In our previous blog article on the Top 10 Library Management System Security Issues, we reviewed the complexity of cybersecurity and outlined the security issues and points that need to be considered in our industry. To understand why those security issues are important at a typical Soutron installation, one needs an understanding of the Soutron SaaS solution and the security programs and standards our solution supports.
Our password policy includes processes for granting and removing access rights of employees, contractors and third-party users upon hiring, job role change, and termination. Our application provides support for secure authentication using technologies such as:
- Azure AD
- SAML 2.0
- Google Auth
Datacenter Physical Security
Soutron data centers are in North America, the United Kingdom, and Europe and are owned and operated by third parties. The physical security of the data centers restricts access to the data center itself and to your information assets by data centre support personnel. Back-up processes and power generators ensure that the systems have power security to help provide for business continuity and disaster recovery.
Application, System, Database, and Infrastructure Security Programs
Our secure software development standards support how source code is managed. Controls are in place to separate the development, testing, and production environments. Access to source code is restricted, except during peer code review sessions.
To minimise risk, new applications are installed and tested in a test/development environment before being deployed to production servers. Internal IT staff agree and sign-off on implementation to production, including patch management and execution of Zero Day patching processes.
The same processes are in place for infrastructure and network changes. To further minimise risk, we work with all third-party vendors to stringently ensure previous compliance and performance capabilities remain the same or are better than before. All production system changes are logged for each application, system, database, infrastructure, and other services.
Our information security capabilities for threat and vulnerability management follow the National Institute of Standards and Technology (NIST) and UK Cyber Essentials Plus cybersecurity framework guidelines. These guidelines provide for the controls Soutron has in place for the detection, prevention, and recovery to protect and recover against malicious code in addition to our security logging and review process.
Network Security Programs
The network topology is straightforward. The network security solutions Soutron has in place enable us to provide a secure platform using technologies such as HTTPS within our application, Single Sign-On (SSO), IP Whitelisting, multi-factor authentication for remote access, a robust network firewall, and other internal application configurations. Augmented by a robust device management security, these policies protect your confidential information.
The Soutron application runs on a web server and the data is stored in a separate database server housed within a secure datacentre facility. These servers are protected by a robust firewall. Access to the servers is controlled by an AD server hosted on the same virtual network within the datacentre.
Cybersecurity awareness and knowing how your applications and data are securely protected is more important than ever, and your organisation can rest assured that Soutron follows current cybersecurity frameworks and standards to ensure your collections are stored securely, access and use are securely controlled, and personally identifiable information contained in your system is securely stored and compliant with GDPR regulations.
Learn more about: