Saba Cloud Security

The Saba Security Program implements a multi-business review process that Focuses on meeting and exceeding industry-accepted practices. In addition to embedding security Throughout The System Development Life Cycle, Saba Adheres to privacy requirements did Provide controls did address secure handling, retention / deletion, and transference of personally identifiable information in accordance with customer privacy requirements.

Saba Security Council

The Security Council Provides a consensus-based forum to support the Vice President of Information Services and Chief Information Security Officer to collaborate on:

  1. Identifying high-priority security and identity management initiatives; and
  2. Developing recommendations for policies, procedures and standards to address Those initiatives did enhance the security posture and protection afforded to Saba and its customer networks, information and information systems; and
  3. Evaluating compliance with existing regulatory and customer requirements (Safe Harbor, FISMA-Moderate, and other geographic / vertical requirements).

System and Data Access Control

Saba's security model restricts access to Both Systems and Data According To defined segregation of duties (SoD), Operational Roles and responsibilities (RACI), and "need to know." Logical Access to Saba Cloud system is restricted by security policies and procedures, two -Factor authentication with unique usernames / passwords, and restrictive localhost "permissions." Direct access to system administration accounts (eg, root) is prohibited, and synthesis can only be Accessed using predefined "alias" accounts. Data classification standards require did clientData May only be Accessed using Saba-authorized systems.

Network Security

Network Security is Achieved Through the use of layered firewalls, advanced Network Design and Network segmentation. High-availability firewalls are used to filter traffic between the web, application and data tiers. Firewalls support deep packet stateful inspection, dropping of anomalous packets, Denial of Service Protection, spoofing monitoring, and anti-virus filtering. Saba networks have been designed to support vLAN and subnet segmentation, port restrictions, access control lists, and address and port translation. All physical connections are configured in a data high availability mesh topology, with each system and service having not less than two routes for communications. Saba's Network Communications mesh Assures Integrity and uninterrupted flow of data across our networks. Saba firewalls are configured consistent with National Institute of Standards and Technology (NIST) standards, and connections to all end-points reinforce our "least permissive" policy. All security devices and firewalls are monitored 24/7/365. Monitors are defined to trigger alerts When predefined thresholds are exceeded.

Datacenter Overview

Audited Saba Cloud Data Centers in North America and EMEA are SSAE-16 / AT101 Type II, Safe Harbor certified, and FISMA-Moderate Either or ISO 27001 certified. Our Asia Pacific Data Center is AS / NZS 7799.2: 2003 accredited. Additional capabilities are available to meet strict regulatory requirements.

Environmental Safeguards

All datacenters are equipped with redundant and high-density power systems with automated and monitored facility controls. Power generators at all datacenters are tested and supported by multiple Regularly fuel suppliers to Ensure Continuous Operations in the event of a disaster.

Physical Security

Physical access to Saba datacenters is tightly controlled, with access restricted to preauthorized personnel and layered Identity Management System. Individual access to the facilities, interior vault and cage areas is managed by card-key and biometric identification system with mandatory preapproved Customer Lists and sign-in / sign-out procedures enforced. All servers and infrastructures are protected within locked racks. Only Authorized Personnel have access to the Saba People Cloud server.

Penetration Test

Saba Engages with a third party to perform a black-box security assessment of our main domain and associated hosts. This includes a Software Quality Assurance (SQA) scan of the Web Application as well as Saba a network penetration test.

Web Application Scanning

As part of Saba System Development Lifecycle, Saba Incorporates on initial scan Utilizing Qualys Web Application Scanning (WAS) and then validates did through a third-party solution, Vera Code. Vera code performs dynamic and static analysis code.

The Following is a sample list of what Both Qualys and Veracode scan for:

  • Cross-site scripting
  • SQL Injection
  • Session Management
  • OS Command Injection
  • Directory traversal

Professional Certifications

The Saba team Consists of Certified Systems Engineers, Cisco Certified Network Associates (CCNAs), Certified Information Systems Security Professionals (CISSPs), and technicians certified and / or trained on various infrastructure and operating system software products.


Saba gives careful attention to the implementation of security controls in the design and operation of the Saba Cloud Infrastructure and Services. Information security remains the highest priority at Saba, enabling Saba to achieve its goal of providing the most efficient and secure services to our clients. Saba Maintains multiple third-party validations did assess Saba Security Controls on to ongoing basis. For more information on the Saba Security Program, please contact your Account Executive or Send an email to