SPSS Statistics

Hi,

Does SPSS statistics support :

SSO integration with google workspace (yes/no)

1. 1. Data encryption at rest and in transit (yes/no)
   2. 2FA (yes/no)
   3. Role based access scheme (yes/no)
   4. Log integration with SIEM (yes/no)
   5. Password policies (length, combination, account lockout, etc) (yes/no)
   6. Session timeout (yes/no)
   7. Segregation of duties workflow (yes/no)
   8. Malicious account monitoring (yes/no)
   9. Virus file scanning (yes/no)
   10. Data masking

------------------------------
Bagus Bronto Sie
------------------------------

#SPSSStatistics

Hi. I didn't know the answers to these, so I passed your questions to my colleagues and got these responses:

• SSO integration with google workspace (No)
• Data encryption at rest and in transit (Yes, if he is referring to the IBM SPSS Subscription version's license server data, but not the data used on local machine)
• 2FA (Yes, if he's referring to IBM SPSS Subscription version and is using an IBMID)
• Role based access scheme (No. Either you have access or you don't.)
• Log integration with SIEM (No)
• Password policies (length, combination, account lockout, etc) (Yes, if he's referring to IBM SPSS Subscription using an IBMID)
• Session timeout (No; IBMID login has a session but if he is already logged in, then the local application does not have session)
• Segregation of duties workflow (Yes, if he's referring to the IBM SPSS Subscription license service; the on-prem application does not have it)
• Malicious account monitoring (Yes, if he's referring to IBM SPSS Subscription using an IBMID; again, the on-prem version does not have it)
• Virus file scanning (Yes, we do code scan, app scan, open source scan )
• Data masking (No) (One can obfuscate .SAV files on disk via encryption, but there is no substitution of in-memory data, a la traditional masking techniques.)

------------------------------
Rick Marcantonio
Quality Assurance
IBM
------------------------------

Original Message:
Sent: Mon November 29, 2021 07:43 PM
From: Bagus Bronto Sie
Subject: SPSS Statistics security related

Hi,

Does SPSS statistics support :

SSO integration with google workspace (yes/no)

1. 1. Data encryption at rest and in transit (yes/no)
   2. 2FA (yes/no)
   3. Role based access scheme (yes/no)
   4. Log integration with SIEM (yes/no)
   5. Password policies (length, combination, account lockout, etc) (yes/no)
   6. Session timeout (yes/no)
   7. Segregation of duties workflow (yes/no)
   8. Malicious account monitoring (yes/no)
   9. Virus file scanning (yes/no)
   10. Data masking

------------------------------
Bagus Bronto Sie
------------------------------

#SPSSStatistics

Hi Rick,

Thanks,
Another question comes -up this morning ;

1. Security setup and practices on IBM SPSS 
1. WAF (yes/no)
2. DDoS (yes/no)
3. API security features (yes/no)
4. High availability and redundancy setup (yes/no)
5. File integrity monitoring (yes/no)
6. Security process to respond to incidents (yes/no)
7. Multi-tenancy security (yes/no)
8. Secure and audited access to customer data (yes/no)
9. Bug bounty program (yes/no)
10. What is your SLA? (yes/no)
11. Do you have local support in asia? (yes/no)
2. Hosting of the app/system: (choose one) cloud/onpremises/SaaS
3. Location of hosting?
4. Vendor security certification (multiple choices)
1. SOC1/2 (yes/no)
2. PCI DSS (yes/no)
3. ISO 27001 (yes/no)
4. SOX (yes/no)

Best regards,
Bagus

------------------------------
Bagus Bronto Sie
------------------------------

Original Message:
Sent: Tue November 30, 2021 09:44 AM
From: Rick Marcantonio
Subject: SPSS Statistics security related

Hi. I didn't know the answers to these, so I passed your questions to my colleagues and got these responses:

• SSO integration with google workspace (No)
• Data encryption at rest and in transit (Yes, if he is referring to the IBM SPSS Subscription version's license server data, but not the data used on local machine)
• 2FA (Yes, if he's referring to IBM SPSS Subscription version and is using an IBMID)
• Role based access scheme (No. Either you have access or you don't.)
• Log integration with SIEM (No)
• Password policies (length, combination, account lockout, etc) (Yes, if he's referring to IBM SPSS Subscription using an IBMID)
• Session timeout (No; IBMID login has a session but if he is already logged in, then the local application does not have session)
• Segregation of duties workflow (Yes, if he's referring to the IBM SPSS Subscription license service; the on-prem application does not have it)
• Malicious account monitoring (Yes, if he's referring to IBM SPSS Subscription using an IBMID; again, the on-prem version does not have it)
• Virus file scanning (Yes, we do code scan, app scan, open source scan )
• Data masking (No) (One can obfuscate .SAV files on disk via encryption, but there is no substitution of in-memory data, a la traditional masking techniques.)

------------------------------
Rick Marcantonio
Quality Assurance
IBM

Original Message:
Sent: Mon November 29, 2021 07:43 PM
From: Bagus Bronto Sie
Subject: SPSS Statistics security related

Hi,

Does SPSS statistics support :

SSO integration with google workspace (yes/no)

1. 1. Data encryption at rest and in transit (yes/no)
   2. 2FA (yes/no)
   3. Role based access scheme (yes/no)
   4. Log integration with SIEM (yes/no)
   5. Password policies (length, combination, account lockout, etc) (yes/no)
   6. Session timeout (yes/no)
   7. Segregation of duties workflow (yes/no)
   8. Malicious account monitoring (yes/no)
   9. Virus file scanning (yes/no)
   10. Data masking

------------------------------
Bagus Bronto Sie
------------------------------

#SPSSStatistics