IT-Enterprise data is of the highest value for companies using the system. Therefore, the issue of safe handling of information - one of the most important tasks in the IT-Enterprise system.
File Resource Protection
The network file system of the IT-Enterprise system is located on the local computer network. When placed in a local computer network resource access rights need to be divided into user groups:
- Simple user - no need for access;
- Programmer (work in the mode of the local application server) - read-only access. If necessary, some folders have full access.
- Administrator - "full access" mode
Full access is required only for administrative tasks and only in the "local application server" mode. Application server for remote users should be configured to read-only mode to the server-side IT-Enterprise file.
If the company does not use the Active Directory service, then client desktops need to set the local security policy "Network Access: Sharing and Security For Local Accounts" to "Normal". By default, the stand-alone computers are configured under the "Guest" model, and on the computers included in the domain, "Normal". This security setting determines how authentication is performed when logging in to a network using local accounts. If this option is set to "Normal," then these credentials are used when authenticating to the network account with the local account credentials. If this option is "Guest", network logon operations with the local account credentials are automatically matched to the guest account. When using the guest model, there are no differences between users. All users are authenticated with the guest account and are given the same level of access to this Read Only or Changed property.
Security at DBMS level
To obtain certain data or make changes to the database, the user must have the appropriate authority. This authority is assigned to him by the administrator of the IT-Enterprise system. Only after registration in the system IT-Enterprise user gets access to the database server.
The Application Server service runs on the application server computer under a specific account. Each account has certain rights to read and write files in certain directories.
The administrator must configure the account privileges so that the account has read access permissions to the directory with the local IT-Enterprise file share, but does not have permissions to access other directories with any other data.
Secure client connection
When using Safe Mode, you should consider the features of the windows-authentication setting for users who work with IT-Enterprise remotely (not from the internal network of the enterprise). You can give these users the opportunity to log in to IT-Enterprise without the need to enter a login and password, performing a series of administrative actions.
IT-Enterprise users have the ability to enter and save their credentials at the workstation, and subsequently, log in without entering a login and password. This feature is extremely simple and understandable for users and does not require any additional configuration of the system. Saving credentials can be used regardless of the availability of a domain, secure connection, etc.
Security of IT-Enterprise cloud service
One of the options for using IT-Enterprise is to host a server component in "cloud resources."
The use of cloud services provides the following benefits:
- high availability of the system with a given SLA;
- significant reduction of investments, clarity, and predictability of payments;
- security enhancement - backup, provision of only authorized access, protection from "third-party eyes and ears" (including competitors and regulators): catastrophic data; lower maintenance and upgrade costs, and a higher level of support; as a consequence - the speed of the implementation of decisions and the impact on them.
While working with any cloud services the customer is concerned about the security of his data. In general, the security system of any cloud service is based on several components, namely:
- Software security system based on which cloud service is deployed - security system "IT-Enterprise in the cloud"
- Placement and maintenance organization of cloud service by the provider
- Organization of the security system of the data center, which hosts the cloud service
Consider each component in more detail.
The "IT-Enterprise in the cloud" service is based on the full-featured IT-Enterprise system. Therefore, the service has all the security features of the classic IT-Enterprise system.
Like the classic IT-Enterprise system, the cloud service is based on a three-tier architecture. In this case, the Customer has full access only to the level of the client application. The database server and application servers are deployed in a secure high-performance execution environment in a remote data center.