Guest

OpenDNS Cloud Hosted Services

OpenDNS Data Centers | FAQ | Vulnerability Notification

OpenDNS Trust Overview

Cisco OpenDNS LLC ("OpenDNS" or "Company") is a leading provider of network security and Domain Name Server (DNS) services. It handles 2 percent of internet requests, with 80 billion daily DNS requests. This helps the world to connect to the internet with confidence on any device, anywhere, anytime. The umbrella cloud-delivered network security service blocks advanced attacks, as well as malware, botnets, and phishing threats, regardless of port, protocol, or application. Its predictive intelligence uses machine learning to automate protection against emergent threats before they can reach customers. OpenDNS protects all devices globally without hardware to install or software to maintain.

OpenDNS is trusted by thousands of IT professionals, from enterprises to hospitals, banks, and retailers.

This is the central repository of information regarding security, privacy, and reliability as related to OpenDNS cloud hosted services. Here you will find information concerning:

  • Our data centers, our security processes, and certifications
  • How we safeguard your data

OpenDNS Data Centers

The OpenDNS service is co-located in tier-1 data centers that feature state of the art physical and cyber security and highly reliable designs. OpenDNS data centers are third-party certified for security, using certifications that include ISO9001, SSAE16 and ISO27001, as described below:

Location Provider Certification

OTP - Bucharest, Romania

GTT

ISO9001, ISO27001

ASH - Ashburn, Virginia

Equinix

SOC2 Type 2, SOC2 Type 1

NYC - New York City, New York

NTT-GIN

SSAE 16 Type 2

LON - London, United Kingdom

Telehouse

ISO27001

AMS - Amsterdam, Netherlands

Telecity

ISO9001, ISO27001

CHI - Chicago, Illinois

Equinix

SOC2 Type 2, SOC2 Type 1

CPH - Copenhagen, Denmark

GTT

ISAE 3402

PAO - San Jose, California

Equinix

SOC2 Type 2, SOC2 Type 1

SEA - Seattle, Washington

Equinix

SOC2 Type 2, SOC2 Type 1

MIA - Miami, Florida

Terremark

SOC2 Type 2

CDG - Paris, France

GTT

ISO27001, ISO9001, ISO14001

PRG - Prague, Czeck Republic

GTT

ISO27001, ISO18001, ISO14001, ISO9001

 

DFW - Dallas, Texas

Equinix

SOC2 Type 2, SOC2 Type 1

LAX - Los Angeles, California

Equinix

SOC2 Type 2, SOC2 Type 1

SIN – Singapore

Equinix

SOC2 Type 2

 

SJC - San Jose, California

Equinix

SOC2 Type 2, SOC2 Type 1

FRA - Frankfurt am Main, Hessen, Germany

Equinix

SOC2 Type 2

HKG - Hong Kong

iAdvantage

ISO27001

YYZ - Toronto, Ontario

Equinix

SOC2 Type 2, SOC2 Type 1

 

SYD - Sydney, Australia

Equinix

SOC2 Type 2

YVR - Vancouver, British Columbia

Cologix

SOC1

 

NRT - Tokyo, Japan

Equinix

SOC2 Type 2

 

JNB - Johannesburg, South Africa

EOH JB1

ISO9001, ISO27001

 

Privacy and Data Protection Compliance

OpenDNS is committed to data protection, privacy, security, and compliance with applicable regulatory frameworks in the United States and abroad.

Cisco Systems and OpenDNS are certified pursuant to the EU-U.S. Privacy Shield Framework. Cisco and its subsidiaries, including OpenDNS, make available to its customers a Data Processing Agreement (DPA) that incorporates the European Commission’s Standard Contractual Clauses (also known as the EU Model Clauses), so that customers may allow transfer and processing of personal data outside the Europe Economic Area (EEA) in accordance with applicable European privacy and data protection regulations and local laws.

Further information on the DPA and the safeguards we employ with respect to data transfers from the EEA can be found below in our FAQ.

FAQ for Customers: Compliance with European Data Protection Laws

What services does OpenDNS offer?
OpenDNS is a wholly owned subsidiary of Cisco Systems, Inc., that provides cloud-based security services to businesses and individuals. OpenDNS technology identifies threats at the DNS layer, allowing connections to safe locations and blocking connections to malicious ones. Using this approach OpenDNS is capable of pre-empting and preventing botnets, malware and phishing on or off the corporate network, over any port or protocol. As part of its services, OpenDNS collects data from its users, and through big data analytical methods, identifies potential threats. Information about potential threats is accessible to users through a virtual “dashboard”.

How does OpenDNS deliver its services?
OpenDNS provides management software to its customers over the internet, and customers access a web-based dashboard over SSL to gain visibility into their account info, configure policy and view logs generated.  Customers log into the OpenDNS services from an OpenDNS website and access their accounts by means of unique usernames and passwords.  Customers have the option to enable two-factor authentication to increase security.

OpenDNS also supports Security Assertion Markup Language (SAML) authentication, so customers can add the OpenDNS dashboard to their existing Single Sign On (SSO) service. This means we now integrate with services such as Okta, Ping, Onelogin, and others.

How does OpenDNS comply with European data protection laws?
In addition to implementing a comprehensive privacy and data security program, OpenDNS complies with applicable privacy laws and endeavors to follow best practices set out in relevant guidance, including the Directive 94/46 of the European Parliament of the Council of October 24, 1995. This regards the protection of individuals when processing personal data and the free movement of data (the “Privacy Directive”), as implemented into local laws, Switzerland’s Federal Act on Data Protection of  June 19, 1992, Germany’s Federal Data Protection Act of December 20, 1990 as amended on September  14, 1994, and the nonbinding Opinion May, 2012 on Cloud Computing released by the Article 29 Working Party on July 1, 2012.

OpenDNS has a more than 20 data centers located in various countries around the world (including non-European Economic Area countries). See the locations. Based on dynamic Anycast routing decisions, each customer’s traffic can be routed to any data center facility listed on our network map, although normally this will be the closest physical location. The raw data is stored on OpenDNS owned servers hosted in each third-party data center facility for no more than two hours. After that time, it is moved and aggregated at our OpenDNS-owned servers hosted at the third-party data center facility in San Jose, California.

What about the U.S.-EU Privacy Shield Framework?
The EU-U.S. Privacy Shield Framework was designed by the U.S. Department of Commerce and European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce. Cisco Systems and OpenDNS are certified pursuant to the EU-U.S. Privacy Shield Framework. Companies transferring and receiving personal data from the EU can also comply with applicable data protection regulations by signing standard contractual clauses, which consist of a set of contractual terms that have been approved by the European Commission. As described below, OpenDNS offers a Data Processing Agreement to customers that incorporates these approved clauses. We do not require our customers to agree to the clauses but offer this option to give our customers an additional path to meeting requirements under applicable data protection laws.

Does OpenDNS transfer Telemetry Data outside of the European Economic Area (EEA)?
When a customer makes a DNS request, it is resolved by a nearby data center, but then the request and associated IP address is sent to San Jose, CA for additional processing.  This is necessary for the delivery of OpenDNS services, as big data analytics requires the examination of worldwide data in real time.  So while a customer’s request may be resolved in the EU, all data is sent to the US for the delivery of services.

Does OpenDNS make contractual commitments regarding compliance with European Privacy laws?
Yes. Cisco offers its customers a Data Processing Agreement (DPA) incorporating the European Commission’s standard contractual clauses (commonly known as the “model clauses”), in accordance with the Privacy Directive, pursuant to the European Commission’s decision of February 5, 2010. The European Commission has affirmed such contractual commitments to be a valid way that European customers may transfer personal data outside the EEA. By making these contractual terms available, OpenDNS helps to ensure that European customers can continue to confidently deploy scalable, secure networks that comply with applicable regulations across the EEA.

What does the OpenDNS privacy and data security program entail?
OpenDNS takes a systematic approach to data protection, privacy, and security. We believe a comprehensive security and privacy program requires active involvement of stakeholders, ongoing education, internal and external assessments, and instilment of best practices within the organization. Cisco has established formal policies and supporting procedures concerning the privacy, security, review, and management of our products and services. The Cisco Chief Security and Trust Officer, Chief Privacy Officer, and Privacy Counsel maintain overall responsibility for the program, which is evaluated on a regular basis. This helps ensure it is up to date and follows modern security standards and best practices, as well as compliance with applicable privacy regulations. The Cisco Security and Trust Organization’s Information Security and Data Protection and Privacy programs include technical and organizational measures designed to help ensure physical security, data integrity and privacy, and transparency. The OpenDNS solution is designed for top-tier security and data privacy, and follows industry leading best practices for security and privacy. OpenDNS data centers are certified by various industry recognized standards including ISO 9001:2008, ISO 27001, PCI DSS, SSAE16, and ISAE 3402 (SAS70) including Type II. These data centers feature state of the art physical and cyber security and highly reliable designs. DNS resolution is replicated across multiple independent data centers so that customer-facing services fail over rapidly in the event of a catastrophic data center failure.

How does OpenDNS handle government requests for Customer Data or Telemetry Data?
OpenDNS is committed to maintaining appropriate confidentiality, security, and integrity of all data stored on its servers. Our agreements with customers provide assurances that their data will be protected by our technical, physical, and procedural safeguards and will be kept confidential except in very limited circumstances. One such circumstance is when OpenDNS has received a lawful, valid subpoena or court order requiring that we deliver data related to a customer (such as customer or telemetry data) in a controlled manner as part of an ongoing investigation. The OpenDNS and Cisco Legal departments review each subpoena in order to determine its substantive merit and procedural validity. Unless prohibited from doing so, OpenDNS will contact the customer regarding the subpoena and allow the customer to engage directly with the law enforcement agency making the request if the customer chooses to do so. For additional information regarding law enforcement requests for Customer Data, see the Cisco Transparency Report.

What if I have additional questions?
Please contact your Cloud Networking sales representative with more specific questions or concerns. He or she will involve our Security and Trust organization and/or privacy team as appropriate.

Vulnerability Notification

Our customers’ security is a top priority for OpenDNS. We invest heavily in tools, processes, and technologies to keep our users and their networks safe, including third party audits and features like two factor authentication. The OpenDNS vulnerability program is an important component of our security strategy, encouraging external researchers to collaborate with our security team to help keep networks safe.

Reporting security issues

If you are a user and have a security issue to report regarding your account (including password problems and account abuse issues), non-security bugs, and questions about issues with your network, please contact OpenDNS Support.

If you think you have discovered a vulnerability in an OpenDNS product or service, email security@OpenDNS.com or psirt@cisco.com. We take these reports seriously and will respond swiftly to fix verifiable security issues. When properly notified of legitimate issues, we will do our best to acknowledge your report, assign resources and fix potential problems as quickly as possible. Some of our products and services are complex and take time to update. We ask that you provide reasonable time for us to address the vulnerability before any public disclosure. For additional information please see the Cisco Security Vulnerability Policy.

Vulnerabilities

Any bug that substantially affects the confidentiality or integrity of user data is of interest to us. Common examples include:

  • Cross-site scripting
  • Cross-site request forgery
  • Cross-site script inclusion
  • Mixed scripting
  • Flaws in authentication and authorization mechanisms
  • Server-side code execution or command injection bugs

To help ensure availability of our services to all users, please refrain from using any tools that are likely to automatically generate significant volumes of traffic. Of course, your testing must not violate any law, or disrupt or compromise any data that is not your own. When investigating a vulnerability, please only target your own account. Never attempt to access anyone else's data and do not engage in any activity that would be disruptive or damaging to OpenDNS, OpenDNS customers, or OpenDNS users.