Designing and Creating a Secure Web Portal
•
1 like•1,879 views
The document discusses considerations for designing and creating a secure web portal. It identifies five key areas to consider: data security, compliance, integration, end user experience, and technical configuration. For each area, it lists specific questions to consider, such as whether the portal will be public or private, how user credentials will be verified, which regulations apply, how users will interact with and access the portal, and technical details around hosting and performance. The overall message is that security should not be an afterthought when designing a portal and integrating it into an existing IT environment.
Designing and Creating a Secure Web Portal
- 1. WWW.PORTALGUARD.COM DESIGNING AND CREATING A SECURE WEB PORTAL INTRODUCTION
- 2. Things to Consider… http://www.portalguard.com/resources/whitepapers-1.html 1. Data Security 2. Compliance 3. Integration 4. End User Experience 5. Technical
- 3. Things to Consider… http://www.portalguard.com/resources/whitepapers-1.html Data Security Considerations Is this a Public vs. Private Portal? How Will Credentials be Verified? What Do Your Users Have Access To? Will the Portal act as an IdP?
- 4. Things to Consider… http://www.portalguard.com/resources/whitepapers-1.html Compliance Considerations HIPAA, COPPA, FERPA or PCI? Organizational policy (e.g. password expiration)? What about auditing and reporting?
- 5. Things to Consider… http://www.portalguard.com/resources/whitepapers-1.html Portal Integration How best to instill user confidence & acceptance? How important is branding? Will you provide access to some or all data & apps?
- 6. Things to Consider… http://www.portalguard.com/resources/whitepapers-1.html End User Experience How and from where can they login? How much can I do on my own? Does one login open one door or many? Do I receive meaningful feedback & information?
- 7. Things to Consider… http://www.portalguard.com/resources/whitepapers-1.html Technical Configuration How and where is it hosted? Can it handle a spike in user traffic? How important is up-time?
- 8. Things to Consider… http://www.portalguard.com/resources/whitepapers-1.html 1. Data Security 2. Compliance 3. Integration 4. End User Experience 5. Technical
- 9. Things to Consider… http://www.portalguard.com/resources/whitepapers-1.html Data Security Considerations Is this a Public vs. Private Portal or Both? How Will Credentials be Verified? What Do You User Have Access To? Will the Portal act as an IdP?
- 10. Things to Consider… http://www.portalguard.com/resources/whitepapers-1.html What Type of Data is Available?
- 11. Things to Consider… http://www.portalguard.com/resources/whitepapers-1.html How Do You Know Who is Who? Are you using a user repository like Active Directory? Will the portal be the Identity Provider?
- 12. Things to Consider… http://www.portalguard.com/resources/whitepapers-1.html Do You Need Single Sign-On Flexibility Do you want to unlock the door once? Do you need to unlock individual doors?
- 13. Things to Consider… http://www.portalguard.com/resources/whitepapers-1.html 1. Data Security 2. Compliance 3. Integration 4. End User Experience 5. Technical
- 14. Things to Consider… http://www.portalguard.com/resources/whitepapers-1.html Compliance Considerations Which regulations drive your field? Navigating HIPAA, COPPA, FERPA, PCI. Design for Compliance Success. Don’t “Shoe-Horn” Compliance After the Fact.
- 15. Things to Consider… http://www.portalguard.com/resources/whitepapers-1.html On-Line Resources… FERPA http://familypolicy.ed.gov/faq-page COPPA http://www.coppa.org/comply.htm HIPAA http://www.hhs.gov/hipaa PCI https://www.pcisecuritystandards.org/ SOX https://en.wikipedia.org/wiki/Sarbanes-Oxley_Act
- 16. Things to Consider… http://www.portalguard.com/resources/whitepapers-1.html Compliance Specific Requirements Password length, complexity & expiration. User reporting – Who, When, Where, How & Failures Strong authentication – is 2-Factor required?
- 17. Things to Consider… http://www.portalguard.com/resources/whitepapers-1.html 1. Data Security 2. Compliance 3. Integration 4. End User Experience 5. Technical
- 18. Things to Consider… http://www.portalguard.com/resources/whitepapers-1.html Integration Considerations How do your users interact with your portal? One key that opens many doors or something different? Key design elements that engender confidence. SAML vs. non-SAML enabled applications. Giving your users the tools they need.
- 19. Things to Consider… http://www.portalguard.com/resources/whitepapers-1.html How Your Portal Presents Itself. Immediate Login Screen Branded & Identifiable “You Shall Not Pass!” Highly Secure
- 20. Things to Consider… http://www.portalguard.com/resources/whitepapers-1.html How Your Portal Presents Itself. Specific areas of interest Branded & Identifiable More open to looking around Still highly secure Login is fully integrated
- 21. Things to Consider… http://www.portalguard.com/resources/whitepapers-1.html Once Authenticated What Happens Next? Does one key open may doors? SAML vs. non-SAML enabled applications? How are you tracking user activity? Do you have any regulatory reporting requirements?
- 22. Things to Consider… http://www.portalguard.com/resources/whitepapers-1.html 1. Data Security 2. Compliance 3. Integration 4. End User Experience 5. Technical
- 23. Things to Consider… http://www.portalguard.com/resources/whitepapers-1.html End User Considerations Walking your end users journey. Ask Who, What, Where, When, How & Why? Focus on efficiency, engagement and understanding. Communicate expectations clearly. How autonomous can your users be?
- 24. Things to Consider… http://www.portalguard.com/resources/whitepapers-1.html What the user sees matters… Consistent look & feel Build their trust and comfort Guide them appropriately Get them where they want to go Provide help & feedback quickly
- 25. Things to Consider… http://www.portalguard.com/resources/whitepapers-1.html End User Engagement Specific feedback on expectations Actionable items that can be acted on Empower the user to aid their own progress
- 26. Things to Consider… http://www.portalguard.com/resources/whitepapers-1.html Strong Understanding of… Who are your users? What they can and can’t gain access to. Where they can gain access from. When something goes wrong can they fix it? How will you monitor their activities?
- 27. Things to Consider… http://www.portalguard.com/resources/whitepapers-1.html 1. Data Security 2. Compliance 3. Integration 4. End User Experience 5. Technical
- 28. Things to Consider… http://www.portalguard.com/resources/whitepapers-1.html What’s “Under-the-Hood”? On-premises vs. Cloud vs. Hybrid-cloud configuration Understanding user traffic & demand patterns Where are your users and how do they gain access How will you handle system outages & down-time Disaster recovery implications
- 29. Things to Consider… http://www.portalguard.com/resources/whitepapers-1.html Load Balancing Demand Spikes Inc. Response Time Max. User Satisfaction Failover Protected Guarantee Uptime Maint. & Upkeep Regular Backups Disaster Recovery Regulatory Comp. Asset Protection
- 30. Things to Consider… http://www.portalguard.com/resources/whitepapers-1.html Other Items to Consider… What regulatory compliance issues do you face? Total Cost of Ownership (Assets + Manpower) Hybrid Cloud Best Practices Capability & Capacity of Your Existing IT Dept.
- 31. Things to Consider… Security should never be an afterthought when integrating a portal into your environment. http://www.portalguard.com/resources/whitepapers-1.html
- 32. Things to Consider… THANKS FOR JOINING US… http://www.portalguard.com/resources/whitepapers-1.html