Here at CEO Juice we understand that protecting your data is critical for the success of your company. In this document, we discuss the services that we provide, the level of access to your data that our software requires and the steps that we take to protect your data. We also discuss the expectations for your company to protect your data as well.
In order to get you the best experience and to present your data in the most efficient way possible to run your business, our services have been broken out into several mediums:
CEO Juice Core
The heart of our services is a task engine that is installed locally in your server. It schedules tasks that will extract data from your database, format it in a clear and easily readable way, and send it out via email to your specified recipients. It uses recipients as defined in your company’s subscriptions, which can be changed at any time on our subscription website. We only allow you to send to emails at a domain listed on your account with us, typically your company's main site.
SQL Server Reporting Services (SSRS)
When a simple email with a table of data is not enough to present data in a meaningful way, we use SQL Server Reporting Services (SSRS) to extract and transform data into a report. Many of these reports are still automated and sent as an attachment to an email to the subscribed recipients through Core However, another benefit is the ability for your users to run the reports on demand and modifying parameters to customize the report and see only the data that they need.
Web Apps (Lucee)
Our web apps are installed locally like Core and SSRS, but they function differently than the email alerts and reports as discussed above. They can serve many different functions: presenting a complex screen of information pulled in from multiple sources, mapping data in your database to a standard set of categories to support other reports, or enable users to clean up data in your database. Depending on the role of the app, it may require the ability to write back to your production database.
Business Intelligence / Dashboards
SSRS has its limitations when building complex reports, especially when using large datasets. To remedy this, we are expanding into applications like Power BI and ECi's Cognytics to present dynamic reporting and dashboards for your users to be able to easily see and understand your data while being able to filter and drill into more data.
Keeping your data safe
Access to your data
In order to offer the best possible service, we require access to your database through SQL Management Studio and through the e-automate UI. This is so we can troubleshoot and verify our reports in the event that your team has any questions on the output we provide them. Our team of experts are trained to never change anything in your production database unless explicitly given permission from your team. One exception may be creating custom properties in e-automate that are required for an alert or report.
We use a separate database to protect the integrity of your production databases, typically called CEOJuice, to place any of our custom stored procedures, tables, views, and functions. e-views and custom reports in e-automate’s Report Console require objects to be created in the production database, but they will reference the CEOJuice database. We will always prefix these objects with “ZCJ” so that you know they are custom objects.
Technologies we use
We will work with you when it comes to logging into your server, but our preferred method for remote access is using LogMeIn. LogMeIn is a secure remote access platform that allows us to log into a server without any extra configuration to networks and firewalls. It provides 2-factor authentication for a secure login for our users and a remote access audit log so that we can see which users may have accessed a remote system in a given period and their duration. To find more information on security within LogMeIn, please see https://documentation.logmein.com/documentation/EN/pdf/common/LogMeIn_SecurityWhitepaper.pdf
Web Services / AWS
We have a few services that will send data up to our servers via web services and stored in our databases. In these cases, we have web service / API end points that are secured using HTTPS during transmission. We use AWS to host our systems which is fully SOC 2 compliant. See here for more information: https://aws.amazon.com/compliance/soc-faqs/
The heart of our service is our task engine, Core. It is installed on your server and runs our tasks and reports on schedule and sends them out to recipients as defined in your subscriptions. It uses many built-in Microsoft technologies such as OLEDB and ODBC drivers and SSRS runtime. It can be configured to work within your network's set up.
As described above, our software and the majority of our services are installed directly on your servers. This means that you are in control of your data and responsible for keeping your data secure and available. Depending on the number of alerts/reports/tasks you have subscribed, our services may add a considerable load on your SQL Server, so it is important that your databases are properly indexed, and SQL Server is tuned to efficiently handle the increased load. We can assist in reviewing any tuning practices, but it is your responsibility to ensure that you are properly backing up your databases and running regular maintenance to keep the database running efficiently. We do not assume any responsibility for backing up databases or scheduled maintenance on your servers.
Any login that we require for our services (i.e. Windows/Domain, SQL Server, SMTP, e-automate) should follow your network/password policies. Although we may ask for a login with a password that does not expire, you are responsible for setting the policy for the logins.
The latest OLEDB and ODBC drivers from Microsoft support using TLS 1.2 should you decide to disable all communication using TLS 1.0/1.1 due to the security vulnerabilities these protocols. Our task engine also fully supports TLS 1.2. You are responsible for setting the policies for TLS 1.2 and deciding if you will disable TLS 1.0 and TLS 1.1.
Core, our task engine, connects to your SMTP server in order to send emails. It can be configured with multiple authentication types and with or without secure connections. It is your responsibility to set your SMTP policies and whether to require a secure connection in order to send emails out of your system. Depending on your email configuration, you may also be responsible for managing Send As permissions for the account that we use to authenticate to your SMTP server.
Anti-Malware and Server Updates
You are responsible for any Windows Server, SQL Server, or anti-malware updates required on the server on which our software resides. These updates should follow the same policies that apply to the rest of your network.
Securing your data is a team effort when you partner with CEO Juice. We are securing data with up-to-date methods when transmitting and storing data in our servers. However, your network, update, and any other security policies/practices are essential to protecting your data.