Secure Environment Recommendations - Security Best Practices - Foundation 23.1 - Foundation 23.1 - Ready - OnBase - Essential - Premier - Standard - external - Standard - Essential - Premier

Security Best Practices

Security Best Practices
Foundation 23.1

The following recommendations are intended to help secure the installation environment and apply to all product installations. These recommendations should be followed as a minimum requirement for all Hyland products. The policies of your organization may have additional or more robust requirements that should also be followed.

Hyland products may have additional recommendations described in the specific documentation for that product. In some cases, the recommendations may change or may only apply when using certain Hyland products together in a solution.

  • Use TLS for all HTTP traffic, including private network segments. TLS ciphers have to be maintained to stay current over time.
  • Use Secure FTP instead of standard FTP for all FTP traffic.
  • End-to-end encryption is recommended for all data in transport, independent of a network segment. Note that some regulatory compliance requirements may require end-to-end encryption.
  • Change all default passwords before activation of the production system. This applies to Hyland products as well as third-party products used by Hyland products (such as a database server).
  • Authorization rules should be configured and tested before activation of the production system. This applies to Hyland products as well as to file system folders and database user accounts.
  • Use database encryption for all sensitive data persisted in the database.
  • Use file system encryption for all sensitive data and content persisted on the file system.
  • Enable encryption when available as part of a subsystem configuration. For example, since ODBC provides the capability to use strong encryption for data, it is recommended to have that option enabled.

Side-Channel Risks

Consider the following to mitigate side-channel risks:

  • Ensure the latest application and operating system patches are applied.
  • Ensure the latest firmware patches are applied for any hardware on-premises.