access the AWS account via multifactor authentication (MFA).
Sisense deploys a dedicated and isolated virtual server in the AWS for each Licensee. Each Licensee's deployment is completely independent of, and does not have access to, any other Sisense Licensee's deployment.
Control Open Ports
All incoming and outgoing ports are blocked by default. There is a predefined list of ports that are open for the Sisense application, as follows:
- Incoming port for Sisense UI (HTTPS)
- Incoming port for access to Sisense ElastiCube Manager (RDWeb)
- Outgoing ports for DB connectors
Sisense runs anti-virus software on its cloud servers.
Restricted Access to Sisense Server
Access to Sisense server is restricted as follows:
Customer's access to approved applications on the Sisense Cloud server through Remote Desktop Web Access (RDWeb) is performed from designated IPs only
The Cloud Access IP Whitelist is maintained by the Sisense IT.
Secure Business Flow
To minimize the possibility of a security breach when working with the Sisense Software on the Sisense Cloud, Sisense has established security controls covering the entire business cycle:
Sisense Deployment Architecture to Prevent Direct Access to Server
Sisense deploys the Software in a cloud architecture that enables use the Software while restricting the Customer's direct access to the Sisense server.
Access to the ElastiCube Manager is performed via RDWeb. This secure and encrypted access is limited to working with a designated application and file folders only.
Secure Web Access
Web access uses secure HTTPS secure protocol with *.sisense.com certificate (other domain certificate can be configured upon request).
Moving Assets to the Sisense Software in the Sisense Cloud - Secure FTP
As part of the Sisense BI business lifecycle, a customer may need to move files and other components to the Sisense BI server (such as UI Plugins, REST API Connector, ODBC driver, Rebranding logos, Dash files, ElastiCube and dashboard migration between environments).
Manual transfer of files to designated folders is performed via RDWeb. Automated transfer is performed via SFTP enabled on the Sisense Cloud server.
No Third Party Software on Sisense Cloud Server
To ensure the tight security, no Customer software other than Sisense can be installed on the Sisense Cloud server. This restriction includes browsers, which are blocked on the server to prevent infiltration from the internet.
Customer Security Responsibilities
The Sisense Cloud is intended to be connected to Customer systems and networks that Sisense does not control. The Customer is responsible for maintaining security on its own systems and networks and ensuring that the channels it uses to access the Sisense Cloud are protected against malicious software and unauthorized access.
Customer should ensure that its authorized users adhere to Sisense's configuration guidance and use the Sisense Cloud only as directed.