PwrSmart Service Security and Privacy



The information in this article applies to PwrSmart Service.


PwrSmart Service is a simple, automated PC power management solution that centrally controls PC power settings and energy consumption – from the cloud. This document answers some frequently asked questions about the security and privacy of PwrSmart Service.

Architecture

PwrSmart Service is a web application running on cloud-based servers provisioned by New Boundary Technologies. This architecture is very similar to other online services such as Salesforce.com, Webex, GoToMeeting, etc.

PwrSmart Service administrators manage power schemes, analyze savings and run reports using the application’s web console.  Power settings on individual computers are enforced by the PwrSmart agent that is installed on managed PCs. Agents communicate with PwrSmart Service over HTTPS.

Is communication between the agents, the web console and the PwrSmart Service secure?

Yes.  All communication in PwrSmart Service occurs over industry standard SSL (Secure Sockets Layer), which is the same standard used for internet banking and online purchasing at sites such as Amazon.com. SSL communication is used between the PwrSmart web console and the service, as well as for all communication between the agents and the service.  

The advantage of SSL is added security.  For example, if a PwrSmart user accesses the web console on a non-secure Internet connection such as a public wireless or non-encrypted network, SSL provides data encryption and secure server identification of the PwrSmart server, which prevents hijacking and data theft.

How is login access controlled?

PwrSmart Service provides an Authentication Service. Logins are controlled through this service using a strict password policy and a limited number of retries.   When customers first subscribe, they are given an administrative login associated with their email address. After logging in with that administrative account, the user can change the password. The administrative user can also choose to create other logins and assign roles to those logins.

What roles are supported?

There are four roles that can be assigned to login accounts:

Administrator – Full control, all functions

Power Manager – Same as Administrator but without User Management functions

Power Analyst – View power schemes and their assignments, view groups and their members, view and modify power assumptions, analyze energy savings and energy trends, run reports, customize dashboard elements, wake computers remotely.

Remote Wake – Users with this role are only allowed to wake designated machines using the Remote Wake web app. They cannot log into the PwrSmart Service management console.

Who can gain access to my data?

New Boundary Technologies PwrSmart Service support team members have access to your database for troubleshooting purposes and administrative assistance.  All customer passwords and password reminder answers are stored in an encrypted, non-readable format in the database so that no one from New Boundary Technologies can see them.

Do 3rd parties have access to my organization’s data?

No.  New Boundary Technologies does not share any data with third parties.

What data is transmitted and stored?

The agents transmit power state status information (e.g., PC entering a suspended state) on both an event-driven and periodic basis. No personal information is permanently stored.

The computer information that is transmitted when the subscribed computer checks in with PrwSmart Service includes:

·                 Active Directory name (if the computer is part of an Active Directory network, otherwise just its computer name)

·                 Current IP address

·                 Subnet mask

·                 MAC address

·                 Last logged on user name (transmitted to the DB but not displayed; overwritten when login status changes)

How long does New Boundary Technologies keep my organization’s data?

As a subscriber to PwrSmart Service, your data is stored and archived on a regular basis.  If you stop subscribing to PwrSmart Service, New Boundary Technologies will maintain your data for an additional 45 days before deleting it, in case you would like to reactivate your subscription.


Is my organization’s data safe from other customers’ data?

Yes.  Each customer has its own database to which only that customer has access.

How do you protect my data at the physical facility?

The cloud server provider used by New Boundary Technologies for PwrSmart Service has been certified with SAS 70 Type II as well as its successor certification SSAE 16 SOC 1 . The datacenter’s control activities and processes have been audited by a third party to ensure the datacenter’s compliance with these standards.

 

 

Remote Wake is a trademark of New Boundary Technologies, Inc. New Boundary Technologies and PwrSmart are registered trademarks of New Boundary Technologies, Inc.  All other brands and product names are trademarks or registered trademarks of their respective companies.