TVMES experts continues to strive by working together with industry experts to identify simplified solutions to the problems faced by VMO leaders. It is our pleasure to present you a robust and logical solution which will help you choose the right VMO platform of your choice.
VMO Platform Decision Matrix - Security
TVMES has identified 5 primary criteria VMO leaders need to utilize when considering selection of a VMO platform. The following is the Fourth Criteria continuation of the five we will cover in this series. You will find links to the previous articles at the end.
2. Secure Integration:
Single sign-on (SSO) or OpenID integration is a property of access control of multiple related, yet independent, software systems. With this property, a user logs in with a single ID and password to gain access to any of several related systems. It is often accomplished by using the Lightweight Directory Access Protocol (LDAP) and stored LDAP databases on (directory) servers. This solution can be achieved through one of the below configurations.
- Windows Authentication
- Security Assertion Markup Language (SAML)
- Mobile Connect
Your chosen SaaS solution should have a feature to easily restrict user access my module or service through easy self admin console interfaces.
4. Database :
This becomes very critical when a SaaS solution is of multi-tenant nature. In this case multiple independent instances of one or multiple applications operate in a shared environment. The tenants are logically isolated, but physically integrated. This is the scenario of a SaaS provider offering services to multiple customer organizations. The tenants may also be multiple applications competing for shared underlying resources. In such cases Database level security acts as an additional layer to prevent any data breaches.
5. User Level Security:
As we discussed in the beginning of this article, The principle of least privilege (PoLP), should be enforces to limit access rights for users to the bare minimum permissions they need to perform their work. This should be role based encapsulated at module level with a feature to delegate and log all actions.
LINKS TO PREVIOUS ARTICLES IN THE SERIES: