Deployment Model Responsibility
The diagram below outlines responsibility by layers across the major cloud deployment models versus an on-premise implementation. These deployments are not exclusive, and an enterprise deployment of the ArcGIS platform could use multiple models such as an on-premise implementation supplemented with ArcGIS in the cloud in a hybrid approach.
CSP: Cloud Service Provider
ATO: Authority To Operate
ArcGIS Online is a secured, reliable geographic information system (GIS) delivered using the software-as-a-service (SaaS) model. ArcGIS Online services are elastic, available on demand, managed by Esri, and accessed by a client running on a wide range of platforms. They can be shared and utilized by many customers and offer security benefits.
For any comments or concerns, email us at: SecureSoftwareServices@esri.com.
General overview of security in ArcGIS Online (.pdf)
Detailed security answers for information security professionals (.pdf)
ArcGIS Online Service Level Agreement (.pdf)
ArcGIS Online Terms of Service
- Background investigations are performed against all employees.
- Access to customer database information is limited to select operation team members.
- Ownership—Customers retain intellectual property rights for data published through Esri cloud offerings. Esri and third-party data can be incorporated into web applications using ArcGIS Online, Esri Business Analyst Online, and others.
- Multitenancy—Each data record within multitenant storage is stamped with the ID of the owning subscription to ensure organization data is accessible only by the organization's users.
- Features—Each organization has its own logically separated database, providing isolation of stored features.
- Extract—Data publishers can extract and download data to their organization via shapefiles or CSVs. Also, the original publication package can be downloaded to an organization.
- Deletion—The data owner controls when and what to delete, whether it's the removal of features or the publication package. Deleted information is not left in a recycle bin; once the owner deletes it, it's gone.
The following features are engineered by Esri as part of the core ArcGIS Online software platform:
- Roles—Four ArcGIS Online organization roles exist, that is, user, publisher, custom and administrator.
- Users can add items, create web maps, share content, and participate in groups.
- Publishers are users that can publish hosted services from feature or tiled map data.
- Custom roles provide greater flexibility and granularity in assigning privileges to members of your organization.
- Administrators utilize a web-based administration interface to manage users, groups, permissions, and organization-wide security features:
- Easily configure TLS (Transport Layer Security) and HTTPS to enforce confidentiality of all information as it crosses the Internet.
- Restrict anonymous access to organization data.
- Enterprise Logins— For authentication, enterprise logins are now supported via SAML 2.0 providing federated identity management. Developers can utilize OAuth 2-based APIs to manage user and app logins.
- Sharing—User-added content is only accessible by users and groups that users explicitly share content with. By default, items are private and only accessible by the user adding content.
- Server—Secured ArcGIS 10 Server Service Pack 1 (SP1) and later services can be incorporated into maps.
- Development—ArcGIS Online utilizes software development coding best practice techniques, that is, the use of static code analysis software, testing/code review, and more.
- User identity is established through a login process that always takes place over HTTPS to ensure industry-standard encryption of sensitive information.
- Subsequent access requires authentication tokens over HTTP or HTTPS, as chosen by the administrator.
Advanced deployment options
For organizations that want to make use of ArcGIS Online but prevent storing sensitive data in the cloud, a hybrid approach is a common solution. ArcGIS Online can be used to for dissemination and discovery of services, while the organization can leverage their own infrastructure for hosting sensitive data.
For organizations that require complete segmentation of their solution from the Internet or do not allow distributed multitenant environments such as ArcGIS Online, the on-premises Portal for ArcGIS meets this requirement of high security needs by running inside corporate firewall environments.
Esri has consistently invested in stronger ArcGIS security and has been providing Managed Services for over 10 years, including FISMA accredited implementations such as the Geospatial One-Stop and ArcGIS Online.
Strengthened Corporate, Product and Services Security
Corporate security has substantially augmented resources assigned to protecting Esri IT infrastructure and services. A Security Standards and Architecture team has also been established to drive secure products and services including: best practice workshops, validation, and documentation for customers, partners and regulators.
Moving geospatial services to the cloud requires serious consideration of security issues and technology. Cloud computing is indeed complex; however, by utilizing a secured backbone of both industry-leading cloud providers and geospatial services, ArcGIS Online is able to provide the security organizations need.