supports N-tier architecture which allows firewalls to be set up for packet inspection and application filtering to protect the servers in each layer against malware and intrusions. uses HTTPS for transmittal security and supports Two-Factor Authentication (2FA) , separate role-based authorization for function and data, different methods for data encryption and provides the audit trail mechanism to log actions, detect unwanted behaviors and send out alerts.
uses HTTPS for secure communication over computer networks. HTTPS is a mature technology that is widely used on Mobile Internet. In HTTPS, the communication protocol is encrypted by Transport Layer Security (TLS), or formerly, its predecessor, Secure Sockets Layer (SSL).
Device Address Access Control:
This is for the organizations who want to control who can access to the system by IP address, Network Segment or device access controlled by firewall.
Two-Factor Authentication (2FA):
supports different types of security tokens and passwords for 2FA. 2FA provides an additional layer of security and makes it harder for attackers to gain access to a person's devices and online accounts, because knowing the victim's password alone is not enough to pass the authentication check. 2FA has long been used to control access to sensitive systems and data, and online services are increasingly introducing 2FA to prevent their users' data from being accessed by hackers who have stolen a password database or used phishing campaigns to obtain users' passwords.
Single Sign On (SSO) Integration:
supports the integration with SSO such as Windows Active Domain, LDAP, CAS, Open AM and Oracle OAM.
Third-party Authentication Integration:
has the pre-built integration with i-Sprint Authentication Service.
Password Strength & Protection Policies:
allows the security officer to determine and set the following password strength and protection policies:
One of the key concepts in placing controls over functions and data of systems is segregation of duties. Segregation of duties serves the following 2 key purposes:
supports segregation of duties and provides Role Based Access Control (RBAC) to control accesses by entitlement and/or authorization. In , when the user is being assigned to or unassigned from a role, she will be automatically entitled to or debar from the access rights associated with that role. The user can also gain or lose additional access rights that are authorized to or removed from her by higher authority.
Due to the fact two managers of two different departments might need to have the same access rights to system functionality but different access rights to data (e.g., Manager A of department A needs to access department A’s data and manager B of department B needs to access department B’s data), supports separation of access rights to system functionality and data (e.g., Manager A and manager B have the same rights to functionality but different data access rights to data).
RBAC: Functional Access Entitlement
allows different roles (e.g., Sales Rep, Project Mgr., HR Mgr. and Financial Controller) to be defined and each user is assigned to one or multiple roles. The user’s functional access rights are determined by the roles assigned to her.
RBAC: Data Access Entitlement
allows different roles (e.g., Executive, Division Manager, Department Manager) to be defined and each user is usually assigned to one role. The user’s data access rights are determined by the roles assigned to her.
RBAC: Data Access Authorization
supports authorizing users extra data access rights by the users (e.g., administrator) who have the authorization authority. The authorization can be done in the organization data level, data type level and field level.
provides Audit Trail which is a chronological record of everything that happens in your system. In addition to tracking all actions, interactions and transactions within your system, audit trails can be used for several other purposes such as:
The log history of user action, interaction and transaction also includes the network address (IP) of the users.
supports the following methods for data encryptions:
The names and contents of the uploaded files will be encrypted (AES-256 bits) before storing in the file system.
supports the following levels of recovery to maximize the availability (uptime) of the system and minimize data loss even if a system crash or site disaster occurs:
Data Backup & Restore:
Periodical backup of data to secondary storage automatically to minimize data loss if a system crash occurs.
supports different modes of hot failover such as Active-Standby mode and Active-Active modes to minimize system downtime or unavailability.
supports replication of data to an off-site location to overcome the need to restore the data (only the systems then need to be restored or synchronized).