Discover high-impact, low-effort opportunities
Discover high-impact, low-effort opportunities to solve the security and compliance challenges
As businesses grow and change, so do their security needs. Dataloy VMS is nearing its goal to transform completely to the web. IT needs to make a move while keeping users and data secure.
Does the challenge sound familiar?
At Dataloy, we go through rigorous compliance checks continuously to make sure that:
- Instances and runtime software is regularly updated to address any newly discovered vulnerabilities.
- All communication within the VMS is encrypted.
- Connections with remote management tools like REST APIs, Business Intelligence, Dataloy Distance Table, are all encrypted.
Dataloy VMS platform is constantly working towards a more streamlined & secure usage owing to the provision of more meaningful data at the user’s disposal. We have overtime released security-related updates that provide enhancements to existing security measures, better encryption of data, and improvements to login security.
Authentication & Authorization
Authentication and authorisation are both standard terms in the world of Identity and Access Management (IAM).
While they might sound similar, both are distinct security processes.
Authentication – Don’t Talk to Strangers
81% of hacking-related breaches involve stolen or weak credentials. Single sign-on (SSO) and multi-factor authentication (MFA) work together to protect your data from unauthorised access—across all users, devices, and apps. Dataloy uses Auth0 as an external identity provider to authenticate users.
Authentication is the act of validating that users are who they claim to be. Passwords are the most common authentication factor—if a user enters the correct password, the system assumes the identity is valid and grants access. Recognising the vulnerabilities of just using username and password credentials, Dataloy VMS uses Multi-factor Authentication (MFA) a security system that verifies a users identity with multiple credentials. It delivers more secure authentication with a range of easy verification options – SMS or via the app by using the industry-standard time-based OTP (one-time-password) codes.
Authorisation – If It’s Not Yours, Don’t Touch It
Authorisation in system security is the process of giving the user permission to access a specific resource or function. Within Dataloy VMS organisations can provision/de-provision users and admin accounts based on roles, and securely provide direct access to critical assets.
While it is crucial to secure your data and business via encryption, you also have to keep employee authentication and authorisation fast and easy to maintain productivity. Single sign-on and MFA are keys to doing so. Single sign-on reduces the number of passwords users need, and therefore for the number of opportunities for hackers. Multi-factor authentication ensures you aren’t solely reliant on a password as protection because it adds other authentication factors. And authorisation gives access to relevant information to relevant people.
These features offer a highly impactful and fast way to easily secure all your users on all their devices at all times.
Single Sign-On & Active Directory – Just Remember One Set of Credentials
Single Sign-On (SSO)* provides the ability for users to sign in once with their credentials, including a single password, and have access to all of their apps. SSO increases security by getting rid of passwords while also increasing usability and employee satisfaction.
With our Enterprise API offering, it is possible to integrate single sign-on with your existing Active Directory (AD) servers for streamlined user management.*
Permissions – User Roles and Access
Create role-based access to protect the data on your company’s account. Limit what users can and cannot see, access and do with user permission and roles.
With our VMS and Enterprise API offering, permissions can be easily upgraded as well – if the user tries to do something in an app and they haven’t authorized the corresponding permission, the business can give the user the option to add that permission.
Data is carefully filtered based on security roles ensuring that end-users and API users only see what they are authorized to see.
Increased Security via Data Encryption Protocols
HTTPS (Hypertext Transfer Protocol Secure) is an internet communication protocol that protects the integrity and confidentiality of data between the user’s computer and the site. It provides three layers of protection – encryption, data integrity and authentication. HTTPS is the safer version of the HTTP protocol.
With Master Release 5.25, we are enforcing HTTPS to strengthen our app’s ability to enforce encryption of data in transit by forcing the use of the secure HTTPS protocol which would enable a fast, secure & enhanced experience, both when using VMS in your web browser and when using Java.
Please make sure to enable it, if you host Dataloy VMS on-premise.
How to enforce HTTPS
Hosted on Dataloy Cloud
- HTTPS will be automatically enabled for customers hosted on Dataloy Cloud on Amazon, upon upgrade.
- Co-ordinate with Integration Partners to update as per the latest protocol.
- Secure a valid TLS/SSL certificate so that client browsers can make secure HTTPS connections to your custom domain
- Provide the certificate to Dataloy for configuration (additional cost might incur) in the application server and install it in Wildfly.
- Please use the new HTTPS URL for all your integrations.
Dataloy Security Health Check
Are you unsure about using these security features? We can check for you.
Dataloy analyzes the current state of your system’s integration and provides recommendations for developers and managers through to corporate leaders. It includes an audit of best practices of the implementation of security by looking at both internal and partner data sharing policies, threats and an overall security breach of API.
If you want to confirm and check that these features are correctly configured and in use. Then you can request for our security health check consultancy.
- Multifactor Authentication
- Active Directory
- Roles and Access
- Encryption via HTTPS
- Single Sign-on