Riverbed Xirrus is committed to delivering highly available and reliable cloud services built on next-generation technology. XMS-Cloud, EasyPass Access Services, and CommandCenter collect network management data that is user-related and performance related from the customer's Wi-Fi network to deliver the best services. Riverbed follows rigorous industry standard security and compliance processes to ensure the reliability, scalability, availability, security of XMS-Cloud services and data privacy of our users.
Data Center Processes
XMS-Cloud Services are hosted in state-of-the-art data centers which utilize innovative architectural and engineering approaches. All XMS-Cloud Services are hosted in redundant data centers. The data center infrastructure provides customers with the features to deploy a resilient IT architecture, designed to tolerate system or hardware failures with minimal customer impact. These data centers are designed and managed in compliance with security best practices and a variety of IT security standards, which include but are not limited to:
CSA, ISO 9001 / 27001 / 270018
PCI DSS Level1, SOC 1 / 2 / 3
FISMA, FedRAMP, RIPs, FERPA, CJIS, NIST
DoD SRG, ITAR, PDPA, Privacy Act, MTSC
Firewalls and other boundary devices are in place at the data centers to monitor and control communications, detecting unusual or unauthorized activities and conditions at ingress and egress communication points. Access to the data centers is highly regulated and is limited to employees and contractors who have a legitimate business need for such privileges.
XMS-Cloud architecture is designed for high resiliency and availability. Access points continue to act autonomously even if a cloud connection is lost, meaning security and traffic are processed directly at the network edge in each access point. Management traffic between access points and the XMS-Cloud platform is encrypted using industry standard encryption (https over SSL/TLS) and protected at rest. XMS-Cloud Services provide granular role-based access to the XMS-Cloud console. Sessions are encrypted using SSL/TLS. XMS-Cloud also supports SSO-based access using federated identity management (FIdM) systems such as Azure and Google.
Adherence to Security and Privacy-Related Standards
XMS-Cloud Services are built on a multitenant architecture with the utmost care to ensure separation of data between multiple tenants on the cloud infrastructure. Each tenant’s data is isolated from that of other tenants.
XMS-Cloud Services collect two types of data:
Performance measurements to provide IT organizations with visibility into the health of the network, like throughput, usage, or connection speed
Non-measurable descriptive attributes, which add context to the performance measurements to help troubleshoot the problem, like MAC address, device name, username, application name, etc.
XMS-Cloud collects performance measurements and attributes in three areas: application, devices and users.
XMS-Cloud identifies applications used on the Wi-Fi network
XMS-Cloud monitors: (a) the usage of these applications and (b) the top users of these applications
Device type and system information such as Windows, Mac, etc.
Hostname, MAC address, and IP address
Signal strength, connection speeds, Wi-Fi bands, channels
Location of user devices on the customer-uploaded floor map
Guest user data as enabled by the customer (e.g. phone numbers, public social media demographics, email address) (collectively, "EasyPass Guest Data")
Access to this data is regulated based on roles. XMS-Cloud assigns privileges to administrative users according to the principle of least privilege. Network Management Data and statistical data collected from access points are transmitted to XMS-Cloud using encrypted industry standard protocols. Collected data is backed up regularly to deliver the highest level of service. Riverbed does not share this data with third parties unless a customer has authorized that certain data be shared through application programming interfaces (APIs) or other means. Customer approved data sharing is implemented using JSON APIs which use SSL/TLS to encrypt data in transit.