World-Class Security and Data Protection

With Rally, you enjoy protection and peace of mind that a world-class network infrastructure provides.

Rally and technology partner ViaWest deliver the highest levels of physical, network, server, application and data security that ensures your data remains private, available and secure. We know that security and data integrity are crucial to you and that’s why we devote significant resources to give you total security and availability for your development information.

• Security Tech Note

Physical Security

• Secure facility features 24-hour manned security, biometric access control, video surveillance and physical locks.
• Power supplied by redundant grids, with redundant UPS and backup generators.

Network Security

• Highly scalable and redundant online infrastructure with failover capabilities.
• Real-time monitoring of all network, server and application stability or security problems.
• Best-of-class firewall and router technology, strong SSL encryption and a Network Intrusion Detection System that monitors and proactively blocks worms, hackers, and other undesirables.
• All log files retained and analyzed to proactively monitor network activity.
• Third-party security analysis firm performs ongoing vulnerability threat assessments of network and security infrastructure.

Server Security

• Storage area network uses RAID 10 and production servers use RAID 5 for primary internal OS disk subsystems. Mirroring assures consistent availability.
• Servers run carrier-class network operating systems and are updated to latest patch levels. Servers are hardened by removing all unnecessary software and services.
• All devices and software are protected by strong passwords, and are only accessible using strongly encrypted communication paths.

Application Security

• Each user is assigned a unique user name and password that must be entered at each login.
• A customer-designated Rally subscription administrator is the only one who has the authority to manage your login accounts.
• Access via Secure Socket Layer (SSL) protects your information using both server authentication and data encryption.
• After authentication, user identity accompanies every request to strictly enforce segregation of customer data.
• Session “cookies” only record encrypted authentication information for the duration of a specific session. The session "cookie" does not include username or password.
• Rally Software does not use “cookies” to store other confidential information, but instead implements advanced security methods based on dynamic data and encoded session IDs.
• Unsuccessful login attempts are detected and logged. Login accounts are disabled after a maximum number of unsuccessful login attempts is exceeded.

Data Security

• Application security ensures complete segregation and privacy of customer data.
• Customers own their data. Rally employees cannot access customer data without permission.
• Customers may request an XML export of the data by contacting Rally Customer Service.
• Nightly backups of all production systems and databases.
• Backups, verification and restores are handled offsite from Rally's hosting facility, though additional backups are also retained onsite at the hosting facility.
• Backups are regularly migrated to Rally's corporate headquarters. In the event of a catastrophic failure in the hosting facility, Rally can rapidly bring all systems back online at its high-bandwidth corporate headquarters.