Corporate data protection, third party data protection

Data protection

Think carefully to data protection, data storage and data transmission. This issue is a very important one. Yes, why make the transactions secure and in the mean time set up risky processing with the customer data. Below are some basic guidelines that everyone should follow:

1. Use an area external to the Web area for the databases back-end when a database system is used.

2. secure the data stored in a database, for instance using encryption for sensitive data. You may find specialized information in our column to data encryption technology, methods and solutions

3. Never store credit card numbers on a Web site.

4. Never display the customer data, such as name, address, phone number, email, etc. without

a fully secure web interface for web access;

a secure protocol or tunel should you need to access it;

a secure download processing if you need to provide download facilities.

5. Do not leave on a Web page a link to the admin interface. You may want to see our column on Web security.

6. If you use CGI, make sure that the script can only be called from the same Web site.

7. Set up an automated process to back up your web site data.

__________.____Top

Network security

This is another risk to investigate. You make the transactions secure, have a data protection solution, securely process the customer data but have security flaws in your network. Your local network security must be considered both from the server security angle and from the network security angle.

We dedicate a specialized columns to Testing, detection and tracing tools.

__________.____Top

Secure data processing

The front-end and back-end for data processing need to be secured when sensitive data are managed and sent through the network.

Secure back-end data processing is a must. Both business data within and intranet or an extranet and online third party data need to be secure. Database security must be carefully designed. The architecture for secure data processing need to be thought as a whole process involving data files or databases of any format, programs and processes

SSL : SSL [Secure Sockets Layers] is a protocol developed by Netscape for transmitting private documents via the Internet. SSL works by using a private key to encrypt data that's transferred over the SSL connection. SSL and SSH Solutions, certificates and electronic signature are considered distinctly in the section "Payment security" [the section is coming soon].

More precisely SSL makes it possible to exchange data ciphered with a public key, between two servers and or between a server and a client browser.

SSL protect confidential data, such as a credit card number, or other data , such as address, email, phone, etc. from being intercepted.

Companies such as Verisign, Twawte, Geotrust or other deliver SSL certificates.

Nevertheless, an SSL certificate isn't enough to have the data secured. The server implementation and the management of the data between front-end and back-end is also important. It's easy to create breaches!

• Next article: Secure electronic payment processing

__________.____Top

To search our web sites use the box below
To search an exact phrase, put it into double quotes.

Need to search the Web? Use the Google box below

Or see our search page.

__________.____Top

 

Internet security

Survival Kit PC

Networked PCs

Data security

Data privacy

Security portal

Home eBusiness

eBusiness design

Marketing

Optimization

Expert tools

eBusiness help

Working with us

Version française

Quick search

Sitemap

Link to us