The varios various applications that the P2 (Platform 2.0) technology stack utilizes need to be installed on either on-premise machines or cloud based machines. They all run on a Linux variant as the underlying OS. Normally one or more web-based applications are then installed in these servers to provide the required funtionalityfunctionality. These servers and the applications contained on them need to be protected, hence a Security Policy has been created to guide the considerations that both, PSI as well as those organizations that choose to have this system installed on their premises or cloud based tenant accounts. This policy also applies to those organizations that PSI supports with their technology, either for on-premise installations or cloud based setups.
Security Policy
The policy Security Policy covers the following areas:
Authentication: how users and clients are verified and granted access to the web application server.
Authorization: how permissions and roles are assigned and enforced for different users and clients.
Encryption: how data is encrypted in transit and at rest to prevent interception or tampering.
Backup: how data is backed up and restored in case of loss or corruption.
Disaster recovery: how the web application server is prepared and recovered from natural or man-made disasters.
Logging: how activities and events are recorded and monitored on the web application server.
Auditing: how security incidents and violations are detected and reported on the web application server.
Read the
IAM (Identity Access Management)
Identity Access Management (IAM) is a framework of policies and technologies to ensure that the right users have the appropriate access to technology resources. The P2 Architectures Architecture uses KeycloackKeycloak, an open source IAM solution.