Tighter compliance regulations coupled with tougher penalties for data breaches has raised the profile of who can access company data. Klipfolio Dashboard has been designed and built with security as a priority. To ensure the integrity of Klipfolio Dashboards and the data in the Klips that make up those dashboards, Klipfolio Dashboard architecture integrates with existing security infrastructures to ensure only authenticated users can view or update data.
Klipfolio ties into your existing gateways, firewalls, Microsoft Active Directory, LDAP services, security policies, and group policies to ensure that data is protected from source to destination, and can only be accessed by properly authenticated users.
For communication, Klipfolio supports SSL, TLS, and Kerberos. HTTP and HTTPs authentication are provided using basic, digest, challenge-response, and SSPI technologies. User credentials are input as needed using session-oriented login components in Klips.
Klipfolio Dashboard minimizes the possibility of displayed data being vulnerable to man-in-the-middle-attacks. It is a digitally signed application using Microsoft Authenticode technology to help detect tampering. To provide access to advanced functionality and prevent tampering, Klips can also be digitally signed and encrypted using RSA PKCS-1 and RC-5.
To ensure security in your application environment, Klipfolio has at its core a sandboxing solution that is independent from those in web browsers, such as Microsoft Internet Explorer or Firefox, and from Java environments, such as Sun’s Java Plug-in.
The sandbox system provides independent runtime environments for the JavaScript code executing in each Klip in a Klipfolio Dashboard. It employs a four-tiered approach that:
Potential Security Issue |
Klipfolio Solution |
| Application tampering. Modification or reverse engineering can allow the distribution of a malicious version of an application, and potential account compromise or malware infection. | Runtime hardening. Klipfolio accommodates strong cryptographic techniques, such as Microsoft’s AuthentiCode, so that you can include digital signatures. Klipfolio’s self-validation code technology significantly increases the odds that improper code modification can be detected and prevented, even if the modified application is re-signed. |
| Data interception (man-in-the-middle-attacks). Without transport layer encryption (SSL), data could be intercepted by a third party, leading to possible account compromise and disclosure of sensitive information. | Secure data transmission.Klipfolio’s four-tiered validation of the chain of trust involved in signature systems, such as SSL, coupled with resistance to reverse engineering, improves the security of data transmissions and reduces the possibility data being compromised. |
| Unauthorized Access. If access control mechanisms are inadequate, authorized users may have access to data for which they do not have the correct privileges. Unauthorized individuals may be able to use already active instances of an application to view data. | Role Based Access Controls (RBAC). With Klipfolio, deployment managers can distribute Klips that are easily authenticated against Active Directory or LDAP to ensure the correct level of privilege access. Session timeouts can automatically logout users after a specified amount of time idle. |
Klipfolio Dashboard has been designed with advanced security features to protect the data contained in your dashboards and limits access to information based upon role and user authentication.
It is good practice to educate users on the responsible use of technology and the importance of security as it applies to their role. They should be accountable for access to their systems and application sessions.
For more information about security, or any other aspect of Klipfolio products or services, please contact us or call worldwide at +1 613 233 6149.
