Blog

5 (simple) things to include when building a secure engineering SaaS platform

by 
Roxane Van Mellaert

Security is the most important element you should take into account when building an engineering SaaS platform or any other SaaS platform. In this blog post we will give you 5 simple things to include in your SaaS platform that will ensure a high level of security.

1. Provide a secure storage system for your users

Building an engineering SaaS platform most likely means that your users will work with data such as CAD-files, parameters settings, measurement data and so on. This data usually is confidential. It is therefore very important to include a highly secure storage system in your platform. Only then your users will be confident that their data is safe.

Most cloud providers offer different levels of security for their storage. In ColdStream we have implemented 2 different security levels: standard and military grade.

To be clear, both levels offer the most common security specifications on the market, starting at website level (https), database level (FIPS-level 3 and 4) and at the HPC level. And it is thanks to great industry partners like IBM that all of this is made possible so there is no sacrifice in safety choosing one over the other.

ColdStream’s standard security offering of FIPS Level 3 provides more than enough protection for most users and their projects. The best thing about FIPS Level 3 protection is that it ensures a robust data protection threshold, while also offering a productive balance on operational convenience.

But for those who crave a security level in line with military grade requirements, there is FIPS Level 4. This features the highest level of hardware and data protection. If data hardware is some how compromised or changes outside normal operational conditions are detected, the hardware encryption card will destroy the master key for information access within nano-seconds, making the data unusable.

Source: IBM

2. Make sure your users can protect their account with multi-factor authentication

Having a secure storage system is one thing, but you should not forget that there is a gate that can provide the user to access his own data. It is extremely important that the gate is strongly guarded, authentication is key.

Authentication is the process of determining whether someone or something is, in fact, who or what it says it is. Authentication technology provides access control for systems by checking to see if a user's credentials match the credentials in a database of authorized users or in a data authentication server. In doing this, authentication assures secure systems, secure processes and enterprise information security.

There are several authentication types. For purposes of user identity, users are typically identified with a user ID, and authentication occurs when the user provides credentials such as a password that matches their user ID. The practice of requiring a user ID and password is known as single-factor authentication (SFA). In recent years, companies have strengthened authentication by asking for additional authentication factors, such as a unique code that is provided to a user over a mobile device when a sign-on is attempted or a biometric signature, like a facial scan or thumbprint. This is known as two-factor authentication (2FA).

In ColdStream we provide the option for users to enable two-factor authentication. In addition, admin users have the ability to force the other users to enable two-factor authentication. We also strongly recommend all our users to enable this option.

3. Provide an activity log functionality

An activity log is a log that shows all actions carried out on the platform. You should be able to see who performed which action on what date and time. Especially when multiple users can access an organization account. By providing this log, your users will always be aware of what is happening. It is not only helpful to track down who has been working on what, but it will also give your users the confidence that no unwanted actions are performed. Your activity log should also contain a login history. This login history contains the date and time of the login, the IP-address and the location. If anyone is trying to access your or your colleagues account you will notice it in your log and can take immediate action by blocking that user.

In ColdStream we provide an activity log to track down all the actions that were taken. If a case was submitted or edited, who has submitted it, at what time and so on. Also a login history is included. For every user you can check the login history over the past month.

4. Make sure that the data is encrypted

Encryption is important because it enables to protect confidential data by converting it into ciphertext, a form that is unreadable without an encryption key. This process is called “encoding.” Encryption makes it nearly impossible for cyber criminals or other unauthorized parties to steal and misuse the data since only those with an encryption key can decipher the data and reveal the true information.

The importance of encryption cannot be understated in the slightest because even the biggest corporations with the largest cybersecurity budgets fall victim to data breaches. That being said, even if your data is in a secure infrastructure, there is still a chance that your data could be compromised. With data encryption, however, your files can be that much more impenetrable even if they were stolen.

Make sure that not only data at rest but also data in transfer is encrypted. In ColdStream the data is encrypted from the beginning to the end.

5. Include different user roles

User Roles give you the ability to control what users can do within the platform. A Role is a collection of Permissions. For example, if a project is being worked on with different colleagues, there are usually different roles. There is a project owner who has the most rights and can assign more or less rights to other project members. There can be project members who should be able to edit the data but there can also be project members who should just be able to take a look at the data but should not be able to edit anything.

In ColdStream we have user roles that can be assigned to users on organization level. There is also an option to enable project roles for each project separately.

Conclusion

Security is a priority at Diabatix. Therefore, we guarantee that data remains confidential and protected. Our ColdStream platform checks all the security layers discussed in this post, making it an extremely safe SaaS platform.

For more information, don’t hesitate to contact our team.

References

[1] https://www.techtarget.com/searchsecurity/definition/authentication

[2] https://www.titanfile.com/blog/what-is-data-encryption-and-why-is-it-important/

Continue reading