We spend a lot of time and money each year assessing and implementing various security measures. This article identifies some of what we have done based on the OASIS product or service being used. It also identifies what you can do to ensure our common efforts keep your data safe.
Legacy OASIS
Legacy OASIS (sometimes called desktop OASIS) is the familiar OASIS user interface running directly on a workstation at the office. Desktop OASIS must have a database engine to connect to. Security surrounding the database engine is most important. The complicating factor is that the network connection to the database engine may be securely set up in the following ways:
- Local (on-premises) database
- VPN connection to the office network
- Remote desktop solutions from Microsoft and others
- Ingen Software’s Cloud Host services
Some customers will also open the Sybase database to the internet for remote users to connect. This is strongly DISCOURAGED as this opens the company to significant risk. The database drivers for Sybase are commonly available, and the Sybase database engine was not developed to be run securely across the internet.
Local (on-premises) database
With a local on-premises database, you run OASIS from a local workstation and connect to another computer in the building. Here is what you need to know:
- The primary network connection is from OASIS to the on-premises database.
- OASIS will connect across the internet to push and pull data from other servers (e.g., sending orders).
- OASIS does not listen for incoming network connections.
- The connection information for the database is stored with light encryption in a file named preferences on the local hard disc.
- OASIS is as secure as your network!
Recommendations:
- Use a virus scanner of some kind and keep it up to date.
- Do not allow any connections from the internet directly into the network or to the OASIS database.
- Keep OASIS up to date as we do periodic security updates.
VPN connection to the office network
If you have a “Local (on-premises) database” for OASIS, one option is to obtain a firewall capable of supporting a remote VPN connection. Working with a good IT office can be a secure solution to accessing OASIS from a remote location.
The VPN allows a remote computer (e.g., your home computer) to connect to the firewall using a secure connection. Once connected, the firewall can be configured to allow some resources, like the OASIS database, to be accessed by remote computers.
Recommendations:
- Do not attempt this without a professional IT solution provider.
- Follow recommendations from the “Local (on-premises) database” section.
- Keep the firewall software up to date.
Remote desktop solutions from Microsoft and others
There are several different solutions in this space with different connectivity options. The key element of the solution is that OASIS is run on a server where multiple users can log in to the server remotely. The connection to the server must be secured using a VPN or other security solution. An IT resource is required to set up and maintain an environment like this.
Recommendations:
- Do not attempt this without a professional IT solution provider.
- Properly size the server. Many users have tried this approach and found the solution slow. Adding RAM often resolves these issues.
- Follow recommendations from the “Local (on-premises) database” section.
- Properly license other office tools to run on the server.
Ingen Software’s Cloud Host services
We resell hosting services from our vendors to implement the Cloud Host solutions. The requirements we have is that the connection be secured, and customer data is isolated. Additionally, we review the vendors to ensure they provide a level of security to protect your data.
Recommendations:
- Do not share the connection information with people outside the company.
- If an employee is working from home to access the hosted database and quits, ask us to reset the password for your instance. (Another layer of security over just deactivating their account in OASIS.)
O4
O4 is the web version of OASIS, only requiring a modern web browser to run. No other software is required. We use several security solutions to protect the servers and your data. This also includes contracting with external companies and software to audit and catch potential issues.
For security and natural disaster recovery, all your data stored in any OASIS cloud solution (e.g., O4 and Hosted) is replicated to a second data center. This allows us to recover your data in the event one of our data centers is compromised.
Recommendations:
- The key element is to ensure your browser is up to date and that you use the https: protocol when accessing O4. We currently allow for unsecure http: but that will likely change in the future. https uses 128-bit encryption across the internet with the ability to verify you are “talking” to our servers – and not some computer between you and our servers (e.g., the “man in the middle” scenario). Just make sure you see the little padlock in the browser address bar () showing a secure connection is active.
- Utilize O4’s Two Factor Authentication feature.
- Only use OASIS APIs if you understand JSON and the related technologies.
- If integrating with OASIS, use a token to allow access to the OASIS APIs. Do not use the email and password combination.
- Set an expiration on API tokens and know how to reset the OASIS token in external systems.
Comments
0 comments
Please sign in to leave a comment.