MIS Systems Thread, Cloud MIS Security in Technical; All the possibilities I've seen mentioned apply to “Local Network” installed MIS Systems as well. If anyone within the school ...
3rd June 2013, 09:21 AM #61
- Rep Power
All the possibilities I've seen mentioned apply to “Local Network” installed MIS Systems as well. If anyone within the school wants to hack the systems, they can...
There are many ways to make sure that cloud systems are secure, and systems are protected from attacks. Any certified (ISO/etc…) Data Centres have such securities in place anyway.
Cloud computing security - Wikipedia, the free encyclopedia
Also further security should come via MIS systems with user accounts. Like “Windows Accounts” do:
- Implement a strong password policy
- Force users to change their passwords in a given frequency (weekly/monthly/etc…)
- Lock accounts temporarily after a number of unsuccessful login attempts
- 2-level authentication
IDG Tech News
29th November 2013, 09:46 AM #62
Cloud/SaaS Security is a big subject and this canít be answered fully in a single post, but with respect to:
How does this work, if the MIS is in the cloud, and all staff are using dual factor? How does the third party or automated system authenticate in a way that's dual factor?
Two factor authentication applies more for human authentication Ė it is there to reduce the risk of people disclosing their password either by writing it down, just telling someone, or the original communication of the password being intercepted.
Typically when two systems communicate (over the internet) they will not use two factor authentication for each individual communication. Two factor authentication will be used once to set up the relationship between the two services and this authentication persists indefinitely. For example:
System A contains some data, System B wants to access System A to get that data.
- The owners of System B will ask System A for a Key/Certificate/Password Ė these are typically very long in comparison to human passwords to prevent brute force attacks and because there is no human data entry constraint.
- The owners of System A will generate the key and use a some form of two factor authentication to pass that key to the owners of System B (typically encrypt the keyfile, and call the owners of System B with the encryption password)
- The owners of System A will then use the key to authenticate when using the web services that System B provide to access the data.
This model assumes that the owners of System A trust that the owners of System B are capable of storing the key securely. Generally this is a moot point Ė if they donít trust they can hold the key securely they probably donít trust them to hold the actual data securely and therefore wonít want to give them access in the first place.
On top of this key exchange, there may then also be additional credentials required to access specific areas of data within System A. So for example if System A is a cloud MIS which holds data for multiple schools, the cloud MIS provider (or the school) may provide credentials to System B in order for System B to access that particular schoolís data. This could be the school SIMS admin creating a username and password which is then provided to System B. The web services that System A provides to System B simply wonít require the second factor in the credentials to grant access (but they are requiring the key instead which has been securely delivered using two factor authentication).
2 Thanks to Schoolcomms:
GREED (29th November 2013), vikpaw (29th November 2013)
By MissyD in forum Cloud Services
Last Post: 4th February 2013, 05:04 PM
By Qualitypolice999 in forum MIS Systems
Last Post: 26th June 2012, 02:05 PM
By CPLTD in forum Our Advertisers
Last Post: 17th April 2012, 11:07 AM
By garrysaddington in forum MIS Systems
Last Post: 4th December 2009, 11:12 PM
By nawbus in forum General Chat
Last Post: 27th August 2005, 04:20 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)