Eloqua Security & Privacy Security, Transparency, and Trust

(1)

TECHNICAL OVERVIEW

Introduction IntroductionIntroduction

Introduction ... 2...222 People, Policies, and Expertise

People, Policies, and ExpertisePeople, Policies, and Expertise

People, Policies, and Expertise ... 3...333 Privacy Policy

Privacy PolicyPrivacy Policy

Privacy Policy ... 3... 333 Security in the Data Center

Security in the Data CenterSecurity in the Data Center

Security in the Data Center ... 5555

A. Data Center Security... 5

B. Server Security ... 5

C. Application Security ... 6

D. System Monitoring ... 6

E. Network Security ... 7 Security at the Desktop

Security at the DesktopSecurity at the Desktop

Security at the Desktop ... 7777 Benefits Summary

Benefits SummaryBenefits Summary

Benefits Summary ... 8...888

Eloqua Security &

Privacy

Security, Transparency, and Trust

Eloqua prides itself on providing the highest standards for security and privacy, ensuring best-in-class levels of service for its customers. Eloqua is able to deliver enterprise-grade security to all customers large and small through a combination of leading edge technology, internal expertise, and leading third-party technology and certification partners.

(2)

IIIIntroduction

ntroduction

A revenue performance management platform is an investment in a critical element of an enterp

customers and prospects for risk. This

platform that is both secure a zero known

As a Software system, data

Eloqua has implemented several key mechanisms and best practices to meet or exceed the security requirements

• Best practices and product.

• Industry

• A comprehensive “Defense in Depth” strategy

security approach that ensures data is protected from disposal.

Eloqua also

complete transparency, system published regularly on system availability TECHNICAL OVERVIEW

ntroduction

A revenue performance management platform is an investment in a critical element of an enterprise technology portfolio. Because every interaction with your customers and prospects can have a significant business impact

for risk. This overview outlines how Eloqua delivers an enterprise

that is both secure and reliable. To date, Eloqua maintains a record of zero known back-end security breaches.

As a Software-as-a-Service provider, Eloqua takes on the onus of most

data, and application security. To ensure the highest levels of service, has implemented several key mechanisms and best practices to meet or exceed the security requirements of small and large enterprises.

Best practices are embedded in the design and configuration of the network and product.

Industry-leading partners and products help ensure a secure, reliable platform. omprehensive “Defense in Depth” strategy represents

security approach that ensures data is protected from creation disposal.

also believes that transparency is critical to maintaining trust. To establish transparency, system performance and reliability

regularly at trust.eloqua.com. Here you can find up to date information system availability, deliverability performance and transaction volumes

> > > > Security & PrivacySecurity & Privacy Security & PrivacySecurity & Privacy 2222

A revenue performance management platform is an investment in a critical rise technology portfolio. Because every interaction with your

can have a significant business impact, there is no room outlines how Eloqua delivers an enterprise-class business

nd reliable. To date, Eloqua maintains a record of

Service provider, Eloqua takes on the onus of most of the and application security. To ensure the highest levels of service, has implemented several key mechanisms and best practices to meet or

large enterprises.

embedded in the design and configuration of the network

a secure, reliable platform. represents a multi-faceted

creation to final

maintaining trust. To establish information are

. Here you can find up to date information transaction volumes.

(3)

People, Policies, and Expertise

Security begins with people. Eloqua puts a significant emphasis on policies, procedures and expertise as vital

includes not onl

security policies and governance under which that team operates. Eloqua’s security team is headed by

as the Chief Privacy and Security Officer for the

Dennis has more than 17 years of experience combating spam and security issues, as well as improving email delivery through industry policy, ISP relations and technical solutions.

connections to help Eloqua's customer compliance.

Previously, Dayman worked for StrongMail Systems as Director of Deliverability, Privacy, and Standards. He served in the Internet Security and Legal compliance division for Verizon Online as a senior consultant at Mail Abuse Prevention

Systems (MAPS) after starting his career as Director of Policy and Legal External Affairs for Southwestern Bel

longstanding member of several boards within the messaging industry, including the Board of Director’s Messaging Anti

Against Unsolicited Commercial Email (CAUCE), Internat

Privacy Professional (IAPP) educational board, Email Sender and Provider Coalition (ESPC), and Email Experience Council (EEC). Dayman is actively involved in creating current Internet and telephony regulations, privacy policies and anti-spam legislation laws for state and federal governments.

Privacy Policy

Data privacy is a

is publicly available and can be found at

this policy Eloqua has forged partnerships and completed certifications from some of the leading

TECHNICAL OVERVIEW

People, Policies, and Expertise

Security begins with people. Eloqua puts a significant emphasis on policies, procedures and expertise as vital elements in the security framework. This includes not only the team that administers and provisions the platform, but the security policies and governance under which that team operates.

Eloqua’s security team is headed by industry veteran Dennis Dayman as the Chief Privacy and Security Officer for the organization’s

Dennis has more than 17 years of experience combating spam and security issues, as well as improving email delivery through industry policy, ISP relations and

cal solutions. In his current role, Dennis applies his experience and industry connections to help Eloqua's customers maximize their delivery rates and

compliance.

Previously, Dayman worked for StrongMail Systems as Director of Deliverability, d Standards. He served in the Internet Security and Legal compliance division for Verizon Online as a senior consultant at Mail Abuse Prevention

Systems (MAPS) after starting his career as Director of Policy and Legal External Affairs for Southwestern Bell Global (now AT&T). Dennis also serves as a

longstanding member of several boards within the messaging industry, including the Board of Director’s Messaging Anti-Abuse Working Group (MAAWG), Coalition

Unsolicited Commercial Email (CAUCE), International Association of Privacy Professional (IAPP) educational board, Email Sender and Provider Coalition (ESPC), and Email Experience Council (EEC). Dayman is actively involved in creating current Internet and telephony regulations, privacy policies

spam legislation laws for state and federal governments.

Privacy Policy

Data privacy is another cornerstone of the security policy. Eloqua’s priva available and can be found at eloqua.com/about/privacy

Eloqua has forged partnerships and completed certifications from some of the leading organizations on the subject of privacy. These include:

Security begins with people. Eloqua puts a significant emphasis on policies, in the security framework. This administers and provisions the platform, but the security policies and governance under which that team operates.

Dennis Dayman, who serves organization’s privacy program. Dennis has more than 17 years of experience combating spam and security issues, as well as improving email delivery through industry policy, ISP relations and

, Dennis applies his experience and industry maximize their delivery rates and

Previously, Dayman worked for StrongMail Systems as Director of Deliverability, d Standards. He served in the Internet Security and Legal compliance division for Verizon Online as a senior consultant at Mail Abuse Prevention

Systems (MAPS) after starting his career as Director of Policy and Legal External l Global (now AT&T). Dennis also serves as a

longstanding member of several boards within the messaging industry, including Abuse Working Group (MAAWG), Coalition

ional Association of Privacy Professional (IAPP) educational board, Email Sender and Provider Coalition (ESPC), and Email Experience Council (EEC). Dayman is actively involved in creating current Internet and telephony regulations, privacy policies

spam legislation laws for state and federal governments.

cornerstone of the security policy. Eloqua’s privacy policy eloqua.com/about/privacy. To augment Eloqua has forged partnerships and completed certifications from some

(4)

SAS 70 TYPE II SAS 70 TYPE IISAS 70 TYPE II SAS 70 TYPE II

successfully completed both the Type I and Type II Statement of Auditing Standards (SAS) 70 audits. The resulting Independent Service

Auditor’s Report concluded that Eloqua had inst

operational controls within these areas. In addition, all of Eloqua’s customer data is hosted with Verizon Business, a fully SAS 70 Type II audited data center. Eloqua is the only marketing automation provider to boast both

audited TRUSTe TRUSTeTRUSTe TRUSTe

the TRUSTe Privacy Seal Program. TRUSTe is an independent

organization whose mission is to

advance privacy and trust in the networked world. TRU

Eloqua’s privacy practices for compliance with their rigorous standards. Safe Harbor Privacy Framework

Safe Harbor Privacy FrameworkSafe Harbor Privacy Framework Safe Harbor Privacy Framework Eloqua participates in the EU Safe Harbor Privacy Framework as set forth by the United States

Department of Commerce. As part of the

dispute resolution for disputes relating to our compliance with the Safe Harbor Privacy Framework. This agreement allows companies in the EU to safely and legally transport data to

Eloqua’s data ce Messaging Anti Messaging AntiMessaging Anti Messaging Anti Group (MAAWG): Group (MAAWG):Group (MAAWG): Group (MAAWG):

recommends that anyone using

email either through its services or anywhere else should adopt the Messaging Anti

Communications Practices (BCP). With collabo

volume senders and Internet Service Providers, the new best practices recommend sender email technologies and subscription methods to improve deliverability rates for newsletters and permission

marketing. The complete Sen

document is available at the organization’s website at http://www.maawg.org/about/publishedDocuments

TECHNICAL OVERVIEW SAS 70 TYPE II SAS 70 TYPE II SAS 70 TYPE II

SAS 70 TYPE II: Eloqua has

successfully completed both the Type I and Type II Statement of Auditing Standards (SAS) 70 audits. The resulting Independent Service

Auditor’s Report concluded that Eloqua had instituted the effective operational controls within these areas. In addition, all of Eloqua’s customer data is hosted with Verizon Business, a fully SAS 70 Type II audited data center. Eloqua is the only marketing automation provider to boast both a SAS 70 Type II audited software platform

audited hosting facility. TRUSTe

TRUSTe TRUSTe

TRUSTe: Eloqua is a participant in the TRUSTe Privacy Seal Program. TRUSTe is an independent

organization whose mission is to

advance privacy and trust in the networked world. TRU

Eloqua’s privacy practices for compliance with their rigorous standards. Safe Harbor Privacy Framework

Safe Harbor Privacy Framework Safe Harbor Privacy Framework Safe Harbor Privacy Framework: Eloqua participates in the EU Safe Harbor Privacy Framework as set forth by the United States

Department of Commerce. As part

the participation in the safe harbor, Eloqua has agreed to TRUSTe dispute resolution for disputes relating to our compliance with the Safe Harbor Privacy Framework. This agreement allows companies in the EU to safely and legally transport data to

Eloqua’s data centers. Messaging Anti

Messaging Anti Messaging Anti

Messaging Anti----Abuse Working Abuse Working Abuse Working Abuse Working Group (MAAWG):

Group (MAAWG): Group (MAAWG):

Group (MAAWG): Eloqua recommends that anyone using

email either through its services or anywhere else should adopt the Messaging Anti-Abuse Working Group (MAAWG) Sender Best

Communications Practices (BCP). With collaborative input from both volume senders and Internet Service Providers, the new best practices recommend sender email technologies and subscription methods to improve deliverability rates for newsletters and permission

marketing. The complete Sender Best Communications Practices document is available at the organization’s website at

http://www.maawg.org/about/publishedDocuments.

ituted the effective operational controls within these areas. In addition, all of Eloqua’s customer data is hosted with Verizon Business, a fully SAS 70 Type II audited data center. Eloqua is the only marketing automation provider to

pe II audited software platform a SAS 70 Type II

advance privacy and trust in the networked world. TRUSTe monitors Eloqua’s privacy practices for compliance with their rigorous standards.

agreed to TRUSTe dispute resolution for disputes relating to our compliance with the Safe Harbor Privacy Framework. This agreement allows companies in the EU to

email either through its services or anywhere else should adopt the Abuse Working Group (MAAWG) Sender Best

rative input from both volume senders and Internet Service Providers, the new best practices recommend sender email technologies and subscription methods to improve deliverability rates for newsletters and permission-based email

der Best Communications Practices document is available at the organization’s website at

(5)

Security in the Data Center

Eloqua has constructed a compr critical touch

to the end-user

A. A.A.

A. Data Center SecurityData Center SecurityData Center SecurityData Center Security

Eloqua partners with Verizon Business

secure, reliable datacenter in Toronto. Verizon security protections that include:

• Physical SecurityPhysical SecurityPhysical SecurityPhysical Security

surveillance, with video feeds recorded and stored offsite.

independent biometric fingerprint scans and an electronic key with PIN code are required to access Eloqua’s secure equipment cage.

• Environmental SecurityEnvironmental SecurityEnvironmental SecurityEnvironmental Security suppression system and

both UPS and redundant diesel generators. • Network SecurityNetwork SecurityNetwork SecurityNetwork Security

System, one of only 10 Tier 1 networks in the world. All portions of this network are redundant.

B. B.B.

B. Server SecurityServer SecurityServer SecurityServer Security

Eloqua builds its s

services and locks down the file system using access control lists. These servers are further secured through the implementation of Group Policies. The servers’ secure posture is maintained through

firmware patching regime and software updates a assurance and s environment.

To confirm the security posture of all network devices, Eloqua uses third vulnerability scanning services from Qualys. These scans confirm that all required patches have been applied and that any security

configuration changes ha remotely from Qualys’ network

within using a QualysGuard security appliance. Both scans are run weekly. Over time, Qualys continues to update its vulnerability checklis

fast detection and allow quick remediation of any new network vulnerabilities.

TECHNICAL OVERVIEW

Security in the Data Center

Eloqua has constructed a comprehensive security policy that addresses all the critical touch-points of the application and its infrastructure from the data center

user.

Data Center Security Data Center SecurityData Center Security Data Center Security

Eloqua partners with Verizon Business Canada to deliver its

secure, reliable datacenter in Toronto. Verizon’s datacenter boasts an array of security protections that include:

Physical Security Physical Security Physical Security

Physical Security: Verizon’s business datacenter is protected by video surveillance, with video feeds recorded and stored offsite.

Environmental Security Environmental Security Environmental Security

Environmental Security: The data center includes

suppression system and Redundant HVAC and Backup power both UPS and redundant diesel generators.

Network Security Network Security Network Security

Network Security: The network is part of Verizon’s AS701 Autonomous System, one of only 10 Tier 1 networks in the world. All portions of this network are redundant.

Server Security Server SecurityServer Security Server Security

Eloqua builds its servers using a secure build process that removes unneeded services and locks down the file system using access control lists. These servers are further secured through the implementation of Group Policies. The servers’ secure posture is maintained through Eloqua’s operating system and firmware patching regimen. Eloqua’s patching process for Windows hot fixes and software updates allows for a test period on the development, quality assurance and staging environments before being promoted

vironment.

To confirm the security posture of all network devices, Eloqua uses third vulnerability scanning services from Qualys. These scans confirm that all required patches have been applied and that any security

configuration changes have been made. The network perimeter is scanned remotely from Qualys’ network and the internal network

within using a QualysGuard security appliance. Both scans are run weekly. Over time, Qualys continues to update its vulnerability checklis

fast detection and allow quick remediation of any new network vulnerabilities. > > > > Security & PrivacySecurity & Privacy Security & PrivacySecurity & Privacy 5555

ehensive security policy that addresses all the points of the application and its infrastructure from the data center

to deliver its platform from a datacenter boasts an array of

: Verizon’s business datacenter is protected by video surveillance, with video feeds recorded and stored offsite. Two

a FM200 Fire Redundant HVAC and Backup power including

: The network is part of Verizon’s AS701 Autonomous System, one of only 10 Tier 1 networks in the world. All portions of this

ervers using a secure build process that removes unneeded services and locks down the file system using access control lists. These servers are further secured through the implementation of Group Policies. The

Eloqua’s operating system and . Eloqua’s patching process for Windows hot fixes llows for a test period on the development, quality

promoted to the production

To confirm the security posture of all network devices, Eloqua uses third-party vulnerability scanning services from Qualys. These scans confirm that all required patches have been applied and that any security-affecting

ve been made. The network perimeter is scanned internal network is scanned from within using a QualysGuard security appliance. Both scans are run weekly. Over time, Qualys continues to update its vulnerability checklist to provide fast detection and allow quick remediation of any new network vulnerabilities.

(6)

C. C.C.

C. Application Security Application Security Application Security Application Security

Customer data within the Eloqua system is secured by partitioning each tenant into its own separate database with access tightly controlled login process. Eloqua’s network is divided along a functional 3

common to many web applications (web, application and database). Within the network, the systems are divided into four functional groups: mail servers, web and applicati

servers. This segmentation allows for very specific control over the type of traffic that passes between each layer, isolating potential issues and preventing the spread of any

access control lists.

In addition, Eloqua embeds security in the software development process itself.

• Application scansApplication scansApplication scansApplication scans

product to scan and detect any security vulnerabilities in the pl

These can be patched before this code is released for production use. • Secure LibrariesSecure LibrariesSecure LibrariesSecure Libraries

Cross

D. D.D.

D. System MonitoringSystem MonitoringSystem MonitoringSystem Monitoring

In addition to preventative strategies

proactively monitor the system for problems that could affect security, performance or reliability. Industry standard protocols such as SNMP, WMI and SQL are used to ensure the operations team has full visibility int

state of the platform at all times. In the event of a problem with a particular subsystem, or an abnormal amount or type of traffic being directed at a client, Eloqua is able to selectively exclude

denial of s • MonitoringMonitoringMonitoringMonitoring

reliability of the Eloqua platform using Gomez ExperienceFirst to measure application uptime and response time.

• AlertingAlertingAlertingAlerting

Operations Manager ( (for hardware m events in the system.

TECHNICAL OVERVIEW

Application Security Application Security Application Security Application Security

Customer data within the Eloqua system is secured by partitioning each tenant into its own separate database with access tightly controlled login process. Eloqua’s network is divided along a functional 3

common to many web applications (web, application and database). Within the network, the systems are divided into four functional groups: mail servers, web and application servers, database servers and management servers. This segmentation allows for very specific control over the type of traffic that passes between each layer, isolating potential issues and preventing the spread of any threats. Traffic is controlled usin

access control lists.

In addition, Eloqua embeds security in the software development process itself.

Application scans Application scans Application scans

Application scans: The development team uses Portswigger’s BurpSuite product to scan and detect any security vulnerabilities in the pl

These can be patched before this code is released for production use. Secure Libraries

Secure Libraries Secure Libraries

Secure Libraries: Eloqua uses standard libraries to scan for, and block, Cross-Site Scripting and other dangerous data.

System Monitoring System MonitoringSystem Monitoring System Monitoring

In addition to preventative strategies, Eloqua also uses a number of tools to proactively monitor the system for problems that could affect security, performance or reliability. Industry standard protocols such as SNMP, WMI and SQL are used to ensure the operations team has full visibility int

state of the platform at all times. In the event of a problem with a particular subsystem, or an abnormal amount or type of traffic being directed at a client, Eloqua is able to selectively exclude specific traffic types to avoid a denial of service.

Monitoring Monitoring Monitoring

Monitoring: In addition to internal tools, Eloqua confirms the security and reliability of the Eloqua platform using Gomez ExperienceFirst to measure application uptime and response time.

Alerting Alerting Alerting

Alerting: A number of tools, including Microsoft’s System Center

Operations Manager (for Windows and SQL monitoring), Dell’s IT Assistant for hardware monitoring) are used to detect and alert on any critical events in the system.

Customer data within the Eloqua system is secured by partitioning each tenant into its own separate database with access tightly controlled by the login process. Eloqua’s network is divided along a functional 3-tier boundary common to many web applications (web, application and database). Within the network, the systems are divided into four functional groups: mail

on servers, database servers and management servers. This segmentation allows for very specific control over the type of traffic that passes between each layer, isolating potential issues and

. Traffic is controlled using tight security

In addition, Eloqua embeds security in the software development process : The development team uses Portswigger’s BurpSuite product to scan and detect any security vulnerabilities in the platform. These can be patched before this code is released for production use. : Eloqua uses standard libraries to scan for, and block,

, Eloqua also uses a number of tools to proactively monitor the system for problems that could affect security, performance or reliability. Industry standard protocols such as SNMP, WMI and SQL are used to ensure the operations team has full visibility into the state of the platform at all times. In the event of a problem with a particular subsystem, or an abnormal amount or type of traffic being directed at a

specific traffic types to avoid a

: In addition to internal tools, Eloqua confirms the security and reliability of the Eloqua platform using Gomez ExperienceFirst to measure

: A number of tools, including Microsoft’s System Center

Windows and SQL monitoring), Dell’s IT Assistant onitoring) are used to detect and alert on any critical

(7)

E. E.E.

E. Network SecurityNetwork SecurityNetwork SecurityNetwork Security

Customers log into Eloqua using a 128

the same secure browsing technology used by financial institutions and leading e

through Verisign’s Extended Validation SSL certificates to assist in preventing phishing attacks. In

Mozilla

certificate turns the address bar green to acknowledge that the site is being accessed in a secure manner.

This same SSL customer third

insecure, Eloqua can seamlessly move between security levels. This allows the user

concern.

Eloqua employs two firewalls in an Active/Passive cluster to provide traffic filtering and Intrusion Prevention services. To prevent worms and other network

are open to inbo intrusion p

other intrusion detection devices in the network to monitor for problems. The production network, which manages custome

entirely separate from Eloqua’s corporate network.

Security at the Desktop

Security does not end with the Eloqua data center. Access to the Eloqua platform is controlled by the f

Microsoft .NET platform. All users access the application using a Company Name, Username and Password which are then encrypted with SSL while they are in transmission. An encrypted session ID cookie is used to uniquely identify each user. For closed

session and only contains the user’s unique ID.

Once authenticated, the user is granted an access level based on that user’s designated group membership. At the highest level, the applicati

separate security rights to normal users, client

application-access roles that map onto job functions (

user, and advanced marketing user). At the most granular level, control read/edit/delete access to individual

application. Each customer instance of Eloqua can have its own security settings that allow these login detai

TECHNICAL OVERVIEW

Network Security Network SecurityNetwork Security Network Security

Customers log into Eloqua using a 128-bit SSL-encrypted browser same secure browsing technology used by financial institutions and leading e-commerce sites. Eloqua provides additional feedback to the user through Verisign’s Extended Validation SSL certificates to assist in preventing phishing attacks. In most browsers such as Microsoft Internet Explorer, Mozilla FireFox, and Google Chrome the use of an Extended Validation certificate turns the address bar green to acknowledge that the site is being accessed in a secure manner.

This same SSL-based security is used when synchronizing Eloqua with customer third-party CRM systems. If the customer website is partially insecure, Eloqua can seamlessly move between security levels. This allows

user to experience the website at the required security level wit concern.

Eloqua employs two firewalls in an Active/Passive cluster to provide traffic filtering and Intrusion Prevention services. To prevent worms and other network-based attacks from accessing other ports and protocols, only 3 ports are open to inbound traffic: HTTP, HTTPS and SMTP. Eloqua also employs intrusion prevention rules that are built into the firewall cluster in

other intrusion detection devices in the network to monitor for problems. The production network, which manages customer data and transactions, is entirely separate from Eloqua’s corporate network.

Security at the Desktop

Security does not end with the Eloqua data center. Access to the Eloqua platform controlled by the forms authentication method provided by the under

Microsoft .NET platform. All users access the application using a Company Name, Username and Password which are then encrypted with SSL while they are in transmission. An encrypted session ID cookie is used to uniquely identify each user. For closed-loop security, this cookie only persists for the duration of the session and only contains the user’s unique ID.

Once authenticated, the user is granted an access level based on that user’s designated group membership. At the highest level, the applicati

separate security rights to normal users, client-level administrators and

-wide administrators. For normal users, there are a number of standard access roles that map onto job functions (such as sales user,

advanced marketing user). At the most granular level, read/edit/delete access to individual marketing assets

application. Each customer instance of Eloqua can have its own security settings that allow these login details to be customized.

encrypted browser session - same secure browsing technology used by financial institutions and

commerce sites. Eloqua provides additional feedback to the user through Verisign’s Extended Validation SSL certificates to assist in preventing

most browsers such as Microsoft Internet Explorer, FireFox, and Google Chrome the use of an Extended Validation certificate turns the address bar green to acknowledge that the site is being

y is used when synchronizing Eloqua with party CRM systems. If the customer website is partially insecure, Eloqua can seamlessly move between security levels. This allows

to experience the website at the required security level without

Eloqua employs two firewalls in an Active/Passive cluster to provide traffic filtering and Intrusion Prevention services. To prevent worms and other

based attacks from accessing other ports and protocols, only 3 ports and SMTP. Eloqua also employs revention rules that are built into the firewall cluster in as well as other intrusion detection devices in the network to monitor for problems. The

r data and transactions, is

Security does not end with the Eloqua data center. Access to the Eloqua platform uthentication method provided by the underlying Microsoft .NET platform. All users access the application using a Company Name, Username and Password which are then encrypted with SSL while they are in transmission. An encrypted session ID cookie is used to uniquely identify each

cookie only persists for the duration of the

Once authenticated, the user is granted an access level based on that user’s designated group membership. At the highest level, the application provides

level administrators and

wide administrators. For normal users, there are a number of standard such as sales user, basic marketing advanced marketing user). At the most granular level, administrators can

marketing assets within the

(8)

To ensure the highest possible additional best

organization. For example, Eloqua suggests the following customer b for all subscribers:

• Set IP range restrictions to allow users to access Eloqua only from a corporate network or VPN, thus providing a second factor of authentication.

• Educate employees not to open suspect emails and to be vigilant in guardin against phishing attempts.

• Use security solutions from leading vendors such as Symantec to deploy spam filtering and malware protection.

• Designate a security contact within your organization so that Eloqua can more effectively direct security

• Consider using two

restrict access to the network.

Be

Benefits Summary

nefits Summary

Eloqua is committed to providing best in class security

to allow customers to rest assured that their data is safe at all times. Through a combination of policies

maintain a best impeccable track rec

• Organizational culture built around security and privacy

• SAS 70 Type II audited software platform hosted in a SAS 70 Type II audited facility

• Physical, environmental, and network security through Verizon Business Datacenter

• Reliance on third party to

improvement and thought leadership

• Best practices to improve security at the customer site TECHNICAL OVERVIEW

To ensure the highest possible security to the user’s desktop, Eloqua also suggests additional best-practices for customers to adopt within the four walls of their organization. For example, Eloqua suggests the following customer b

for all subscribers:

Set IP range restrictions to allow users to access Eloqua only from a corporate network or VPN, thus providing a second factor of authentication.

Educate employees not to open suspect emails and to be vigilant in guardin against phishing attempts.

Use security solutions from leading vendors such as Symantec to deploy spam filtering and malware protection.

Designate a security contact within your organization so that Eloqua can more effectively direct security-related communications.

Consider using two-factor authentication techniques such as restrict access to the network.

nefits Summary

Eloqua is committed to providing best in class security technologies

allow customers to rest assured that their data is safe at all times. Through a combination of policies, platform and customer security, Eloqua is able to maintain a best-in-class software security infrastructure as evidenced by impeccable track record.

Organizational culture built around security and privacy

SAS 70 Type II audited software platform hosted in a SAS 70 Type II audited facility

Physical, environmental, and network security through Verizon Business Datacenter

Reliance on third party tools and standards bodies for continuous improvement and thought leadership

Best practices to improve security at the customer site

to the user’s desktop, Eloqua also suggests within the four walls of their organization. For example, Eloqua suggests the following customer best practices

Set IP range restrictions to allow users to access Eloqua only from a corporate network or VPN, thus providing a second factor of authentication.

Educate employees not to open suspect emails and to be vigilant in guarding

Use security solutions from leading vendors such as Symantec to deploy spam

Designate a security contact within your organization so that Eloqua can more

such as RSA tokens to

technologies and policies allow customers to rest assured that their data is safe at all times. Through a

platform and customer security, Eloqua is able to class software security infrastructure as evidenced by its

Organizational culture built around security and privacy

SAS 70 Type II audited software platform hosted in a SAS 70 Type II Physical, environmental, and network security through Verizon Business

ols and standards bodies for continuous Best practices to improve security at the customer site