These are the answers to the questions we are asked the most

Security 

Q. Does 3-GIS integrate logs and metrics to enable traceability within our AWS services?

      A. Yes

Back to the top

 

Q. Does 3-GIS utilize token or encryption services to protect data in transit and at rest?

      A. Yes, we utilize token encryption in both cases. See a further explanation below.

In transit encryption: Tokens can be acquired through either an HTTP GET or an HTTP POST. Using a POST is always more secure. GET requests may leave usernames/passwords in network equipment history and in the browser history. Esri APIs and products use POST when acquiring tokens. However for the convenience of people writing scripts, tokens can be acquired via GET requests. Esri recommends against obtaining tokens via GET requests in secure environments. 3-GIS uses HTTP POST.

At rest encryption: When ArcGIS Server is configured to use GIS-tier authentication, client applications ask the user for their username and passwords. Those client applications then send the username/password to ArcGIS Server and receive a token in exchange. That token can then be used on subsequent requests so that the username/password do not need to be sent.

Back to the top

 

Q. Does 3-GIS run regular security tests on customer's data stored in the cloud? What are the specifics such as time frame, etc?

     A. We have a daily reporting from evident IO which analyses logs from AWS and notifies us if we have any violations of the AWS best practices. This is focused on network access which covers the data tier. 

The Evident Security Platform is the first and only cloud-native infrastructure security solution providing full coverage of all AWS accounts, services and regions, services and standard regions. ESP combines the detection and analysis of misconfigurations, vulnerabilities, and risk, with guided remediation and audit capabilities to meet compliance requirements, all in one solution. ESP was designed specifically to help modern IT, DevOps and risk/compliance teams implement and maintain security within the cloud shared responsibility model. ESP enables IT, Security, Engineering, and Operations with a continuous global view of security risk and compliance, with the actionable intelligence needed to rapidly remediate and secure their entire AWS infrastructure. ESP gathers the AWS services configuration data, CloudTrail and log data, and other information from each AWS account or Azure subscription via the Amazon APIs. This data is then input into the ESP risk analysis engine which generates a detailed assessment of the security risks, misconfigurations and vulnerabilities it detects. ESP is neither an active or passive vulnerability scanner in the traditional sense. Unlike traditional, on-premise/virtual vulnerability scanners that use active scanning technology, ESP does not directly “scan” cloud assets to identify OS or application layer vulnerabilities running inside instances – as it cannot view the actual contents of AWS services like EC2, S3, VMs or storage. ESP operates at the control plane layer of AWS and uses a passive methodology to collect vulnerability and configuration data via the APIs, providing a detailed security assessment of the underlying cloud infrastructure. Amazon manages security of the AWS cloud; while the security of the assets stored in the cloud is the responsibility of you, the customer. The customer is responsible for ensuring the security and configuration of the services running in AWS or Azure in addition to the applications and OSs that are implemented. Because ESP is interacting directly with the API at the control plane, it does not impact the performance of any instances or services running in your cloud environment. The configuration information from your cloud accounts are analyzed by a risk engine that determines the severity of risk to help organizations prioritize their remediation efforts. Each vulnerability of misconfiguration is tagged with a specific severity status indicating:

High : High severity alerts pose the most significant risk to your cloud deployment and should be examined and remediated as soon as possible.

Medium : A medium severity alert identifies issues that should be tracked and scheduled for remediation.

Low : Low level alerts may not be applicable or local business rules have determined that it is not a threat.

You have the ability to change the risk level for each security control check to match your organization’s security policy. Customer data is always encrypted during collection, in transit when inside our VPCs, and at rest in our data stores. At account termination your account and any data used to identify your infrastructure will be purged from our systems. Daily risk summary reports are emailed to ESP users identifying new risks from the last 24 hours and summarizing the previous alerts per account and service. Only specific ports are opened to the infrastructure, this is done via security groups and virtual private clouds.

Back to the top

 

Q. Does 3-GIS have access to the AWS Shared Responsibility Model?

     A. Yes, see below.

AWS shared responsibility model.png

Back to the top

 

Q. What are our credential management practices? 

     A. All users of the system are managed VIA MS Active directory using a standard protocol.

Back to the top

 

Q. What practices do we implement to define roles, responsibilities, and fine-grained authorization?

     A. We manage permissions with groups, the benefits of doing this are:

  • Reduces the complexity of access management as the number of users grow
  • Reduces the opportunity for a user to accidentally get excessive access
  • Assign permissions based on change in responsibility
  • Update permissions for multiple users
  • Create groups that relate to job functions
  • Attach policies to groups
  • Use managed policies to logically manage permissions
  • Manage group membership to assign permissions

Back to the top

 

Support

Q. What is the disaster recovery strategy?

     A. We will work with each customer to define their priorities and implement backup policies and disaster recovery architecture.

Back to the top

Q. Are there any planned outages?

    A. There are scheduled outages but with minimum downtime.

Back to the top

Q. How are any unplanned outages handled?

     A. 3-GIS monitors uptime and will notify customers of any unplanned outages.

Back to the top

Q. How is data extracted?

    A. Data can be exported from the application in KMZ, shapefile or file geodatabase formats. We can also give customers access to a database dump through secure FTP locations. 

Back to the top

Q. Who is considered the "owner of the data"?

     A. Technically, 3-GIS is the AWS Customer. 3-GIS customers retain full ownership and control of the content they store on AWS. AWS will not view, use or move customer content unless authorized by the customer.

Back to the top

Q. How does 3-GIS handle integration with other systems?

     A. 3-GIS Network Solutions is designed on a Service Oriented Architecture and is Web 2.0 compliant, making integration  straight-forward.

Back to the top

Application 

Q. What does a splice document deliverable look like?

     A. Our splice documentation shows details about the splice, such as length of each cable, starting locations and ending locations of each path, and if any circuits are assigned the ID will display to the corresponding connection of that splice. Another benefit our our splice output is that it allows any number of cables to be displayed and mapped easily.  Our splice reports export to an Excel spreadsheet which allows easy sharing with others. The following is and example of the 3-GIS splice report.

update splice document 9-18

Back to the top

 

Q. What does a bill of quantities/materials look like

     A. The BOM (Bill of Materials) tool is used to generate a list of materials costs for a project based on features and assemblies placed within a specified polygon feature.  Polygons, assemblies, and costs are configured in 3-GIS Admin. Our BOM is customizable, for instance it can be pointed to a materials table or have details in multiple tabs such as parts and labor. Our BOM tool is available in the work packets tool or as a standalone tool. See the  following for an example of the 3-GIS BOM report.

BOM

Back to the top

 

Q. What types of GIS data files are compatible?

     A. The following data types can be imported using the 3-GIS import feature:

  • File GDB
  • Shapefile
  • CSV
  • KML
  • KMZ

The following data types can be imported/loaded through standard Esri data conversion and loading tools via hosted server access.

  • File GDB
  • Shapefile
  • CSV
  • KML
  • KMZ
  • XML Workspace Doc
  • DWG
  • DGN
  • Any other Esri accepted data type

Back to the top

 

Q. Is is possible to input a base map of imagery or road map for reference?

     A. Any number of sources can be loaded into the system. The user has a drop down menu for selecting from these predefined sources which ones the want to load into each view. Additionally, if a URL is known the user has the ability to pull in that data on the fly.

Users have access to any public Esri base map using 3-GIS | Web. Any map service or image service that is available via Esri REST can be referenced.

Current popular out of the box base maps include the following:

  • Esri World Imagery
  • Esri Streets
  • Esri World Topographic

Back to the top

 

Q. Is a printable quality map product with an applicable legend available?

     A.  Our system is currently in use by dozens of engineering firms to generate the construction output necessary to attain permits. The system can also generate all the documents need for crews to construct network and document as-builts.

3-GIS supports plotting leveraging grids or data driven pages. Templates can be created for specific plotting requirements. The templates are based on separate MXD documents that are referenced in the plotting engine. 3-GIS also has the work packet tool which allows the user to output required deliverables in a single packet that include the follow as examples.

  • Permit drawings
  • Construction drawings
  • Splice reports
  • BOM

Back to the top 

 

Q. Can 3-GIS be used with QGIS?

     A. Our data can be exported into a GDB and KMZ which can be used by the QGIS system.

Back to the top

 

Q. Does the operator have full capability to create layers, style libraries, etc.?

     A. Our admin software provides the capabilities to create and publish new layers and update symbology as needed. These services can also be provided by 3-GIS if needed.

Back to the top

 

Product and user support

Q. Is there an online forum for other user and troubleshooting?

    A. 3-GIS has an online knowledge base that is access with your user ID and PW, https://kb.3-gis.com. The knowledge base provides technical documentation to support tool configuration as well as user guides to help users understand tool functionality. The knowledge base is a live repository that is continually updated as new documentation is available.

Back to the top

 Q. What training and courses are available?

     A. Instructor-led training is available both onsite and online. The training can be customized to best meet the customers needs.

All users have 24/7 access to the quick start online training courses. The courses are self-guided and cover all the features and functions of the 3-GIS core product. Users need to fill out this form to get login credentials.  

Back to the top

Setup and migration

Q. What does it take to switch over our current system and convert our data to 3-GIS?

     A. 3-GIS has several processes from past data conversion projects that will aid in any data conversion required to transition your data into 3-GIS. An in depth understanding of the existing data and schema would be required to determine the level of effort to convert any data to 3-GIS.

Back to the top

 

Q. Is the software forward and backwards CAD compatible?

     A.  3-GIS does support the ability to import CAD files. Data integrity is very important in this process. Controls on the CAD file production process will need to be in place to ensure the data that needs to be imported is delivered in the proper format. 3-GIS can export data that can be ingested in to CAD. A REST endpoint can also be exposed to allow for a real time view of the data in CAD.

Back to the top

 

Q. What mistakes should be avoided during implementation?

     A. Overthinking implementation is the number one mistake.  When implementing 3-GIS Network Solutions, don't approach with client-server architecture in mind.  Consider a web-based architecture and consider how everyone in your enterprise will benefit from having the data instantly available on their desktop or mobile device. 

  Back to the top

Take a product tour




Request a demo

Schedule a live demo and learn about how 3-GIS network solutions can help your business