Security
Q. Does 3-GIS integrate logs and metrics to enable traceability within our AWS services?
Q. Does 3-GIS utilize token or encryption services to protect data in transit and at rest?
A. Yes, we utilize token encryption in both cases. See a further explanation below.
In transit encryption: Tokens can be acquired through either an HTTP GET or an HTTP POST. Using a POST is always more secure. GET requests may leave usernames/passwords in network equipment history and in the browser history. Esri APIs and products use POST when acquiring tokens. However for the convenience of people writing scripts, tokens can be acquired via GET requests. Esri recommends against obtaining tokens via GET requests in secure environments. 3-GIS uses HTTP POST.
At rest encryption: When ArcGIS Server is configured to use GIS-tier authentication, client applications ask the user for their username and passwords. Those client applications then send the username/password to ArcGIS Server and receive a token in exchange. That token can then be used on subsequent requests so that the username/password do not need to be sent.
Q. Does 3-GIS run regular security tests on customer's data stored in the cloud? What are the specifics such as time frame, etc?
A. We have a daily reporting from evident IO which analyses logs from AWS and notifies us if we have any violations of the AWS best practices. This is focused on network access which covers the data tier.
The Evident Security Platform is the first and only cloud-native infrastructure security solution providing full coverage of all AWS accounts, services and regions, services and standard regions. ESP combines the detection and analysis of misconfigurations, vulnerabilities, and risk, with guided remediation and audit capabilities to meet compliance requirements, all in one solution. ESP was designed specifically to help modern IT, DevOps and risk/compliance teams implement and maintain security within the cloud shared responsibility model. ESP enables IT, Security, Engineering, and Operations with a continuous global view of security risk and compliance, with the actionable intelligence needed to rapidly remediate and secure their entire AWS infrastructure. ESP gathers the AWS services configuration data, CloudTrail and log data, and other information from each AWS account or Azure subscription via the Amazon APIs. This data is then input into the ESP risk analysis engine which generates a detailed assessment of the security risks, misconfigurations and vulnerabilities it detects. ESP is neither an active or passive vulnerability scanner in the traditional sense. Unlike traditional, on-premise/virtual vulnerability scanners that use active scanning technology, ESP does not directly “scan” cloud assets to identify OS or application layer vulnerabilities running inside instances – as it cannot view the actual contents of AWS services like EC2, S3, VMs or storage. ESP operates at the control plane layer of AWS and uses a passive methodology to collect vulnerability and configuration data via the APIs, providing a detailed security assessment of the underlying cloud infrastructure. Amazon manages security of the AWS cloud; while the security of the assets stored in the cloud is the responsibility of you, the customer. The customer is responsible for ensuring the security and configuration of the services running in AWS or Azure in addition to the applications and OSs that are implemented. Because ESP is interacting directly with the API at the control plane, it does not impact the performance of any instances or services running in your cloud environment. The configuration information from your cloud accounts are analyzed by a risk engine that determines the severity of risk to help organizations prioritize their remediation efforts. Each vulnerability of misconfiguration is tagged with a specific severity status indicating:
High : High severity alerts pose the most significant risk to your cloud deployment and should be examined and remediated as soon as possible.
Medium : A medium severity alert identifies issues that should be tracked and scheduled for remediation.
Low : Low level alerts may not be applicable or local business rules have determined that it is not a threat.
You have the ability to change the risk level for each security control check to match your organization’s security policy. Customer data is always encrypted during collection, in transit when inside our VPCs, and at rest in our data stores. At account termination your account and any data used to identify your infrastructure will be purged from our systems. Daily risk summary reports are emailed to ESP users identifying new risks from the last 24 hours and summarizing the previous alerts per account and service. Only specific ports are opened to the infrastructure, this is done via security groups and virtual private clouds.
Q. Does 3-GIS have access to the AWS Shared Responsibility Model?
A. Yes, see below.
Q. What are our credential management practices?
A. All users of the system are managed VIA MS Active directory using a standard protocol.
Q. What practices do we implement to define roles, responsibilities, and fine-grained authorization?
A. We manage permissions with groups, the benefits of doing this are:
Application
Q. What does a splice document deliverable look like?
A. Our splice documentation shows details about the splice, such as length of each cable, starting locations and ending locations of each path, and if any circuits are assigned the ID will display to the corresponding connection of that splice. Another benefit our our splice output is that it allows any number of cables to be displayed and mapped easily. Our splice reports export to an Excel spreadsheet which allows easy sharing with others. The following is and example of the 3-GIS splice report.
Q. What does a bill of quantities/materials look like
A. The BOM (Bill of Materials) tool is used to generate a list of materials costs for a project based on features and assemblies placed within a specified polygon feature. Polygons, assemblies, and costs are configured in 3-GIS Admin. Our BOM is customizable, for instance it can be pointed to a materials table or have details in multiple tabs such as parts and labor. Our BOM tool is available in the work packets tool or as a standalone tool. See the following for an example of the 3-GIS BOM report.
Q. What types of GIS data files are compatible?
A. The following data types can be imported using the 3-GIS import feature:
The following data types can be imported/loaded through standard Esri data conversion and loading tools via hosted server access.
Q. Is is possible to input a base map of imagery or road map for reference?
A. Any number of sources can be loaded into the system. The user has a drop down menu for selecting from these predefined sources which ones the want to load into each view. Additionally, if a URL is known the user has the ability to pull in that data on the fly.
Users have access to any public Esri base map using 3-GIS | Web. Any map service or image service that is available via Esri REST can be referenced.
Current popular out of the box base maps include the following:
Q. Is a printable quality map product with an applicable legend available?
A. Our system is currently in use by dozens of engineering firms to generate the construction output necessary to attain permits. The system can also generate all the documents need for crews to construct network and document as-builts.
3-GIS supports plotting leveraging grids or data driven pages. Templates can be created for specific plotting requirements. The templates are based on separate MXD documents that are referenced in the plotting engine. 3-GIS also has the work packet tool which allows the user to output required deliverables in a single packet that include the follow as examples.
Q. Can 3-GIS be used with QGIS?
A. Our data can be exported into a GDB and KMZ which can be used by the QGIS system.
Q. Does the operator have full capability to create layers, style libraries, etc.?
A. Our admin software provides the capabilities to create and publish new layers and update symbology as needed. These services can also be provided by 3-GIS if needed.
© 2018 3-GIS | Privacy Policy | Cookie Policy
