The key components include:
1. Infrastructure and Operating system,
2. Core software components, and
3. MetricStream Web application
MetricStream’s security architecture is based on a Shared Responsibility model. Infrastructure, Operating System, and Core software components are MetricStream’s responsibility. MetricStream leverages a well-architected ‘security in layers’ design, vendor/ OEM updates, VA/PT, and Bitsight scans to maintain and enforce robust controls.
By the very nature of the application’s configurability, extensions, and customizations, responsibility for MetricStream’s Web Application security is shared between Customers and MetricStream. The MetricStream Web Applications are designed with Secure SDLC principles and validated via Application Pen testing at every release.
MetricStream Cloud leverages a multi-instance model (not multi-tenant) so customers can plan software upgrades independently. Customers have two possible upgrade paths to maintain software currency with security improvements and features of the MetricStream Web Application:
- 1. Upgrade to the latest version of the platform and applications as soon as they are released. Customizations and extensions need to be considered during the upgrade process.
- 2. Customers do not have to upgrade at every release; however, customers should upgrade at least once a year to the current release to take advantage of feature and security improvement. If customers do not upgrade annually, they run the risk of not exploiting these improvements and potentially running on unsupported software.