Security and MadCap Central

MadCap Central leverages the security, power, and flexibility of the cloud to mitigate or eliminate many of the technical hurdles faced by both content creators and information technology professionals. The overhead traditionally associated with managing complex systems can hinder the ability to create content and deliver content efficiently. The goal of this topic is to provide a high-level overview of the ways that Central addresses these challenges.

Security and privacy are top priorities at MadCap Software, especially when providing customers with a cloud-based system in Central. We are committed to keeping your files, data, and communications secure. Therefore, in choosing Microsoft® Azure as a partner, we focused on selecting a security center that understands the importance of privacy and complies with the highest international and industry-specific compliance standards and uptime guarantees. Microsoft Azure regularly undergoes rigorous third-party audits to ensure and verify the highest level of security controls.

For more information, see the following:

Copy
https://www.microsoft.com/en-us/TrustCenter/Security/default.aspx

Server Regions

New license subscriptions have the option a server region.

Depending on which region you chose when subscribing to a Central license (United States or Europe), you can select the corresponding server when logging in to Central.

Image showing United States region selected in the Log In window.

Image showing European region selected in the Log In window.

  • The European server is located in Germany.

  • If you have an existing license (i.e., one that was created before the introduction of the European server), it will remain on the United States server.

  • The server that you select will hold all of your data and hosted output for that license.

  • Regardless of the server, the default MadCap domain is madcapcentral.com (e.g., fictionsoft.madcapcentral.com). Of course, you can still add your own host mapped domain (e.g., help.fictionsoft.com).

  • Each server will have access to a global list of vanities, but will not contain any sensitive information. License vanity, region, and Central key are the only pieces of data shared globally, so each server has access to that data.

Data Centers and Disaster Recovery

MadCap Software partners with Microsoft Azure to securely host mission-critical infrastructure, such as MadCap Central. Depending on the server you choose when subscribing to Central, the data residency and infrastructure are hosted in one of two locations:

  • United States Azure WESTUS datacenters

  • Europe Azure German datacenter

These Azure data centers are ISO27001 certified. For details, see:

Copy
https://www.microsoft.com/en-us/cloud-platform/global-datacenters

In addition to data stored in the database, the source control provider (Git) has the ability to failover in case of an outage. This is essential in handling mission critical data in the event of a catastrophe.

Source Control Provider and Data Storage

In addition to creating projects in Central, projects can be uploaded locally from Flare to Central, thus creating copies of those projects on the cloud. From the cloud versions of your projects, output files can be generated and published. In addition to project source and output files, Central hosts many other types of data, including user and team information, task details, communications between individuals, and ancillary file attachments.

Graphic illustrating source control provider and data storage in Central.

When local projects are uploaded from Flare to a Central license, they are bound by a Git source control connection.

The following objectives are important for this relationship:

  • Easy Access Projects are hosted in the cloud, which means they can be accessed from anywhere.
  • Security Projects are stored securely in the cloud. Communication between your local desktop and the cloud is over HTTPS (HTTP over SSL). This is an encrypted, secure channel of communication. Source control data is secured by user name and security token. It is also possible to configure a license so that authentication is based on single sign-on (SSO) from the company's identity provider, thus adding another level of security. See Single Sign-On.

  • Data Transference Users can synchronize the local and cloud versions of projects after changes are made to files. In addition, you can retrieve files to a local machine whenever necessary. Uploaded projects can be imported and generated output files can be downloaded from Central.
  • Storage MadCap Central stores user data in different ways depending on the nature of the data. Some examples of data storage include encrypted SQL databases, source control repositories (GIT), and Azure blob storage.
    • Sensitive data—such as user credentials and company information in the database tier—are stored using encryption to mitigate unauthorized access to data, and ensure your information is stored securely.

    • The methods of storing data follow industry security standards and offer a highly scalable solution to ever expanding storage management tracking needs.
    • If you choose to cancel your subscription, hosted data can be wiped at your discretion.
  • Backups All data is backed up daily. All user data in Central database backups are encrypted, transmitted remotely, and stored securely. This helps prevent unauthorized access.

Web Server Hosting and Management

Every MadCap Central subscription includes access to our highly scalable cloud-based build server. Because MadCap Central is a cloud-based solution, content creators can rapidly generate and publish their content with minimal effort while benefiting from a high level of security, scalability, and durability, something that would otherwise require skilled IT resources to implement. Published output is hosted on a robust, secure, geographically redundant web application server.

With that in mind, the following are important considerations:

  • Reduced Hosting Costs You can host all of your projects within Central and never worry about managing or scaling costly web servers. Whether you have a small, single project or several large projects, you can host and manage all of your content in one place.
  • Automation and Convenience From Central, you generate and publish output with minimal effort. You also have the ability to quickly roll back published outputs when necessary, with the click of a button. Builds can be initiated manually or they can be scheduled. All of this can be done from any device supporting the browser-based interface.
  • Availability and Monitoring Your content is vital to your company, so 24-hour availability of the web server is crucial, as is constant uptime monitoring. All components of MadCap Central are monitored 24 hours a day, 7 days a week, 365 days a year using remote monitoring systems. MadCap Software has staff on hand to respond to outages and security breaches.
  • Security Management Data in MadCap Central is secured in the various ways.

    • Web services have built-in load balancers to stave off most DOS (Denial-Of-Service) attacks.
    • We provide unauthorized access monitoring and incident response. Any breaches in data security will be reported to affected customers.
    • User portal and API endpoints (i.e., the connection between Flare and Central) are secured via user authentication.
    • All data endpoints are secured using SSL. The user portal, API endpoints, source control provider (Git), and all backend system communications are all encrypted.
    • Published sites that are not set to “live” are secured by user authentication.
  • Scalability As your content management needs grow, so will your demands for a system that dynamically scales as well. Over time, the builds that you generate on Central will consume more and more space. Central offers ease with scalability for your output, which helps to eliminate worries about CPU, memory, and disk-intensive projects.

    Diagram that illustrates scalability from a small system to a much larger system.

Security Headers

MadCap Central has implemented the following security headers for website security and the prevention of malicious attacks, such as clickjacking:

  • Content Security Policy Useful for protecting your site from cross-site scripting (XSS) attacks that can load malicious assets.

  • Permissions Policy Useful for controlling which features and application programming interfaces (APIs) can be used in the browser.

  • Referrer Policy Useful for controlling how much information the browser includes with navigation away from a document.

  • Strict Transport Security Useful for enforcing the use of HTTPS.

  • X Content Type Options Useful for preventing a browser from trying to MIME-sniff the content type, forcing it to stick with the declared content type. The only valid value for this header is "X-Content-Type-Options: nosniff."

  • X Frame Options Useful for allowing frames on your site. By preventing a browser from framing your site you can defend against attacks like clickjacking.

On the Sites page, you can create your own security policies, adding directives to security headers. See Security Page View.

Service Level Agreement

The full Service Level Agreement (SLA) for MadCap Central (and other MadCap Software products) can be found here:

Copy
https://www.madcapsoftware.com/company/service-level-agreement/

Application and Browser

Much of the work in MadCap Central (e.g., management of users, teams, tasks, projects, and builds) requires user interactions to be performed through a browser. In addition to Flare requiring end-to-end encryption, all traffic from your web browser to the MadCap Central portal is also secured using industry standard security practices such as SSL.

Following are some of the notable features in Central that contribute to a secure, accessible work experience:

  • Permissions In Central, permissions allow you to dictate which users can see certain information and perform a variety of functions. In addition to basic permissions, there are several administrator-level rights that can be set, giving you the most flexibility to control how your data and files are being managed and distributed. See Setting User Permissions.

    Dialog showing all the options available for user permissions.

  • Importing Projects If another user uploads a project locally from Flare to your MadCap Central license and you do not yet have that project on your computer, you can import it. You can do this from the MadCap Central window pane in Flare. See Importing Projects.
  • Downloading Builds After generating a target, you can download the output to your computer. This is an optional step, in case you want to have a local copy of the build (e.g., you want to view your Microsoft HTML Help output, which is an output format that you cannot view from Central). See Downloading Builds.
  • Purchasing Seats and Space Built-in widgets inform you when space or user count becomes a concern. When you run out of user seats or storage space in Central, you can purchase more. You do not need to contact MadCap Software to do this; instead, you can purchase user seats and storage space directly from the Central interface. See Purchasing User Seats and Storage Space.

  • Single-Bound and Dual-Bound Projects When you upload a project to Central, the files are connected to Central via an integrated source control system (Git). Your interaction with source control can follow one of two models—single-bound (recommended) or dual-bound. Single-bound projects are not bound to an additional third-party source control provider; they only use Central's source control system. Dual-bound projects, on the other hand, are already bound to another source control provider, and therefore are bound to both the original third-party source control provider and to Central. See Source Control.

    A single-bound model where projects work directly with Central for source control.

    A dual-bound model where projects work with Central or third-party source control tools.

  • Security Options On your license, you can set the maximum login attempts, automatic logout settings when the system is idle, as well as password change and minimum requirements.See Setting Security Options.