Article

Your GIS Cloud Security Questions Answered By ROK’s Director Of Cloud Services

In ROK Technologies webinar session, The 3 Essentials for GIS Cloud Security, Ryan Daley, Cloud Services Architect, talks about the interconnected ICA model that you should follow to protect your GIS. He also reviews best practices for building and maintaining a secure environment and a clear security cost comparison for a cloud vs. on-premise security implementation. In response to the Q&A portion of the session, we are here to answer the questions presented for the overall GIS community. To watch Mr. Daley’s webinar, 3 Essentials for GIS Cloud Security, visit our on-demand webinar page. Watch our 2 part series, Security and your GIS Cloud, on our YouTube playlist.
Mr. Daley Answers Your Questions:
Q1: Can You Give Any Use Cases Of An ArcGIS Web Adapter Accessing Data Layers/Servers Directly?

A1: This practice would certainly go against what would be considered standard best practices, however there are a few niche cases where this may be appropriate. However, it would require specific precautions in regards to network architecture to maintain the integrity of the database. In some cases, this will happen in a DMZ that is completely separated from the standard production systems, and in other cases where the data on the data layer servers is not classified as important or sensitive. It’s important to note that the tiers are based on system sensitivity and classification – this is different for every organization, however the goal would be to have data sources as “far” away from the public net as possible. With all of that being said, security in its entirety is about risk management, so there are ways to reduce the risk of this by implementing things like Web Application Firewalls.

Q2. Provide Some Examples On How To Set Up Cloud Security

A2: This question is a little broad because it’s specific to each organization’s needs, however the outline provided in the presentation should give some direction as a foundation for creating a secure architecture for your cloud environment. There are many other precautions to take such as user access control, least privilege, etc. There are many layers of security you are able to apply to these environments, so many that it would be impossible to discuss it in the time frame of the presentation.

Q3. Conflict Resolution In The Data Segment Where Multiple Sources May Exist For A Data Element – How Do You Routinely Decide And Manage Which Is Correct? Our Engineers Sometimes Provide Data Which Conflicts (Slightly) With Public Sources Like Town GIS System.

A3: This is an interesting problem, essentially the approach to take in this situation is to choose which data is the authority and leverage that data source over the other – in this situation if I knew good data was getting replaced with bad data by users, the first approach I would take is user access control – do users need to change this data to do their job? If not, they don’t need access to change it. If they do need to change it, but mistakes get made, in that case I would create a workflow that compares the two data sources, and if the secondary source is different than the authoritative source, it overwrites the alternative source.

Q4: What Is The Best Way To Mitigate The The GIS Security Mistakes Presented?

A4: In regards to the first mistake, the mitigation was covered throughout the presentation, showing how and why we split these machines into separate network segments, over having them on one machine. The mitigation for this is to use 1 server for 1 software package – 1 for portal, 1 for datastore, 1 for ArcGIS, etc.

The second mistake is more transient, and there is no clear, black and white prescription on fixing it; this is primarily an issue of priorities for your organization and to get the viewers to start thinking about how to evaluate the judgement calls that are made on where to put resources.

Q5: Do You Have Any Additional Details You Can Share?

A5: IT security as a whole, and especially as it relates to GIS is a very broad topic with many aspects that is impossible to cover in just one session. However, we are happy to keep the lines of communication open and can answer any additional questions you may have. Contact me directly.

Share:

Related Posts

Webinar
Unlock the ROI of GIS Managed Cloud Services

Transitioning from on-premise GIS systems to the Cloud is a significant step towards enhancing operational efficiency, scalability, and innovation. However, securing the necessary funding can be a challenging hurdle for many GIS organizations. Partnering with a GIS Managed Cloud Services provider empowers IT leaders to leverage specialized expertise, enhance security, reduce administrative burdens, and drive […]

Article
Infrastructure Management Hub

Learn how Managed Cloud Services can support GIS teams within infrastructure management industries Managed Cloud Services (MCS) and Cloud technology can significantly enhance infrastructure management by providing scalable storage for large geospatial datasets, enabling real-time data access, facilitating collaboration across teams, and offering powerful analytical tools to optimize infrastructure planning, maintenance, and decision-making, all while […]

Article
The Disaster Management Hub

What you need to know about disaster management for GIS organizations How migrating to the Cloud and partnering with a Managed Services Provider (MCSP) prepares your GIS organization for disaster response and resilience Navigating the Disaster Management Cycle: The role of Managed Cloud Services Hear from ROK Technologies, leading GIS Managed Cloud Service Provider (MCSP) […]

Subscribe to Our Blog

Stay up to date with the latest marketing, sales, service tips, and news