Privacy, GDPR and PII (Personally Identifiable Information) Collected by Riverbed SteelCentral Aternity

SteelCentral Aternity™ monitors the performance of applications and devices from the end user perspective, so you can measure and improve the productivity of your workforce. Monitored devices across your organization send their performance data to Aternity, which it presents in clear and intuitive dashboards, to bring insights into the causes of slowdowns or crashes, so you can troubleshoot those problems.

Aternity cares about and safeguards your end user privacy by focusing on performance measurements. It stores PII (personally identifiable information) for short periods only, solely for the purposes of troubleshooting problems in user experience.

Tip

You can always quickly find the latest version of this page on privacy by going to https://help.aternity.com/privacy.

For separate details on securing or encrypting connections in and out of Aternity, see how to secure your Aternity.

Adherence to Security and Privacy-Related Standards

Riverbed engages with outside organizations to validate that our security practices meet the most stringent expectations. We use services from third-party vendors for software security auditing and penetration testing.

Aternity complies with several security standards

Wolf & Company, a top regional accounting firm, has certified Aternity's operations as compliant with SOC 2 Type 2. This assures our customers that we are taking the appropriate steps to protect our systems and our customers’ data.

Wolf & Company also certified that Aternity's control environment satisfies the requirements of the HIPAA Security Rules (Health Information Insurance Portability and Accountability Act), and conducts ongoing regulatory compliance audits.

In addition, Riverbed currently complies with applicable data protection regulations and GDPR compliance across its relevant services (learn more). We are also currently compliant with the NIST 800-171 standards, and its Security Management Program aligns with ISO 27005. Riverbed also has its own privacy policy.

Data Collected By Aternity

Aternity collects two types of data:

  • Performance measurements, like wait times, response times, or resource consumption.

  • Non-measurable descriptive attributes, which add context to the performance measurements to help troubleshoot the problem, like a device name, user name, location name, application name and so on.

Aternity collects performance measurements and attributes in three areas: applications, devices and users.

SteelCentral Aternity™ collects three categories of data
Category Collected Data

Applications

Aternity monitors the performance of all applications which are automatically discovered. These include managed applications which have their own defined activities.

Devices

You can monitor the performance of Windows devices (laptops, desktops, tablets), Apple Mac devices (desktops, laptops), mobile devices (iOS, Android) and virtual sessions (VDI and virtual applications).

Users

Aternity collects the following data on end users:

View user details *or for mobile only).

PII Data Collected By Aternity

The personal data of an employee is critical to your IT and Helpdesk teams to identify the users suffering from poor performance, like sluggish applications, hangs, crashes and so on. Aternity gathers this data only for you to troubleshoot the performance of applications and devices, either for one user or for a group of users in the same location.

Important

Aternity does not store the contents of any applications, documents, emails, or text messages.

The data collected by Aternity which is specifically personally identifiable information is:

Field Description
Active IP Address

(Windows only) Displays one of the IP addresses on this device (including IP v6 if the device runs Agent 10 or later) whose network adapter is active, operational and non-virtual.

The actual IP used to connect to Aternity is the IP Address field. If the device has more than one operational network adapter, the Active IP Address field may have a different value.

AD Title

(For all devices except mobile and Macs) Displays the job title of the current user logged in to this device. In Windows, this is the same as the AD Title.

Client Device Name

(For virtual deployments only) Displays the hostname of a device which is connecting to a VDI or virtual application server.

Email Address

(Windows only) Displays the email address associated with the current logged in user.

Hostname

Displays the hostname of the monitored device. View it in the Windows Control Panel > System > Computer Name, or on Apple Macs in System Preferences > Sharing > Computer Name.

(Mobile) Displays the Device Name field. You can customize the hostname of iOS or Android devices running your enterprise's app, so device names appear in the dashboards with a consistent naming policy. For example, you can dynamically assign the device name according to the enterprise username of the app.

IP Address

(Windows, Mac) Displays the device's internal IP address (including IP v6 if the device runs Agent 10 or later) which it uses to connect to Aternity.

(Mobile devices) Displays the IP of the WiFi connection if the device is reporting data via WiFi.

User Full Name

(Windows only) Displays the full name of the person accessing the device as defined in the corporate LDAP (not the username).

Username

Displays the username signed in to the device's operating system.

Duration of PII Data Retention in Aternity

Aternity stores PII data for a maximum of three months only. Performance measurements (not PII) have a retention of between one month and one year.

You can view personally identifiable information (PII) in RAW, HOURLY and DAILY aggregations of Aternity's REST APIs, but there is no PII in the DAILY_ANONYMIZED APIs (learn more). There is no PII in any API which has data for longer than three months.

If you end your Aternity SaaS account with us, we keep your performance measurements and non-PII data for one year by default before removing it, to allow you to reinstate your account if needed. For details, contact Aternity SaaS Administration.

Secure Data Transmission and Storage in Aternity

The files (DLLs and EXEs) of the Agent for End User Devices are digitally signed to ensure no tampering. It also uses several anti-hack security measures, including ASLR (randomizing memory addresses), DEP (validating code is run from expected locations) and SEH (ensuring only valid exception handlers).

When sending data, the Agent reports securely to Aternity via HTTPS. The Agent uses TLS 1.1, or TLS 1.2 on devices with .NET 4.5 or later. You can also request to configure the Agent for two-way TLS authentication. For details, contact Customer Services.

Aternity SaaS uses encrypted database volumes stored in AWS, behind a wide range of security measures and access restrictions.

Location of Aternity Data

Aternity SaaS stores its data in several highly secured data centers. You can choose between storing your data in US-based locations, or in EU-based locations.

Access to Aternity Data

Aternity SaaS assigns privileges to users according to the principle of least privilege. We give users the minimum access required for them to perform their tasks according to that role.

SteelCentral Aternity™ offers secure connections to monitored devices and to users of the system

You can access the data in one of the following ways:

  • Aternity SaaS users can sign in with their Aternity username and password via HTTPS to view the dashboards.

    Once you signed in to Aternity, its automatic timeout signs you out if the session has been idle for more than 3.5 hours.

  • Alternatively, you can sign in with your network username and password if you integrated Aternity with SSO. It authenticates usernames via your own identity provider, using SAML 2.0 as the protocol. Learn more.

  • You can send REST API queries to directly extract and analyze Aternity's data without Aternity's dashboards. You can combine the data with other data sources if needed, or transform it as required, then view it in Microsoft Excel, Power BI, or your own data application. Learn more.

Furthermore, Aternity supports companies which restrict access of data to users who hold a specific residency. When defining users in Aternity, you can specify their residency to restrict access to accounts if the user is not resident in a given country.

Web Browsing Privacy

While Aternity monitors all web applications which run on monitored devices, it only lists the site names if they are business-related (on our white list). It also lists the managed web applications, and any internal (intranet) web sites whose web servers are inside the enterprise network (or VPN). Aternity does NOT expose all visited websites, as this contravenes our privacy commitments. Any web pages which are not on the white list appear under the generic title Web browsing to preserve employees' privacy. To view a web site's performance in the dashboards, add it as a managed application.

Learn more.

Encrypt All PII with Enforce Privacy

If you want to remove PII from Aternity, you can configure the Agent for End User Devices for Windows which monitors end user devices to encrypt user-specific PII when it reports to Aternity, by enabling its privacy mode (learn more).

With this setting, the Agent encrypts PII data from Windows devices consistently, hence you can still associate several performance problems with the same hostname or user, but you would not know the real-world name of the user who has those problems.

Example of encrypted fields when privacy is enabled on the device's Agent