Security

As an integrated suite, the enterprise social collaboration may have some unique security considerations that need to be addressed. Some of the more prevalent of these are as follows.

Authentication to the service is needed to ensure that only authorized users have access to data, tools, and applications, while simultaneously blocking unauthorized access. Synchronizing enterprise user directories is beneficial in extending the on-premises environment to the cloud. The enterprise social services facilitate this by providing the following:

  • On-/off-boarding of users
  • User bulk provisioning and updates
  • Provisioning of user through an administrative tool

Federated Identity Management uses Single Sign-On (SSO) to protect the transfer of user credentials across networks. Using SSO, authorized users can use different applications without additional authentication.

Security Assertion Markup Language (SAML) is used to facilitate SSO with other parties or enterprise directories. SAML is a widely used standard that leverages signed assertion documents instead of passwords as identity credentials. Customers maintain passwords internally for web application resources which help organizations do the following:

  • Manage password requirements.
  • Manage two-factor authentication requirements.
  • Set password change intervals.
  • Use open authorization (OAUTH), which supports web applications, desktop applications, and third-party extensions. This is an open source methodology for API authorization.

Data security ensures only authorized users have secure access to customer data. This requires protection of the relevant data against service vulnerabilities and physical breach of data centers. Security requires the layered use of a combination of technology coupled with standard CSP processes and procedures. These can include the following:

  • Platform and process
  • Security checklist against every release
  • Security compliance with ongoing automated health checks
  • Data center
  • Redundancy: Redundant systems to prevent a single point of failure in providing services, including application, power, network, and so on.
  • Monitoring of the physical environment, which includes the logging of staff activities
  • Access controls and fire-prevention systems
  • Network and infrastructure defenses
  • Layered firewall infrastructure
  • Deployed network intrusion detection
  • Process for people
  • Separation of duty definitions
  • Segregation of activities, including personnel with change access to the code base and those with operational configuration control
  • Code reviews prior to deployment
  • Regular ethical hacking penetration testing
  • Audit logs and analysis of security-related events
  • Data privacy and data ownership policies
  • Encryption and email security
  • Data in transit
  • Data at rest
  • Real-time antivirus at application and server levels
  • Anti-spam protection on email messages

Transformation and connectivity ensures secure connections to backend enterprise systems. This also enables data filtering, aggregation, modification, or reformatting. Key capabilities in this domain include the following:

  • Enterprise secure connectivity
  • Transformations
  • Enterprise data connectivity
  • Extract, transform, and load
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.221.154.18