your city relies on applications to perform various jobs. Your employees may
use basic applications such as a web browser or a word processor to perform
common tasks. Other people with more specific duties may use specialized
applications such as accounting software or a records management system.
what kind of application you use, the security of that application must be rock
solid to avoid a data breach. Never simply assume an out-of-the-box application
is secure or that a software vendor has made the right security choices for you.
While application security is a complex topic, we present five important areas
that your city must consider with its policies.
even includes what your software application vendors may access. Just because
they sold you accounting software doesn’t mean that the vendor’s employees can
look at all of your city’s payroll data. Work with your IT staff or vendor to
oversee user access and authorization—including for third party vendors and
necessary, you need applications to encrypt data. Even a basic web browser
should encrypt web pages containing sensitive information. When creating
documents and reports (such as PDFs), an application should allow you to encrypt
particularly sensitive information so that unauthorized users cannot read it.
And of course, any sophisticated application dealing with financial, public
safety, or other sensitive and confidential data needs encryption.
A chain is
only as strong as its weakest link—and that is true of applications. It doesn’t
matter if your financial application’s security is airtight. If it’s connected
to another application within your city or to a third party application, then
security holes within those other applications and increase the risk of a data
breach for your application. Make sure your IT staff or vendor assesses where
your applications are connecting and ensures that your information is treated
with the same care when it’s exchanged with another party.
a citizen getting access to an application through your website or an
entry-level employee accessing basic information to do their job, those people should
not be able to destroy or disrupt applications. For example, let’s say an
employee accesses a part of your document management system to “view” the
employee handbook to see information about paid time off or sick leave. Since
they only have “view” rights and privileges, they should not be able to delete or
make changes to the document such as increasing the city's paid time off or sick leave policies. Only
the person with “edit” (or greater) rights should be allowed to alter the
document. And only trained IT professionals and software vendors with
authorization should be able to access the “guts” of your applications to
configure and administer them.
Many of your
applications not only store sensitive data but also help run your city
operations. First, you need a plan to back up your data so that it’s not
forever lost. You can accomplish that through a data backup plan that includes
both onsite data backup (for quick time to recovery after an onsite incident)
and offsite data backup (for disaster recovery). Second, and just as important,
is your business continuity. Some applications—such as your public safety
software or city’s website—may serve such a critical role that you need them up
and running within minutes or hours after an outage. Your application security
policy needs to outline the minimum length of an outage for each application
and a plan for restoring functionality in case of a disaster.
applications often form the lifeblood of a city. Many operational activities
and citizen services are conducted through applications. Because they store and
share such sensitive data, you need to protect those applications. Strengthen
the five areas we discussed above and document your high standards in an
application security policy for your city.
about your application security? Reach
out to us today.
Our Focus | Products | Resources | Company | Contact | Sitemap | Login
© 2009-2017 Mimsware Corporation, all rights reserved. Sophicity®, "We put the IT in City”, and the Sophicity logo are registered trademarks of Mimsware Corporation d/b/a Sophicity.