State-of-the-art Security Provides Peace of Mind
Rally delivers the highest levels of physical, network, server, application and data security to ensure that your data remains private, available and secure.
We know that security and data integrity are crucial to you and that's why Rally has devoted significant resources to implement a state-of-the-art security infrastructure. We verify our security procedures through independent audits that regularly assess our physical, network, server, application and data systems for vulnerabilities.
- Secure facility features 24-hour manned security, biometric access control, video surveillance and physical locks.
- Power supplied by redundant grids, with redundant UPS and backup generators.
- Highly scalable and redundant online infrastructure with failover capabilities.
- Real-time monitoring of all network, server and application stability or security problems.
- Best-of-class firewall and router technology, strong SSL encryption and a Network Intrusion Detection System that monitors and proactively blocks worms, hackers and other undesirables.
- All log files retained and analyzed to proactively monitor network activity.
- Third-party security analysis firm performs ongoing vulnerability threat assessments of network and security infrastructure.
- Storage area network uses RAID 10 and production servers use RAID 5 for primary internal OS disk subsystems. Mirroring assures consistent availability.
- Servers run carrier-class network operating systems and are updated to latest patch levels. Servers are hardened by removing all unnecessary software and services.
- All devices and software are protected by strong passwords, and are only accessible using strongly encrypted communication paths.
- Each user is assigned a unique username and password that must be entered at each login.
- A customer-designated Rally subscription administrator is the only one who has the authority to manage your login accounts.
- Access via Secure Socket Layer (SSL) protects your information using both server authentication and data encryption.
- After authentication, user identity accompanies every request to strictly enforce segregation of customer data.
- Session "cookies" only record encrypted authentication information for the duration of a specific session. The session "cookie" does not include username or password.
- Rally Software does not use "cookies" to store other confidential information, but instead implements advanced security methods based on dynamic data and encoded session IDs.
- Unsuccessful login attempts are detected and logged. Login accounts are disabled after a maximum number of unsuccessful login attempts is exceeded.
- Application security ensures complete segregation and privacy of customer data.
- Customers own their data. Rally employees cannot access customer data without permission.
- Customers may request an XML export of the data by contacting Rally Customer Service.
- Nightly backups of all production systems and databases.
- Backups, verification and restores are handled off-site from Rally's hosting facility, though additional backups are also retained on-site at the hosting facility.
- Backups are regularly migrated to Rally's corporate headquarters. In the event of a catastrophic failure in the hosting facility, Rally can rapidly bring all systems back online at its high-bandwidth corporate headquarters.