Tuesday, July 11, 2006

Extranet - Security

When building an extranet system, there are several areas one needs to be cognizant of to be sure a client's data is properly protected. Some of the areas to think about are the following:
  • Be sure your data is encrypted as it flows over the internet.
  • Be sure clients have system accounts which assign them roles which provide them with system a) data access and b) feature access.
  • Be sure your system is in a secure data center.
  • Be sure you have an appropriate privacy and data confidentiality policy governing the protection of the data and when and under which circumstances data can and can not be provided to others (e.g. how one must respond to a subpoena, etc..).
  • Even through it is beyond your control from a technical perspective, be sure to encourage clients not to reveal their password to others (surprisingly, one of the most common security issues).

Of course there are other issues, but these are some of the key items to consider.