Software security is of paramount importance nowadays. Data was previously held within internal networks, but these datasets must often be on-line available nowadays. To ensure that sensitive information is only available to (for example) employees, security and authentication plays a major role. iDelft has experience in installing and customizing different types of security layers within (online) software. We are also very committed to apply the latest security patches and we are reluctant to use modules that are not supported by the software security community at large. This is called security by design.
Communication must be secure as well. Secure Sockets Layer (SSL) is a commonly used technique that provides communication security over the internet by encrypting the traffic between the server and the client. With SSL it is very hard for any malicious individual to intercept the data during transport. iDelft installs SSL certificates by default.
Logging in on a website is a common practice nowadays, but many precautions are required behind the scenes, It is absolutely necessary that no unauthorized users can access the protected data. Well-designed security layers are of great importance. User Authentication/Authorization is one of the key elements in almost every project of iDelft; ranging from simple and small user lists to complex organizational structures in combination with different roles and permissions.
Additionally iDelft has experience with setting up and using a Single Sign-On (SSO) environment. SSO is a technique that is often used within (large) organizations. The users are managed at a central location (IdP: Identity Provider) and the software can tap into this IdP (SP: Service Provider). iDelft did some projects with SSO and made some applications working in combination with an existing Single Sign-On environment.
Needless to say that we can also host and support the software that we implement for you. The servers, applications and firewalls are well configured so that unauthorized persons cannot enter the server or the Drupal configuration (for example via XSS scripting). We implement advanced software packages on the servers that automatically and continuously scan web requests and intervene when abuse is being detected: E.g. a large number of requests (DDOS) or a targeted attack to enter the system via a login screen. Forms are also protected with reCaptcha and other modules to stop spamming activties. In summary: Security can only be effective provided that protection measures are applied at all levels and components.
Contact us if a quick security scan of the web environment is required. We like to stop by and help your organisation.