Hello,
What are the cybersecurity check and test that must be performed prior to a go live of an IFS Cloud instance ?
Thank you for your help
Hi Jnagati,
There is no easy response to this question as there are too many variables. This advice should be coming from your internal IT Security Ops team and consider the following areas
- How accessible is the environment (frontend / backend)?
- What security standards are you trying to meet?
- How are you managing access to the environment?
- Administrator Access vs Standard Users
From your message I get the impression that your looking for a vulnerability checking tool. You can use products like Tenable, Rapid7 or Qualys for this type of check (separate product).
However a this will only check for vulnerabilities in the platform and your security strategy should more broad than this. For example:
- User Account Protection
- Are users protected by just a username and password. If the environment is publicly accessible you should consider having 2 factor authentication.
- Users vs Admins
- Admins shouldn't be using the generic system accounts for daily use even in testing environments (IFSAPP etc).
- If a person is an IFS administrator and performs a function. Consider using two accounts for that person, one for the role and one for the IFS administration tasks. second user should have higher protections applied to logins (must be MFA and from United Kingdom for example).
If there is more interest in this I am happy to share more on how we approached securing our environments. However the reality is every company’s needs are different and will need different approaches.
Reply
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.