External
The data is stored in data warehouse, residing on dedicated server protected by firewall that allows traffic only to authorized applications, in this case DataPark. It talks to DataPark on a specific port. In our configurations, this communication is going over secure connection through SSH tunnel. This means your data is secure and cannot be intercepted.
You can see our database server as a fortress that has a single gate and only one single passenger is allowed to pass. That passenger is a messenger that transports the data between the database and DataPark upon user’s request, like running the report.
DataPark is web-based application that resides on its own server. It employs different security mechanisms. Each user trying to access the application needs to be authenticated (confirming he is eligible to have access at all) and authorized (reading system configuration and granting access to areas relevant to user’s role). If any of those security checks fails, user is not allowed to access the system. User logon information is encrypted using SSL protocol. Application underlying code includes best practices to prevent attacks like code and SQL injection, XSS (cross-site scripting) and remote code inclusion.
Internal
Together with authentication and authorization done during user logon, a check is performed on every single action if the user is allowed to perform it. All data is filtered corresponding to the configuration of user’s role before being returned to the request.
