Effectiveness of Security Measures - Security Best Practices - Foundation 23.1 - Foundation 23.1 - Ready - OnBase - Essential - Premier - Standard - external - Standard - Essential - Premier

Security Best Practices

Security Best Practices
Foundation 23.1

The importance of being able to validate the assumptions of your security plan in order to prove that your security plan and policies actually work cannot be overstated. It is more effective and less costly for your organization if you evaluate your security practices yourself rather than rethinking security planning after a malicious attacker has compromised the system. If you are testing your environment and find a misconfiguration or error, you can change it before an attacker exploits the same issue, negatively affecting the business, revenue, and reputation of your organization.

Security is quite often viewed as something that creates obstacles and annoyances for legitimate users. Redefining and controlling this perception is as important as implementing security in your environment. Security policies and measures should never prevent legitimate, authorized users from accomplishing their tasks or make accessing the system unnecessarily difficult.

Interacting with users is the best way to uncover and address their frustrations so that your system can evolve to help achieve robust security protections that are almost transparent to the user. Constantly gathering user feedback can give you insight about your environment that you might never see. It can provide real-world access and use cases that uncover pain-points for users as well as potential gaps in your security planning where you may have permissions that are too lax or too strict.

Furthermore, face-to-face interactions with your users to gain feedback is one of the simplest and most effective changes you can implement in your OnBase system. If your users know you are listening and want to help, and you can address security concerns in person, users are more likely to understand their role in the overall security of the system and are quite often more willing to help meet the security requirements.

There are also technical ways to test the effectiveness of the security of your environment.

  • Test backups to ensure that they fully restore the system and will be useful if needed for recovery.

  • If your Web and Application Servers are on different machines, test the traffic between them to ensure that it is encrypted.

  • Verify that the traffic between the clients and servers is encrypted.

  • Verify that encrypted documents cannot be viewed outside of OnBase by directly accessing the physical storage locations.

  • Log in using model versions of basic user accounts to verify that they meet the requirements of least-privilege access and are not granted rights or permissions they do not need.