Many government enterprises rely on specialized software programs for accounting tasks, running compliance systems, tracking public records, and managing supply chains.
These programs, sometimes dubbed line-of-business (LOB) applications, typically run on a server and operate in conjunction with a database. This integrated setup offers great advantages. Multiple employees can work with an LOB program and access the database information, all at the same time. For example, a contract specialist can use the program to record vendor bids while a financial manager creates a customized budget report. But there are also security risks. Confidential information, tax payer and private business records, and other vital data located on a network server are at risk to unwanted viewers. And you might not want all employees to have access to all kinds of data. The challenge is to create a security plan that protects LOB program data integrity and privacy and also supports efficient data access and collaboration. Here are three measures to include in your plan. 1. Cover the basics
Protecting your database from unwanted snoopers and other risks starts with establishing basic computer security measures in your workplace. As other Security Guidance Center for government articles point out, you should: - Set up a firewall. A firewall helps block intruders on the Internet from gaining access to your computers and business data. A hardware firewall is best because it provides protection for all the PCs on your network. Having a software firewall for additional protection is also a good idea. Microsoft Windows Small Business Server 2003 (run by many small businesses in combination with business applications) ships with firewall technology. The premium edition of the server software includes Microsoft Internet Security and Acceleration (ISA) Server, an advanced software firewall solution.
- Install anti-virus software on all computers. Running anti-virus programs on your server is as important as running it on a client PC. Look for a program that not only detects and disables viruses, but that you can regularly update to screen for new viruses.
- Use strong passwords. Passwords should be required to log on to any computer and server in your workplace. Strong passwords have a mix of uppercase and lowercase letters, numbers, and symbols. Make sure users are required to change their passwords regularly.
- Back up files. Disasters happen. And if you haven't saved your important files and information on a separate storage system, all your critical application data could be lost. Windows Small Business Server 2003 includes a backup feature that is easy to use.
- Update your software. Software updates typically include the latest security-enhancement features. Updates for Microsoft products are available on Windows Update and the Microsoft Download Center.
2. Regulate access to information
Not everyone should have access to everything in your workplace. If your organization runs a Windows Server operating system, you can permit and restrict employee access to documents, spreadsheets, and other business files. You can also designate if a user is permitted to just read a file or change it. Here are tips for regulating access:
- Create groups of users and assign permissions and privileges to them rather than individual users. This saves you time administering access rights.
- Create your user groups based on roles such as procurement specialists. Then assign a set of permissions that are relevant to performing the tasks defined for that role.
- Set access rights for each role to the minimum levels required for users to do their jobs. For instance, if the procurement group only needs to read a vendor profile, do not also give then access rights to share or delete the file.
Some LOB applications take much of the work out of setting access rights. One example is Microsoft Dynamics CRM, a sophisticated program that tracks sales and support relationships. It is typically run in combination with Microsoft Windows Small Business Server 2003. Microsoft CRM comes with eight pre-defined roles that range from senior official to manager to customer service representative to marketing professional. The program also predefines common business elements that you can assign rights to such as leads, opportunities, contacts, accounts, products, quotes, orders, invoices, and contracts. 3. Pay attention to the database
Because business-specific programs typically use a database to store application data, remember to pay special attention to database security. Here are several things you can do:
- Install the most recent database service packs. Windows Small Business Server 2003 comes with Microsoft SQL Server 2000 Desktop Edition (MSDE 2000). The premium edition of the server software ships with the more advanced Microsoft SQL Server 2000. When using these database programs in conjunction with your business programs, make sure to install the latest service packs and updates for improved security. The Microsoft Download Center has the latest server applications updates.
- Assess your server security with MBSA. Microsoft Baseline Security Analyzer (MBSA) is a tool that scans for common insecure configurations in several Microsoft products, including SQL Server and MSDE 2000.
- Use Windows Authentication Mode. Whenever possible, require Windows Authentication Mode for connections to SQL Server. This can shield your SQL Server installation from most Internet-based security risks by restricting connections to Microsoft Windows user and domain user accounts.
- Isolate your server and back it up regularly. Physical and logical isolation make up the foundation of SQL Server security. Machines hosting a database should be in a physically protected location. Back up all data regularly and store copies in a security-enhanced, off-site location.
| |
