Skip to Content

Changes for page eMagiz Security Guide

Last modified by Erik Bakker on 2024/08/20 08:53
From version 28.1
edited by Erik Bakker
on 2023/01/02 10:10
Change comment: There is no comment for this version
To version 15.1
edited by Erik Bakker
on 2022/06/13 13:36
Change comment: Renamed from xwiki:Migrated Pages fundamentals.eMagiz Security Guide

Summary

Details

Page properties
Title
... ... @@ -1,1 +1,0 @@
1 -eMagiz Security Guide
Parent
... ... @@ -1,1 +1,0 @@
1 -WebHome
Content
... ... @@ -1,4 +1,9 @@
1 1  {{container}}{{container layoutStyle="columns"}}(((
2 +
3 +
4 +
5 += eMagiz Security Guide =
6 +
2 2  In this fundamental, we will zoom in on how the various parts of the eMagiz landscape can be viewed from a Security perspective. We will look at the Cloud, on-premises, data within eMagiz, external communication, and the portal during our journey. After this journey, you should have a solid understanding of what role security plays in each of the parts of the eMagiz architecture. Note that protecting your data is a joint responsibility between eMagiz and you. This fundamental aims to clarify the security measures eMagiz has taken in the eMagiz platform. This way, you can assess the eventual additional steps you need to take to ensure that the eMagiz service cooperates securely with the rest of your application and integration landscape.
3 3  
4 4  Should you have any questions, please get in touch with academy@emagiz.com.
... ... @@ -14,6 +14,8 @@
14 14  * Data in the Cloud is kept within your VPC
15 15  * Production data in the portal is behind an MFA check
16 16  
22 +
23 +
17 17  == 3. eMagiz Security Guide ==
18 18  
19 19  In this fundamental, we will zoom in on how the various parts of the eMagiz landscape can be viewed from a Security perspective. We will look at the Cloud, on-premises, data within eMagiz, external communication, and the portal during our journey. After this journey, you should have a solid understanding of what role security plays in each of the parts of the eMagiz architecture. Note that protecting your data is a joint responsibility between eMagiz and you. This fundamental aims to clarify the security measures eMagiz has taken in the eMagiz platform. This way, you can assess the eventual additional steps you need to take to ensure that the eMagiz service cooperates securely with the rest of your application and integration landscape.
... ... @@ -73,7 +73,7 @@
73 73  * Monitoring
74 74  * Notification options
75 75  
76 -Making sure you are on the latest cloud template version guards yourself against vulnerabilities in older versions of Java and OS, for example. In addition, it gives the user more options for monitoring the health of the cloud environment reducing the risk of a loss of availability of data (promptly) without compromising the integrity of the data. For more information on what cloud templates are and how to control and update them, please check out this [[microlearning>>doc:Main.eMagiz Academy.Microlearnings.Novice.eMagiz Cloud Management.novice-emagiz-cloud-management-cloud-templates-explained||target="blank"]].
83 +Making sure you are on the latest cloud template version guards yourself against vulnerabilities in older versions of Java and OS, for example. In addition, it gives the user more options for monitoring the health of the cloud environment reducing the risk of a loss of availability of data (promptly) without compromising the integrity of the data. For more information on what cloud templates are and how to control and update them, please check out this [microlearning](../microlearning/novice-emagiz-cloud-management-cloud-templates-explained.md).
77 77  
78 78  ==== 3.2.5 Carwash ====
79 79  
... ... @@ -117,7 +117,7 @@
117 117  
118 118  Support engineers can see more to analyze problems on a lower level.
119 119  
120 -All other users don't have access to the cloud setup as there is no need for access because they can perform the relevant actions on the Cloud via the eMagiz portal. For more information on how please see the [[eMagiz Cloud Management>>doc:Main.eMagiz Academy.Microlearnings.Novice.eMagiz Cloud Management.WebHome||target="blank"]] course.
127 +All other users don't have access to the cloud setup as there is no need for access because they can perform the relevant actions on the Cloud via the eMagiz portal. For more information on how please see the [eMagiz Cloud Management](../microlearning/novice-emagiz-cloud-management-index) course.
121 121  
122 122  ===== 3.3.2.1 Rights for installing =====
123 123  
... ... @@ -174,7 +174,7 @@
174 174  
175 175  ==== 3.5.2 API Gateway ====
176 176  
177 -A structure with roles and rights per role can be specified within the portal or via an external IDP to secure the front end of the API Gateway in eMagiz. For the backend of the API Gateway, the same logic applies as stated above for messaging, which means that eMagiz supports the industry standard. Therefore, you as a user should confer with the external party about the correct method.
184 +A structure with roles and rights per role can be specified within the portal or via an external IDP to secure the front end of the API Gateway in eMagiz.
178 178  
179 179  ===== 3.5.2.1 Portal =====
180 180  
... ... @@ -182,17 +182,20 @@
182 182  
183 183  [[image:Main.Images.Fundamental.WebHome@fundamental-emagiz-security-guide--api-gateway-portal-feedback.png]]
184 184  
185 -===== 3.5.2.2 (External) IDP =====
192 +===== 3.5.2.2 External IDP =====
186 186  
187 -Apart from configuring the roles, users, and rights within the portal itself, it is also possible to hook the API Gateway up to an (external) IDP.
194 +Apart from configuring the roles, users, and rights within the portal itself, it is also possible to hook the API Gateway up to an external IDP.
188 188  By communicating with this IDP via the OAuth2.0 protocol, a check is done every time a client calls a specific operation to see whether that client has sufficient rights to access the operation.
189 189  If the client has sufficient rights, the process continues. For example, if the client has insufficient rights, the client receives a 401 Unauthorized.
190 190  
198 +For the backend of the API Gateway, the same logic applies as stated above for messaging, which means that eMagiz supports the industry standard. Therefore, you as a user should confer with the external party about the correct method.
199 +
191 191  ===== 3.5.2.3 Error handling =====
192 192  
193 193  To prevent the error message if it occurs is sent straight back to the client, you can configure the front end of the API Gateway, so that correct HTTP Status codes are given back to the client, including a descriptive message.
194 194  
195 -For more information on how this precisely can be configured via the eMagiz platform, please check the following [[microlearning>>doc:Main.eMagiz Academy.Microlearnings.Crash Course.Crash Course API Gateway.crashcourse-api-gateway-configure-roles-and-users.WebHome||target="blank"]].
204 +For more information on how this precisely can be configured via the eMagiz platform, please check the following [microlearning](../microlearning/crashcourse-api-gateway-configure-roles-and-users.md)
205 +
196 196  ==== 3.5.3 Event Streaming ====
197 197  
198 198  Within the Event Streaming solution, eMagiz provides Event Streaming users, and topics can be created.
... ... @@ -204,7 +204,7 @@
204 204  
205 205  These are all security measures to prevent third parties from getting unauthorized access to the data stored on the topics.
206 206  
207 -For more information on how this precisely can be configured via the eMagiz platform, please check the following [[microlearning>>doc:Main.eMagiz Academy.Microlearnings.Crash Course.Crash Course Event Streaming.crashcourse-eventstreaming-user-management.WebHome||target="blank"]].
217 +For more information on how this precisely can be configured via the eMagiz platform, please check the following [microlearning](../microlearning/crashcourse-eventstreaming-user-management.md)
208 208  
209 209  === 3.6 eMagiz iPaaS Portal ===
210 210  
... ... @@ -296,7 +296,7 @@
296 296  
297 297  ==== 3.8.4 Data management ====
298 298  
299 -For more information on the conceptual ideas behind data management within the eMagiz platform, you can look at this [fundamental](fundamental-traceability-in-emagiz.md). For more concrete information on how to implement it within an eMagiz flow you could check out this [[microlearning>>doc:Main.eMagiz Academy.Microlearnings.Advanced Level.Data Management.advanced-data-management-data-sink.WebHome||target="blank"]] and this [[microlearning>>doc:Main.eMagiz Academy.Microlearnings.Advanced Level.Data Management.advanced-data-management-long-term-archiving.WebHome||target="blank"]]. All the information within the data sink and the long-term archiving solution is kept within the same VPC in the Cloud and can only be accessed by authorized parties.
309 +For more information on the conceptual ideas behind data management within the eMagiz platform, you can look at this [fundamental](fundamental-traceability-in-emagiz.md). For more concrete information on how to implement it within an eMagiz flow you could check out this [microlearning](../microlearning/advanced-data-management-data-sink.md) and this [microlearning](../microlearning/advanced-data-management-long-term-archiving.md). All the information within the data sink and the long-term archiving solution is kept within the same VPC in the Cloud and can only be accessed by authorized parties.
300 300  
301 301  === 3.9 Compliancy ===
302 302  
... ... @@ -310,6 +310,8 @@
310 310  
311 311  During these tests, the pentester will try to achieve goals (penetration of the target system on various levels) by undertaking various means. Such a test can help determine whether a system is vulnerable to attack if the defenses were sufficient and which defenses (if any) the test defeated. In addition, eventual findings from those tests are dealt with conforming to the corrective action processes in our ISMS.
312 312  
323 +
324 +
313 313  == 4. Key takeaways ==
314 314  
315 315  * Protecting your data is a joint responsibility between eMagiz and you
fundamental-emagiz-cloud-inner-workings--customer-level-overview-double-lane.png
Author
... ... @@ -1,0 +1,1 @@
1 +XWiki.ebakker
Size
... ... @@ -1,0 +1,1 @@
1 +65.2 KB
Content
fundamental-emagiz-security-guide--access-rights.png
Author
... ... @@ -1,0 +1,1 @@
1 +XWiki.ebakker
Size
... ... @@ -1,0 +1,1 @@
1 +9.1 KB
Content
fundamental-emagiz-security-guide--api-gateway-portal-feedback.png
Author
... ... @@ -1,0 +1,1 @@
1 +XWiki.ebakker
Size
... ... @@ -1,0 +1,1 @@
1 +14.7 KB
Content
fundamental-emagiz-security-guide--create-new-version.png
Author
... ... @@ -1,0 +1,1 @@
1 +XWiki.ebakker
Size
... ... @@ -1,0 +1,1 @@
1 +23.6 KB
Content
fundamental-emagiz-security-guide--data-orchestration.png
Author
... ... @@ -1,0 +1,1 @@
1 +XWiki.ebakker
Size
... ... @@ -1,0 +1,1 @@
1 +160.8 KB
Content
fundamental-emagiz-security-guide--definition-emagiz-model.png
Author
... ... @@ -1,0 +1,1 @@
1 +XWiki.ebakker
Size
... ... @@ -1,0 +1,1 @@
1 +63.3 KB
Content
fundamental-emagiz-security-guide--history-pages.png
Author
... ... @@ -1,0 +1,1 @@
1 +XWiki.ebakker
Size
... ... @@ -1,0 +1,1 @@
1 +22.5 KB
Content