Anonymous, bureaucrat, administrator
7,528
edits
Changes
From All n One's bxp software Wixi
no edit summary
| ASA || Adaptive Security Agent
|-
| BE bxp || Business ExpresseXpress Platform
|-
| DDos || Distributed Denial of Service
| Author || Philip Lacey
|-
| Modifications || Inclusion of the Security Matrix and Default BE bxp Security Matrix
|}
Larger organisations manage the security of their hosted solutions themselves and commonly nominate a Security Champion (SecC), versed in the security options of BE bxp and aware of security considerations.
A password is a secondary identifier that should be known only the user. In BE bxp a user’s password is initially selected by the person setting up the user and then changed at first user login.
Section 4.1.2 of this document explains the password options available in BEbxp.
An example of SSO is LDAP (Lightweight Directory Access Protocol). The user signs into their computer at the start of the day and that’s the only login for the entire day. Set up of this solution requires one of two configurations. One requires the LDAP server to push a token into BE bxp when the user logs in whilst the other gives BE bxp access to the LDAP server to query the user’s validity. Both solutions require your IT department to be involved in the setup.
There is a reduced security option within BE bxp which is commonly used with phone systems and involves using a set token, a username and restriction by IP address. This allows screen pops to log the user into BE bxp as and when a call arrives.
A private cloud provides the high availability of a cloud solution but is provided for one dedicated purpose. All n One have use a private cloud for the delivery of BE bxp to ensure security and compliance with Irish Law. US companies mean that the US government are entitled to view the data they store regardless of the client. UK companies providing cloud solutions are the same as they are subject to the anti-terror laws as a result of 7/7.
A major security concern of course is the availability of the solution and its important to ensure that the service delivers the lowest possible, if not zero, downtime. BE bxp has its own security management engine which means when the BE bxp service is available the security engine is available.
The login screen of any system requires the provision of authentication items; user name, password and any other security tokens. In BE bxp the user name can be applied via a drop down list or using a free text box. The drop down list makes it far easier for a user to find their account but advertises all accounts on the system. The free text box is more secure but requires the user to remember their user name.
An API allows external systems to interact with a solution (in this case Business Express) without the need for human intervention. These automated login engines pose their own security risk and for this reason BE bxp separates the User Interface, username and password and an API username and password so that external systems compromise is a minimum impact on the User Interface.
