Mike Meredith - January 11, 2016
Since our founding three years ago, VictorOps has focused on building a secure, reliable platform that our users can trust. We’ll be bringing that focus on data security to the forefront in 2016, with lots of exciting announcements on the way.
As the Sr. IT Director, it’s my job to oversee the security of our platform and our network. As such, I get the opportunity to talk to a lot of our customers about the security of their data, and best practices for using our service. In the next few months I’ll be talking about some of the topics that come up again and again, in a series of blog posts focusing on security.
At VictorOps, we’ve always recognized the sensitive nature of alert and monitoring data. While different organizations classify their alert data differently, we treat all data sent to us from a customer as sensitive and confidential. That said, many organizations may generate alert data that they consider highly confidential or of a critical sensitivity. Such organizations should take the time to ensure that they’re comfortable with the data being sent into the VictorOps platform.
Here are some principles to keep in mind when integrating your toolset with VictorOps:
VictorOps receives data through a variety of mechanisms: email, webhook, or native integration. The one thing all of these mechanisms have in common is that the data is pushed, rather than pulled, into your timeline. VictorOps systems do not initiate connections to customer networks for the purpose of receiving alert data.
This means that the customer is ultimately in control of what data goes in to their VictorOps timeline. Our native integrations have methods for choosing which alert fields get passed to VictorOps, and our APIs can be used for alert delivery when a completely custom alert payload is required.
Of course, this also means that it’s important for customers to understand what data is included in an alert from their monitoring tools. For example, Nagios includes a large number of data fields in an alert payload, beyond what generally shows up in an alert email or SMS, and by default our Nagios plug-in passes all of that data into your timeline.
By reviewing monitoring tools and their output, customers can ensure that they’re not passing highly sensitive data to VictorOps. For example, a customer may choose to leave IP Address information out of alerts, or transform other identifying data before it’s sent, so timeline data can’t be used to aid in an attack.
The VictorOps Transmogrifier enterprise feature can be used to add, delete, or change the content of fields in your alert payload. You should understand, however, that raw alert data is still committed to our database in its original form. It is therefore important that, when doing alert data transformations for security or privacy, it should be done before the alert is delivered to VictorOps.
Another big source of data in a VictorOps timeline are the chat messages that users type in through the web UI or a mobile client. Chat integrations with tools like Slack and HipChat can also add a lot of data to a timeline.
It is important that users understand that messages typed into the timeline are going to a third-party platform. As with any third-party chat service, we encourage our customers to review relevant security policy with their VictorOps users, and ensure that people are not transmitting highly sensitive data, such as passwords, via the timeline.
VictorOps does not offer a method for users to “spot” remove data from their timeline. In this way VictorOps becomes a canonical reference for events that occurred in your network or platform. If needed, customers may request that their organization data be purged from the VictorOps databases, but individual timeline messages cannot be edited or removed.
As with any tool that has chat functionality, careful planning of your integrations, and clear communication with your staff, can ensure that highly-sensitive data does not make it in to your timeline. Stay tuned to our product announcements, as new data retention options are on the way.
VictorOps is a powerful tool for disseminating information and collaborating during incidents, and it works because data is accessible to your team, and immutable. Customers should consider the information being passed to VictorOps as part of an overall security and privacy strategy, and take steps to ensure that the information in their VictorOps timeline is accurate, relevant, and meets internal standards for information sent to third-parties.