At Cityworks, A Trimble Company (“Cityworks”), our goal is to deliver highly available, scalable, and secure products and services that you can rely on to efficiently manage your public assets. Cityworks Online (CWOL) provides a cloud-hosted, GIS-centric enterprise platform that enables streamlined access from any device. This allows users to connect and collaborate from virtually anywhere while freeing up critical IT resources. Cityworks Online is scalable and adaptable to any size of local government or utility agency and provides the flexibility to create agile and simplified IT solutions. CWOL is hosted on Amazon Web Services (AWS).
Cityworks Online Cloud Architecture
Amazon Web Services
Currently, Cityworks hosts its assets and data in Amazon Web Services.
- Amazon Web Services (AWS) is designed to deliver a flexible, reliable, scalable, and secure cloud computing environment with high-quality global network performance.
- AWS data centers are state of the art and provide many protections such as fencing, security guards, intrusion detection and more.
- AWS provides secured data centers all around the world.
- AWS data centers are protected from unauthorized physical access and environmental hazards by a range of security controls.
- The AWS platform offers exceptionally high-security compliance, including certifications like ISO27001, SOC 2, and FedRAMP.
For more information on AWS Infrastructure and Policies please click on the following links:
Availability and Service Level Agreement
We continually monitor the performance of our services to prevent possible incidents. We consolidate views from log parsing, infrastructure monitoring, and application performance management (APM). The Cityworks Service Level Agreement (SLA) uptime targets are 99.9% per quarter. Service credits are available at each renewal. Please see SLA for complete details.
Disaster Recovery
Cityworks ensures all its services have disaster recovery plans in place covering disaster prevention and recovery. Cityworks aims to provide a robust recovery plan should any disaster occur while taking all possible steps to prevent such a situation. Our prevention and recovery plans:
- Reduce the likelihood of a disaster.
- Implement contingency plans to restore partial or full service as soon as possible after an incident has occurred.
- Document a clear communication strategy to keep all those involved (especially customers) informed of the situation as it develops.
Cloud Security
Cloud and data security are shared responsibilities between the cloud infrastructure provider and the client utilizing the cloud solution.
In our case, it means that we trust Amazon Web Services to manage the security of the cloud infrastructure, and we are responsible for the security in the cloud environment.
At Trimble, we ensure infrastructure security and high availability of our cloud solutions by implementing and applying industry best practices.
These practices include hardened hosts with scheduled patching, isolated VPC, data encryption, role-based access control, and security groups.
We utilize managed services like AWS Shield. We have 24×7 SOC teams for monitoring alerts in our solutions. You can read more about cloud security in AWS Whitepapers & Guides.
Data Access Control
Cityworks Online segregates its customers’ data physically in unique databases per customer. Each customer is provisioned with a Microsoft SQL Server database that isolates them from other accounts. The customer’s end users are then created by the customer’s admin.
The customer’s admin can only create users in their specific database. This structure drives the segmentation of the data and the security controls across the application.
The Cityworks product is architected with user-based security groups. This security model allows administrators to control access to data through workflow permissions. Cityworks manages permissions with the configuration of groups and handles exceptions at the user level. Users are placed into a group and inherit the access and workflow permissions granted to that group.
An additional layer of security is provided through controlling the visibility of specific fields for each user and group.
Cityworks restricts access to its premises and customer data and protects its source code repositories by using, among other measures, multi-factor authentication to access production systems.
Encryption of Data
All data at rest is encrypted. Encryption in transit is enforced for the data in transit, giving industry-standard levels of security available for data transmission over the internet.
We rely on AWS technology to achieve encryption of the databases and the document file store.
Transport Layer Security protects all our HTTPS endpoints.
Our web services are forcing secure transport thanks to HTTP Strict Transport Security (HSTS).
Data-in-transit and at-rest encryption uses the AES256 standard.
Reporting Database Replication
Cityworks Online deployments include a real-time, read-only replica reporting database which accesses the production data through a one-way sync. The reporting database can be used with 3rd party reporting tools that require direct database connections, such as Insights for ArcGIS, Crystal Reports, SQL Reporting Services, Microsoft Power BI, etc.
Sandbox Option
Customers have the option to add one or more sandbox environments to Cityworks Online. The sandbox environment provides a secure location where administrators can test custom configurations and become familiar with updates before they are pushed to production.
Cityworks Single Sign-On
Cityworks Single Sign-On (SSO) is an integration feature that allows users to sign in to Cityworks applications with an Esri identity through ArcGIS Online or ArcGIS Portal.
It allows users to authenticate with their Esri identity by using the industry-standard protocol OAuth 2.0.
Since ArcGIS becomes the authentication authority, users will inherit all the login features that ArcGIS provides.
ArcGIS supports all SAML 2.0 compliant identity providers. When you configure ArcGIS to utilize a SAML-compliant identity provider, Cityworks is effectively able to utilize the identity provider as well, through its integration with ArcGIS.
Multi-Factor Authentication
ArcGIS supports Multi-Factor Authentication, which requires users to validate their authentication using two or more items of evidence. By utilizing Cityworks Single Sign-On, customers can achieve MFA by logging in with their MFA-enabled Esri identity.
If ArcGIS is configured with a SAML-compliant identity provider, MFA will be handled by the identity provider.
MFA works by entering a username, password, and code provided by an authenticator service like Google Authenticator (Something you are, Something you know, Something you have).
Data Backups
We actively maintain data backups so that in the event of data corruption, inconsistency, or loss, we can restore data as quickly as possible.
Backups are maintained separately from the primary data repository within the same geographical region. Backups are also copied to a different region to enable disaster recovery.
Our backups allow us to restore a database to any point in time in the last 35 days or monthly for two years after that.
Backups for attachments and other file system data are kept hourly for one week, daily for 35 days, and monthly for two years.
We can provide an ad-hoc database backup in the form of a Microsoft SQL Server Database .bak file as requested by the customer. However, customers are not expected to keep a secondary backup of their data.
Data Retention
Data is retained for 30 days after contract termination. At the end of that period, the customer database is deleted from the server and the application documents are removed from the file store. The database information will still be part of previous database backups until the standard backup retention period (two years after deletion).
Data Deletion
After contract termination, if requested by the customer, we provide a copy of customer data in the form of a Microsoft SQL Server Database .bak file and the archive of application documents stored as part of the customer account.
Application Updates
Updates to Cityworks products will be performed by Cityworks staff. We will provide at least 30 days notice before major version updates, and we will wait for the service pack release. For minor version updates, we will provide two weeks notice. Updates can be applied to the Sandbox site during the notification period in order for organizations to test the upcoming release with their specific integrations and workflows.
Compliance
At Cityworks, we include security throughout the whole development lifecycle. We utilize industry standards wherever possible to ensure consistency and best practices across the organization and in all the products and services we deliver.
Within the Trimble Secure Development Life Cycle (TSDLC) framework, we ensure that security is embedded and operationalized so that our deliverables will meet consistent security levels. Equally important, we monitor and manage infrastructure and environments. These tools include identity and access management, vulnerability management, and intrusion detection solutions on our networks and systems.
These tools, complemented with appropriate incident response, work together to ensure security for our customer solutions. Within the Trimble Secure Development Life Cycle framework, we review our cloud infrastructure and processes according to industry best practices.
We are continuously executing 24×7 security monitoring, vulnerability scanning, intrusion detection, dynamic and static analysis, and open-source analysis of our solutions.
We perform application security assessments both ourselves and by utilizing third-party security experts.
Vulnerability Scanning
We use vulnerability scanning tools to expose security vulnerabilities in our cloud-based systems.
These tools allow us to identify and fix vulnerabilities—including software flaws, missing patches, malware, and misconfigurations across various operating systems, devices, and applications.
Third-Party Component Analysis
Like most software providers, many of our software products include underlying components from third-party suppliers that are necessary building blocks for our software.
We use third-party component analysis tools to scan these components to check if there are newer versions or patches available, check for any known vulnerabilities, and confirm licensing compliance.
Intrusion Detection
In a world of increasingly sophisticated cyberattacks, Cityworks employs intrusion detection tools to detect attacks on our cloud service endpoints (points of access) and our internal systems.
Static Source Code Analysis
Static code analysis is the analysis of computer code directly, i.e., without actually executing programs. Analysis of source code is a useful method of detecting security threats in the system before it is deployed and released.
Dynamic Code Analysis
Dynamic analysis is typically used in association with static code analysis and looks at a “live” or “staged” system as opposed to the code directly.
Antivirus
Cityworks provides features that allow customers to upload files and data in various forms. We employ antivirus scanning tools to check data for known malware and remove or quarantine data.
Cybersecurity Awareness
A prerequisite for developing secure solutions is understanding the threat landscape in which the service is operating. In Trimble, threat modeling is one of the core guiding principles when designing and developing our solutions.
We regularly update our knowledge about cybersecurity topics and share awareness about cybersecurity threats among all parties responsible for managing and developing our solutions. As a baseline, all employees attend mandatory cybersecurity training sessions. Solution architects and developers participate in specialized cybersecurity training sessions addressing threats specific to the product developed by Cityworks.
External Certifications
SOC 2 Type 1
Cityworks Online has undergone a SOC 2 Type 1 examination and was evaluated against these Trust Service categories: Security, Availability, Processing Integrity, and Confidentiality.
The examination was performed by an external auditor, Schellman & Company, LLC, on November 30, 2022. We are committed to performing the examination annually. We will be engaging in SOC 2 Type 2 and ISO 27001 examinations in 2023.
Disclaimer
The cloud architecture and services detailed herein are subject to change at the discretion of the Cityworks Cloud Solutions Team. We will update this document and provide transparency into any future changes.
Table of Contents
Add a header to begin generating the table of contents