Skip to Content

Changes for page eMagiz Security Guide

Last modified by Erik Bakker on 2024/08/20 08:53
From version 26.1
edited by Erik Bakker
on 2022/07/26 14:13
Change comment: There is no comment for this version
To version 33.1
edited by Erik Bakker
on 2023/01/02 10:25
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -12,7 +12,7 @@
12 12  * Protecting your data is a joint responsibility between eMagiz and you
13 13  * The repository is read-only for clients
14 14  * Data in the Cloud is kept within your VPC
15 -* Production data in the portal is behind an MFA check
15 +* The portal is behind an MFA check
16 16  
17 17  == 3. eMagiz Security Guide ==
18 18  
... ... @@ -37,7 +37,7 @@
37 37  
38 38  [[image:Main.Images.Fundamental.WebHome@fundamental-emagiz-security-guide--definition-emagiz-model.png]]
39 39  
40 -=== 3.2 Security Guidelines * Cloud ===
40 +=== 3.2 Security Guidelines - Cloud ===
41 41  
42 42  In this section, we take a closer look at the cloud setup in general. Here we will focus on high-level security measurements because we already specified security measurements at the data level.
43 43  
... ... @@ -73,7 +73,7 @@
73 73  * Monitoring
74 74  * Notification options
75 75  
76 -Making sure you are on the latest cloud template version guards yourself against vulnerabilities in older versions of Java and OS, for example. In addition, it gives the user more options for monitoring the health of the cloud environment reducing the risk of a loss of availability of data (promptly) without compromising the integrity of the data. For more information on what cloud templates are and how to control and update them, please check out this [[microlearning>>doc:Main.eMagiz Academy.Microlearnings.Novice.eMagiz Cloud Management.novice-emagiz-cloud-management-cloud-templates-explained.WebHome||target="blank"]].
76 +Making sure you are on the latest cloud template version guards yourself against vulnerabilities in older versions of Java and OS, for example. In addition, it gives the user more options for monitoring the health of the cloud environment reducing the risk of a loss of availability of data (promptly) without compromising the integrity of the data. For more information on what cloud templates are and how to control and update them, please check out this [[microlearning>>doc:Main.eMagiz Academy.Microlearnings.Novice.eMagiz Cloud Management.novice-emagiz-cloud-management-cloud-templates-explained||target="blank"]].
77 77  
78 78  ==== 3.2.5 Carwash ====
79 79  
... ... @@ -188,13 +188,11 @@
188 188  By communicating with this IDP via the OAuth2.0 protocol, a check is done every time a client calls a specific operation to see whether that client has sufficient rights to access the operation.
189 189  If the client has sufficient rights, the process continues. For example, if the client has insufficient rights, the client receives a 401 Unauthorized.
190 190  
191 -
192 -
193 193  ===== 3.5.2.3 Error handling =====
194 194  
195 195  To prevent the error message if it occurs is sent straight back to the client, you can configure the front end of the API Gateway, so that correct HTTP Status codes are given back to the client, including a descriptive message.
196 196  
197 -For more information on how this precisely can be configured via the eMagiz platform, please check the following [[microlearning>>doc:Main.eMagiz Academy.Microlearnings.Crash Course.Crash Course API Gateway.crashcourse-api-gateway-configure-roles-and-users.WebHome||target="blank"]].
195 +For more information on how this precisely can be configured via the eMagiz platform, please check the following [[microlearning>>doc:Main.eMagiz Academy.Microlearnings.Crash Course.Crash Course API Gateway.crashcourse-api-gateway-configure-roles-and-users||target="blank"]].
198 198  ==== 3.5.3 Event Streaming ====
199 199  
200 200  Within the Event Streaming solution, eMagiz provides Event Streaming users, and topics can be created.
... ... @@ -206,7 +206,7 @@
206 206  
207 207  These are all security measures to prevent third parties from getting unauthorized access to the data stored on the topics.
208 208  
209 -For more information on how this precisely can be configured via the eMagiz platform, please check the following [[microlearning>>doc:Main.eMagiz Academy.Microlearnings.Crash Course.Crash Course Event Streaming.crashcourse-eventstreaming-user-management.WebHome||target="blank"]].
207 +For more information on how this precisely can be configured via the eMagiz platform, please check the following [[microlearning>>doc:Main.eMagiz Academy.Microlearnings.Crash Course.Crash Course Event Streaming.crashcourse-eventstreaming-user-management||target="blank"]].
210 210  
211 211  === 3.6 eMagiz iPaaS Portal ===
212 212  
... ... @@ -216,8 +216,8 @@
216 216  
217 217  ===== 3.6.1.1 User access to https://my.emagiz.com =====
218 218  
219 -Users can be added with their email address by the eMagiz Partner Manager, upon which the user gets an email to sign in. A temporary password is created and emailed, which has to be changed at the first login to the iPaaS portal. In addition, users are connected to organizations in eMagiz.
220 -In the administration section of the user, an MFA token can be used to enable the Multifactor Authentication on a user level. Typical authenticators on a smartphone can be used, such as Google Authenticator. An MFA response is required for model owners to manage the permissions on a project level and any Edit activity in Production environments. See the following sections for more details on these functions.
217 +Users can be added with their email address by the eMagiz Partner Manager or by their company contact, upon which the user gets an email to sign in. A temporary password is created and emailed, which has to be changed at the first login to the iPaaS portal. In addition, users are connected to organizations in eMagiz.
218 +In the administration section of the user, upon first login an MFA configuration needs to be executed by the user so they can access models to which they have been granted rights. Typical authenticators on a smartphone can be used, such as Google Authenticator. For more information, check out this [[microlearning>>doc:Main.eMagiz Academy.Microlearnings.Crash Course.Crash Course Platform.crashcourse-platform-security-add-mfa.WebHome||target="blank"]]. An MFA response is required for model owners to manage the permissions on a model level. See the following sections for more details on these functions.
221 221  
222 222  ===== 3.6.1.2 Users access to Integration Projects =====
223 223  
... ... @@ -225,7 +225,7 @@
225 225  
226 226  ===== 3.6.1.3 User authorizations to Integration projects. =====
227 227  
228 -Every integration project has a model owner who can distribute rights across functionalities and environments. The picture below shows the various options available across the Integration Life Cycle (ILM) Phases Capture through Manage. In addition, the model owner manages the user permissions and needs to have the MFA authentication level passed before making any changes.
226 +Every integration project has a model owner who can distribute rights across functionalities and environments. The picture below shows the various options available across the Integration Life Cycle (ILM) Phases Capture through Manage. In addition, the model owner manages the user permissions and needs to have the MFA authentication level passed before making any changes (which is asked of the model owner upon login).
229 229  
230 230  * When Edit permission is granted on an ILM phase, all the sub-options are configurable
231 231  * View rights mean that all options can be viewed only
... ... @@ -298,11 +298,12 @@
298 298  
299 299  ==== 3.8.4 Data management ====
300 300  
301 -For more information on the conceptual ideas behind data management within the eMagiz platform, you can look at this [fundamental](fundamental-traceability-in-emagiz.md). For more concrete information on how to implement it within an eMagiz flow you could check out this [[microlearning>>doc:Main.eMagiz Academy.Microlearnings.Advanced Level.Data Management.advanced-data-management-data-sink.WebHome||target="blank"]] and this [[microlearning>>doc:Main.eMagiz Academy.Microlearnings.Advanced Level.Data Management.advanced-data-management-long-term-archiving.WebHome||target="blank"]]. All the information within the data sink and the long-term archiving solution is kept within the same VPC in the Cloud and can only be accessed by authorized parties.
299 +For more information on the conceptual ideas behind data management within the eMagiz platform, you can look at this [fundamental](fundamental-traceability-in-emagiz.md). For more concrete information on how to implement it within an eMagiz flow you could check out this [[microlearning>>doc:Main.eMagiz Academy.Microlearnings.Advanced Level.Data Management.advanced-data-management-data-sink||target="blank"]] and this [[microlearning>>doc:Main.eMagiz Academy.Microlearnings.Advanced Level.Data Management.advanced-data-management-long-term-archiving||target="blank"]]. All the information within the data sink and the long-term archiving solution is kept within the same VPC in the Cloud and can only be accessed by authorized parties.
302 302  
303 303  === 3.9 Compliancy ===
304 304  
305 -* eMagiz has the ISO-27001 certification at this moment.
303 +* eMagiz is currentlty ISO-27001 certified.
304 +* eMagiz is currently SOC2 Type 2 certified.
306 306  
307 307  === 3.10 Other ===
308 308  
... ... @@ -317,5 +317,5 @@
317 317  * Protecting your data is a joint responsibility between eMagiz and you
318 318  * The repository is read-only for clients
319 319  * Data in the Cloud is kept within your VPC
320 -* Production data in the portal is behind an MFA check
319 +* The portal is behind an MFA check
321 321  )))((({{toc/}}))){{/container}}{{/container}}