Computing and Storage Practices

NICE offers many computing and storage practices to protect your stored data. These practices include system management with System Development Life Cycle, as well as storage and infrastructure encryption. You can learn more about NICE storage practices on the Data Processing and Storage page.

System Development Life Cycle (SDLC)

NICE uses a variety of technologies and languages to develop system processes. Secure development practices are required throughout the organization. The SDLC establishes the procedures used to meet that policy requirement. It addresses three main concerns:

  • Education

  • Continuous process improvement

  • Accountability

The role of the SDLC is to serve as the highest-level outline of development process and requirements. It is the parent of any other team-specific documents.

The NICE SDLC simplifies Microsoft's SDLC into the following:

  1. Security Training

  2. Planning

  3. Implementation

  4. Validation

  5. Release

  6. Maintenance

The Microsoft SDLC defines seven phases. The first and last phases are used continuously. The remaining five are only used for each new feature change. The following table shows these phases as sequential, but they can occur at the same time for different changes.

1. Training

2. Requirements

3. Design

 4. implementation 5. verification 6. Release 7. Response
Core Security Training Establish Security Requirements Establish Design Requirements Use Approved Tools Dynamic Analysis Incident Response Plan Execute Incident Response Plan
  Create Quality Gates and Bug Bars Analyze Attack Surface Deprecate Unsafe Functions Fuzz Testing Final Security Review  

 

 Security & Privacy Risk Assessment Threat Modeling Static Analysis Attack Surface Review Release Archive  

For more information about your specific implementation path and support model, check with your Account Representative. Models sometimes change depending on use case design. Documentation of these models may not consider all exceptions and may lag behind changes.

Storage and Infrastructure Encryption

NICE has encryption guidelines in place to protect your data.

NICE uses Amazon AWS S3 data storage services. These services encrypt data at the file level. They also use AWS Key Management Services (KMS) to protect encryption keys. AWS KMS provides cryptographic keys and operations scaled for the cloud. You can use them to protect user data in your applications. If your organization has its own KMS, you can use it in your tenant.

AWS KMS is used to access a multi-tenant, hardened security appliance (HSA). The interface can be used to generate and manage cryptographic keys. It can operate as a cryptographic service provider for protecting data. It offers traditional key management services integrated with AWS services to provide a consistent view of tenants' keys across AWS, with centralized management and auditing.

AWS provides details about its key management and cryptographic details in a white paper you can download from the AWS website.