from

Elif Levin

Background

When looking for a suitable IPM system, I would naturally prefer a cloud application these days.

It would have to be fast, easy to use and easy to understand. Starting from tasks assigned to team members to documents to be uploaded and archived, I would focus on a provider that guarantees a cloud service.

However, I would be very careful that the cloud service has the following minimum technical requirements:

  1. Hardening of the system.
  2. Patch Management.
  3. 2-factor authentication.
  4. End-to-end encryption with at least AES256 (standard). It is important that the encryption ends at the physical system on which the data is processed and that no intermediate system (such as a proxy) decrypts the data. Only then can one speak of end-to-end encryption.
  5. Hard disk encryption at the storage location. Never forget that, in theory, it is easy to steal the hard drive, because not every provider has a high-security wing available. In short, the data on the hard disk must be encrypted.
  6. Monitoring and logging in accordance with legal requirements.
  7. High password complexity. What is high when we talk about password complexity? We think that in conjunction with 2-factor authentication, 8 characters is enough, but only then.
  8. Role-based access. This is a basic requirement in an enterprise environment, but not necessary for a single user.
  9. Least Privilege Principle. Usually an issue in larger enterprise environment. Example: the functionality to assign tasks to another user: Requirement is that real users can search for other real users. For this they need a special right, which would actually argue against the least-privilege principle. But still. The least privilege principle is a must.
Further contributions

Continux Knowledge & News

Non-binding and free of charge

Arrange a demo appointment now!

A graphic element