Database and Network Security Sample Clauses

Database and Network Security. (a) With respect to the Protected Servers and Protected Files, Licensee and the Authorized Third Parties shall employ industry-standard “least privilege” and identity/access management security practices with respect to network and database access and permissions, including requiring unique strong login/password and multi- factor authentication credentials. Only authorized users who need access to the Protected Servers and Protected Files for authorized purposes shall be granted such access. (b) The Protected Servers must be protected with robust industry-standard firewall systems that are configured and monitored in accordance with industry-standard security practices and are designed to detect and protect against common attacks, such as network/database intrusion, DNS and DDoS attacks. (c) In the case of AWS or a substantially equivalent virtual private cloud (“VPC”) service being used, Protected Files must be maintained in a logically secure encrypted virtual storage facility (e.g., an AWS S3 bucket) controlled by Licensee where such storage facility is configured to be not routable from the Internet and access to such storage facility is limited to specified secure actions by authorized users, roles and/or computing instances within Licensee’s VPC (e.g., Licensee’s VPC gateways, VPC endpoints and/or VPC computing instances) that are necessary for delivery of the Licensed Programs via the means licensed in the License Agreement and such access is governed by least privilege security policies that comply with industry-standard security practices (i.e., in the case of using AWS, least privilege security policies that comply with AWS’s security recommendations regarding Identity and Access Management (“IAM”) permission policies for resources (e.g., S3 buckets), principals and related VPC endpoint and subnet configurations, and network security architecture and controls). Further, the following (or equivalent) protections must be employed: AWS Shield (to protect against network intrusion, DNS and DDoS attacks), AWS CloudTrail and VPC Flow Logs (for monitoring) combined with threat detection, and where applicable, AWS WAF (web application firewall).