Compliance with highly stringent specifications in areas such as finance and the public sector has driven the development of new security options for EidosMedia’s digital content management platform.
“This latest set of security enhancements reflects best practices in highly demanding application areas like financial publishing and public-sector information management,” said Ismail Gazarin, EidosMedia CIO. “They combine high levels of system protection with ease of access for authorized users.”
The new features build upon a structure that has always had a strong security orientation: “Few systems are as mission-critical as the editorial platform used to produce a daily newspaper,” said Ismail. “For this reason Méthode has always incorporated robust safeguards and controls to guarantee data protection and continuity of service.”
The new feature set - Advanced Security Layer (ASL) - includes functions such as multi-factor authentication and internal password encryption. At the same time it extends the existing ‘single sign-on’ facility to support SAML 2.0, a common standard for exchanging authentication and authorization data.
“Having a single authentication to give access to all of a user’s permitted services and applications is an important usability feature but needs careful implementation," said Ismail. “We can now fully integrate commercial implementations of SAML, such as Okta, which is popular with several of our customers.”
Multi-factor authentication (MFA) improves on simple password protection by requiring the user to provide two or more separate pieces of evidence. In addition to a standard password or passcode, ASL requires the user to enter a one-time password generated by a small portable device or a smartphone app such as Google Authenticator using a shared secret key. “Systems using static passwords are vulnerable to attacks using password cracking or keylogging,” said Ismail. “MFA overcomes this by making access conditional on something that only authorized users can possess.”
Another potential source of vulnerability are the internal passwords that platform components use to gain access to each other. “These are typically high-level passwords, giving access to critical processes and resources,” said Ismail. “ASL stores these passwords in encrypted form, ensuring that no passwords ‘in clear’ are present in the system. The algorithm used to encrypt them, which may use a 128-bit or 256-bit key, is powerful enough to make decryption unfeasible without the key.”
ASL extends Méthode’s standard security features which range from a highly capillary system of permissions and workflow controls to the SMART business-intelligence functions that track every transaction in the system, allowing precise responsibilities to be assigned to every user intervention.
“The new features in ASL will help our customers in the banking sector to comply with the stringent security requirements being introduced by new financial regulations, as well as our other security-conscious customers,” said Ismail. “But this focus on security is now a standard part of all our development and deployment activities. We have a cross-project team monitoring all of our R&D processes to ensure that they incorporate the security standards and best practices required by users in our most demanding areas of application.”