Designing and Creating a Secure Web Portal

WWW.PORTALGUARD.COM

DESIGNING AND CREATING A SECURE WEB PORTAL

INTRODUCTION

Things to Consider…

http://www.portalguard.com/resources/whitepapers-1.html

1. Data Security2. Compliance3. Integration4. End User Experience5. Technical



Data Security ConsiderationsIs this a Public vs. Private Portal?How Will Credentials be Verified? What Do Your Users Have Access To?Will the Portal act as an IdP?



Compliance ConsiderationsHIPAA, COPPA, FERPA or PCI?Organizational policy (e.g. password expiration)? What about auditing and reporting?



Portal IntegrationHow best to instill user confidence & acceptance?How important is branding? Will you provide access to some or all data & apps?



End User ExperienceHow and from where can they login?How much can I do on my own? Does one login open one door or many?Do I receive meaningful feedback & information?



Technical ConfigurationHow and where is it hosted?Can it handle a spike in user traffic? How important is up-time?






Data Security ConsiderationsIs this a Public vs. Private Portal or Both?How Will Credentials be Verified?What Do You User Have Access To?Will the Portal act as an IdP?



What Type of Data is Available?



How Do You Know Who is Who?Are you using a user repository like Active Directory?Will the portal be the Identity Provider?



Do You Need Single Sign-On FlexibilityDo you want to unlock the door once?Do you need to unlock individual doors?






Compliance ConsiderationsWhich regulations drive your field?Navigating HIPAA, COPPA, FERPA, PCI.Design for Compliance Success.Don’t “Shoe-Horn” Compliance After the Fact.



On-Line Resources…

FERPA http://familypolicy.ed.gov/faq-pageCOPPA http://www.coppa.org/comply.htmHIPAA http://www.hhs.gov/hipaaPCI https://www.pcisecuritystandards.org/SOX https://en.wikipedia.org/wiki/Sarbanes-Oxley_Act



Compliance Specific RequirementsPassword length, complexity & expiration.User reporting – Who, When, Where, How & FailuresStrong authentication – is 2-Factor required?






Integration ConsiderationsHow do your users interact with your portal?One key that opens many doors or something different?Key design elements that engender confidence.SAML vs. non-SAML enabled applications.Giving your users the tools they need.



How Your Portal Presents Itself.

Immediate Login ScreenBranded & Identifiable“You Shall Not Pass!”Highly Secure



How Your Portal Presents Itself.

Specific areas of interestBranded & IdentifiableMore open to looking aroundStill highly secureLogin is fully integrated



Once Authenticated What Happens Next?Does one key open may doors?SAML vs. non-SAML enabled applications?How are you tracking user activity?Do you have any regulatory reporting requirements?






End User ConsiderationsWalking your end users journey.Ask Who, What, Where, When, How & Why?Focus on efficiency, engagement and understanding.Communicate expectations clearly.How autonomous can your users be?



What the user sees matters…

Consistent look & feelBuild their trust and comfortGuide them appropriatelyGet them where they want to goProvide help & feedback quickly



End User Engagement

Specific feedback on expectationsActionable items that can be acted onEmpower the user to aid their own progress



Strong Understanding of…Who are your users?What they can and can’t gain access to.Where they can gain access from.When something goes wrong can they fix it?How will you monitor their activities?






What’s “Under-the-Hood”?On-premises vs. Cloud vs. Hybrid-cloud configurationUnderstanding user traffic & demand patternsWhere are your users and how do they gain accessHow will you handle system outages & down-timeDisaster recovery implications



Load BalancingDemand Spikes

Inc. Response TimeMax. User Satisfaction

Failover ProtectedGuarantee UptimeMaint. & Upkeep

Regular BackupsDisaster RecoveryRegulatory Comp.Asset Protection



Other Items to Consider…What regulatory compliance issues do you face?Total Cost of Ownership (Assets + Manpower)Hybrid Cloud Best PracticesCapability & Capacity of Your Existing IT Dept.


Security should never be an afterthought when integrating a

portal into your environment.



THANKS FOR JOINING US…


Designing and Creating a Secure Web Portal

Software