Customer Relationship Management (CRM)
Data Farm
Inc.®
|
The Technical "Know-How"
|
Check List: Security-Never-Ending and Ever-Changing Battle
Security is never-ending and ever-changing battle which we cannot afford to lose. When it comes to security then the:
"What + How + Cost"
need to be addressed. The goal of security is to close every gate and every gap as much as possible without jeopardizing performance which are:
|
Speed
|
Availability
|
Admin Control
|
Flexible
|
Dynamic
|
Cost Effective
|
We view security as levels of armors or shields and our thinking and approaches of Security Levels are as follows:
Software:
|
our architect-design and development must address security
|
Data:
|
data travels from end to end and security must be addressed when it comes to changing hands and handlers.
|
Bit:
|
how can we use Zeros and Ones to secure our system
|
Hardware:
|
we will not cover hardware since we need help with it
|
Software and Data Levels:
Level
|
Methodologies
|
Comments
|
Technologies
|
Java Technology
|
Java uses:Sand Box approach, secure classloader, bytecode verifier, SecurityManager, keeping untrusted code to the bare minimum, HotJava browser,
and the list is not small.
|
Development
|
Java API
|
The Java security APIs span a wide range of areas, including cryptography, public key infrastructure, secure communication, authentication, and access control.
Java security technology provides the developer with a comprehensive security framework for writing applications, and
also provides the user or administrator with a set of tools to securely manage applications.
|
Architect-design
|
Security Components
|
It is impossible to close every gap, but our architect-design and data structure choices may help narrow the gap:
Authentication, Authorization, Assurance (security attributes), Loosely coupled, Tiers architecting, Components
structure, Using Property files and Property Manager classes, Intelligent DAO.
|
Interfaces
|
Secured Interfaces
|
We give careful attention to details when it comes to interfaces, using different encrypted keys for different directions.
See Security page under Thinking in Tiers.
|
Secure Sockets
|
SSL Certificates and Encryption
|
Using SSL as security protocol where SSL protocol determines variables of the encryption.
|
Administration
|
Java Admin, Homegrown GUI interfaces, vendors
|
The ability to add and change security policies, how policies are implemented in the enterprise, and the persons or entities related to the systems.
|
Data
|
Databases, Tables, Fields and Folders
|
We are implementing data security on Software level and Bit level.
See Security page under Data and Databases.
|
Internal and external
|
Architect-design and bit levels.
|
Building cost effective Internal and external security need serious architecting and design.
|
Dynamic Business Rules
|
Homegrown BI and Dynamic Business rules Framework
|
Business rules regarding handling of data/information assets.
|
Users
|
Most important component
|
Users must be trained and understand that to their advantage that they should help with security by reporting issues or give suggestions and tips.
|
DAO
|
Intelligent DAO
|
Architecting-design Intelligent DAO that would help with security.
|
Bit Level:
Level
|
Methodologies
|
Comments
|
Hashing
|
One of trades secret
|
We are hashing Big Data (zeros and ones) into a fraction of its original size is our new. The newly hashed data would be
processed with speed of the CPU and the analysis and reports would be generated in millisecond.
|
Compression
|
One of trades secret
|
Using Zeros and Ones to compress data by over 65% of its original size. We compress any form of data including high resolution images.
|
Encryption
|
One of trades secret
|
Using Zeros and Ones to encrypt the compressed data.
|
Bit Mapping
|
Java Bit Mapping
|
Using bits as hashed keys to values.
|
|
|