Client Security Audit and Configuration Checklist for BlendVision AiM
1. Email Sending and Receiving Settings
To ensure that emails sent from the BlendVision AiM system are not blocked, please follow the steps outlined below:
Item
Action Required
System Notification Email
Add this sender to the whitelist:
Email Sending Settings
Allow the following domain:
- one.blendvision.com
2. Service Configuration and Troubleshooting
The necessary configurations to maintain connectivity and functionality of key services within the BlendVision AiM platform.
Item
Port
Action Required
BlendVision AiM Website Connection Issue
443
Allow the following domain:
- *.one.blendvision.com
If using the default domain name, allow the following domain:
- app.cxm.blendvision.com
Video Streaming Issue
443
Allow the following domains:
- *.one.blendvision.com
- *.cloudfront.net
- drm.platform.blendvision.com
Missing Analytics Data
443
Allow the following domain:
- *.cdp.kkstream.io
Unable to Open Documents
443
Allow the following domains:
- *.officeapps.live.com
- common.online.office.com
- browser.events.data.microsoft.com
Unable to Use Google Drive
443
Refer to the settings provided by:
Unable to assign tasks/import users/upload files
442
Allow the following domain:
3. Data Environment, Architecture, and Security Measures of the Platform
The secure infrastructure and practices in place to protect sensitive data and ensure compliance within the BlendVision AiM platform.
Item
Details
Data Environment
- The services are deployed in the AWS cloud, utilizing multiple regions and availability zones to ensure high availability and scalability.
- Primary data is securely stored in Amazon S3, RDS, and DynamoDB, with permissions and encryption controls tailored to the sensitivity of the data.
Architecture and Security Measures
- The infrastructure is built on AWS VPC private network architecture, which maintains a clear separation between public and private networks.
- Inbound traffic is managed through AWS Application Load Balancer and AWS Web Application Firewall (WAF), providing robust traffic control and protection against web-based attacks.
- Sensitive data is encrypted using the AES-256 standard for both transmission and storage, with server-side encryption enabled at the S3 bucket level.
- The API Gateway enforces strict API access control and implements rate limiting.
- IAM roles and permissions are configured with fine-grained controls to ensure that access to resources is granted only to authorized personnel, and multi-factor authentication (MFA) is implemented for enhanced security.
- Regular vulnerability assessments are conducted using AWS Inspector and third-party scanning tools.
- An independent third-party organization performs an annual cloud security assessment to ensure compliance and security integrity.
Account Configuration
- All user accounts in the platform must use lowercase characters only. Uppercase characters are not supported for account usernames.
4. Supported Browsers and TLS Security Protocols
Item
Details
Supported Browsers
- Microsoft Edge
- Google Chrome
- Mozilla Firefox
- Apple Safari
Note: All support the latest stable versions.
TLS Security Protocols
All external-facing services within the platform require the use of TLS version 1.2 or higher to ensure secure, encrypted communication.