Professional Documents
Culture Documents
223032.en - Cce Security Overview WP
223032.en - Cce Security Overview WP
SECURITY OVERVIEW
Adobe SECURITY
At Adobe, we take the security of your digital assets Creative Cloud for enterprise Entitlement and Identity Management
seriously. From our rigorous integration of security
into our internal software development process Adobe Creative Cloud for enterprise gives large IT administrators have the option of entitling end user
and tools to our cross-functional incident response organizations access to Adobe’s creative desktop access to the Creative Cloud desktop applications
teams, we strive to be proactive and nimble. and mobile applications and services, workgroup such as Adobe Photoshop and Adobe Illustrator as
What’s more, our collaborative work with partners, collaboration, and license management tools. It also well as entitling the use of specific services by utilizing
researchers, and other industry organizations helps includes flexible deployment, identity management named user licensing and group entitlements in
us understand the latest threats and security best options including Federated ID with Single Sign-On, the Adobe Enterprise Dashboard. There are several
practices, as well as continually build security into annual license true-ups, and enterprise-level customer different flavors of named users available for licensing
the products and services we offer. support—and it works with other Adobe enterprise and deployment.
offerings.
This white paper describes the proactive approach Named users
and procedures implemented by Adobe to Storage Options
increase the security of your Adobe Creative Cloud To access Creative Cloud storage and services, IT
experience and your data. Creative Cloud for enterprise customers can choose administrators must provision their users with named
between multi-tenant storage or single tenant user licensing. Three types of named user licensing are
storage, or they can disable all Creative Cloud available:
services, including storage altogether. In general,
Creative Cloud for enterprise stores customer content Adobe ID is for Adobe-hosted, user-managed
on a multi-tenant server. However, Creative Cloud for accounts that are created, owned and controlled
enterprise with managed services is a configuration by individual users. Adobe ID accounts only have
option in which customer content is stored on a access to Creative Cloud for enterprise resources if
single-tenant server behind the organization’s firewall. an IT administrator enables access.
A full description of storage options is covered below.
Adobe Enterprise ID is an Adobe-hosted,
enterprise-managed option for accounts that are
created and controlled by IT administrators from the
customer enterprise organization. The organization
S3 data is encrypted with AES 256-bit symmetric Amazon KMS service: http://aws.amazon.com/kms/faqs/ Managed services S3 data is encrypted with server
security keys that are unique to each customer and side (AES) 256-bit symmetric security keys that
each customer’s claimed domain. The keys are Amazon EC2 service: http://aws.amazon.com/ec2/ are automatically managed. Customer accounts
managed by the Amazon Key Management Service have a regularly rotated unique master key that
(KMS) which provides additional layers of control and Creative Cloud for enterprise is stored completely separate from the customer
security for key management and will automatically managed services data. Similarly, each encrypted volume has a unique
rotate the key on an annual basis. volume encryption key that is then encrypted with a
Creative Cloud for enterprise managed services, as region-specific secure master key, both of which are
Content is stored in EBS features AES 256-bit shown in the diagram above, is where customer used in memory and are never stored as plain text.
encryption utilizing Federal Information Processing content is stored on a single-tenant server, behind
Standards (FIPS) 140-2 approved cryptographic the organization’s firewall. Customer content utilizing Content is stored in EBS features AES 256-bit
algorithms consistent with National Institute managed services storage is processed by an Amazon encryption utilizing Federal Information Processing
of Standards and Technology (NIST) 800-57 Elastic Compute Cloud (EC2) instance and stored on a Standards (FIPS) 140-2 approved cryptographic
recommendations. combination of Amazon Simple Storage Services (S3) algorithms consistent with National Institute
buckets and through an Adobe Experience Manager of Standards and Technology (NIST) 800-57
instance running on an Amazon Elastic Block Store recommendations.
Service monitoring
AWS monitors electrical, mechanical, and life support systems and equipment to
help ensure immediate identification of any issues. In order to maintain the continued
operability of equipment, AWS performs ongoing preventative maintenance.
Adobe stores all Creative Cloud data in Amazon S3, which provides a storage
infrastructure with high durability, according to Amazon. To help provide durability,
Eng. infr. Incident Prd & svsc Marketing IT security Risk, audit Corporate Cloud ops Creative Cloud Document Marketing
security response security & advisory security Cloud cloud
• Security training and certification for product teams Abuse, fraud & Requirements
incident responses & planning
• Product health, risk, and threat landscape analysis
NT > CO
• Secure coding guidelines, rules, and analysis E MM
E M
• Service roadmaps, security tools, and testing methods
UN
Operations & Design
Y ENGA
that guide the Creative Cloud security team to help monitoring
I T Y EN G AG
address the Open Web Application Security Project
(OWASP) top 10 most critical web application security
flaws and CWE/SANS top 25 most dangerous
T
software errors
I
UN
• Security architecture review and penetration testing M EM
M ENT
• Source code reviews to help eliminate known flaws
> CO
that could lead to vulnerabilities