Overview
When a customer installs SimpleRisk on their own servers, security responsibilities are shared between SimpleRisk and the customer. SimpleRisk ensures the security of the application itself, while the customer is responsible for securing the hosting environment, including the operating system, network, and broader system configurations.
SimpleRisk Responsibilities (Security “OF” the Application)
Application Security
- Patching and updating SimpleRisk software for vulnerabilities
- Secure development practices (code reviews, security testing)
- Addressing security vulnerabilities in the SimpleRisk codebase
- Implementing authentication and session security controls
Data Security within the Application
- Ensuring encryption of sensitive data where applicable
- Providing secure authentication and session management features
Operational & Compliance Support
- Providing best practices for configuring user roles and access
- Offering recommendations for secure configurations
Customer Responsibilities (Security “OF” the Hosting Environment)
Operating System & Server Security
- Keeping OS and software dependencies patched
- Hardening the server (firewall settings, SSH access controls)
- Implementing security configurations (SELinux, AppArmor, etc.)
Network Security
- Configuring firewalls, intrusion detection, and VPNs
- Restricting unnecessary ports and services
User Access & Identity Management
- Managing server and database access controls
- Enforcing least privilege access for users
Backup & Disaster Recovery
- Implementing backup strategies and recovery plans
- Ensuring database backups are securely stored and encrypted
Compliance & Governance
- Meeting industry-specific security and compliance requirements
- Auditing security configurations for regulatory requirements