Often data can be particularly sensitive, confidential or even business-critical, so making sure your data is secure is paramount when ever we develop a system.
There are two areas that need to be taken into consideration when it comes to security. The first is the physical location of your system. It is going to be much easier for someone to steal the data in your system if they can physically access the files, so making sure that your system is installed on a secure server is key.
- Make sure the appropriate security is set-up at the Operating System (OS) level of your server and that only authorised people know the password.
- Ensure that file sharing is disabled on the server, so that unauthorised users cannot access the files directly over the network. Your data should only be accessible through the appropriate client interface.
- Place your data server in a secure location, ideally a locked server room. If you don’t have a server room, then you could even consider a locked cabinet. This will stop anyone from being able to physically access the computer or even steal it.
Multiple Level Security
The system itself may often need multiple levels of security. As a basic example, we would recommend three or four levels. At the top of the tree will be the ‘Developer’ access, this is important to keep separate so that users can’t change the structure of your database and cause problems with the system that has been designed.
The next level will be the top level user, ‘Administrator’; this user will have access to all areas of the database, apart from the development structure. The third level is ‘User’, this level of access should allow the user to see the areas of the system they need to to do their job. They will generally have ‘Read / Write’ access to the data, with ‘Delete’ privileges in certain areas if required. The final level would be ‘Guest’, this is generally a ‘Read Only’ access level for users that just need to look-up information and not change it in any way.
Basic Access Levels
- Developer – Access to the entire development structure.
- Administrator – Access to all areas of the system, with Read / Write and Delete privilege.
- User – Access to main parts of the system with Read / Write access and Delete access in certain circumstances.
- Guest – Read only access to relevant information only.
With a well designed database system you will be able to add to and adapt your basic security levels to meet the exact needs of your solution. A well structured granular level of access can allow individual control through to specific records, fields or areas of your system. For example you may only want the sales people in your company to see their own orders on the system, but a manager could see all orders; managers will be able to run reports but salespeople wouldn’t.
If your data is highly sensitive, then a higher level of security can be required; this could involve encrypting your data traffic or tracking who is looking at certain information. For example all data between the server and client could be encrypted using SSL security; or a log can be generated stating who looked at which record and when.
Your Legal Obligations
All UK organisations are required to comply with the Data Protection Act, which protects personal information from misuse. For all the systems we develop we make sure that they comply with all relevant sections of the act.
If you would like further information regarding the security of your data then please speak to one of our System Analysts who will be happy to discuss your requirements further.