As security threats continue to accelerate and evolve, protecting your company’s data has never been so critical. You will also inherit from your investment in security with upcoming data regulations such as GDPR, since this important data-privacy protection regulation is set to go into effect in May 2018 and has a particular focus on how well you secure personal data.
Inspired by the most advanced security standards and best practices, Odaseva helps to protect your data by giving, only to employees who meet certain criteria, access beyond the basic usernames and passwords. This can be done by encrypting data in transit and at rest, encrypting the data not only at server level but also at granular level, managing authorized users, having a strong password policy, setting their specific application permissions, implementing Single-Sign-On, adding Multi-factor authentication (MFA), limiting where users can log in from, and other patterns this series will detail.
One of these critical security measures available for companies who use cloud services like Salesforce is the ability to restrict where users can login from. This can prevent unauthorized access to your data, but also help protect you from phishing attacks.
Introducing Odaseva IP restriction
At Odaseva, security and trust are the two pillars of our core values and drive the way we build our platform. IP restriction settings within your Odaseva platform will allow you to limit or give access to specific IPs who can access Odaseva’s platform. An organization can limit which IP addresses any user in your Odaseva organization can use to access the system.
Login IP Address Ranges
You can restrict the range of IP addresses from which your team can log in and access the Odaseva platform. If IP address restrictions are defined for an Odaseva user and a login originates from an unknown IP address, Odaseva won’t allow the login. These restrictions help protect your data and pair well with a remote access VPN policy within your organization.
For example, maybe some users shouldn’t be able to log in if they’re using an IP address that’s outside your corporate firewall. The IP range you choose is called your “trusted” IP range and allows you to add another layer of security within your organization.
Tips on Setting Login Restrictions from our own internal policy at Odaseva
As the adage goes, ‘Eat your own dog food’! Our beloved CRM is indeed Salesforce and we backup our Salesforce with what we believe is the best Data Protection platform… Odaseva 🙂
With a team spread out between the US and France, and all the data we process, we care a lot about who has access to what. That’s the reason why our admin at Odaseva has setup a remote access VPN policy to secure computer’s internet connection and guarantee that all backups from our CRM are encrypted three times (in transit and at rest: network, server, and granular data) and secured from prying eyes.
Then some whitelisted IP addresses have been established, based on the IP addresses from our VPNs, to allow our team to access our backup platform and prevent unauthorized access.
- Whenever you assign trusted IPs, test the assignments thoroughly to understand the impact on your users and organization:
- Make sure all your users are aware of your internal remote access VPN policy and know how to activate their VPN from their devices.
- Before implementing any IP restriction, ensure all your users are aware of the implementation date to avoid any interruption of their work
- Don’t forget to document all these security measures that you take. It might be required by your customers, partners, and local authorities to demonstrate how much your organization cares about security and/or how do you comply with certain regulations such as the GDPR
Security Series Part 1 Summary :
This article was an introduction to our security series. Inspired by the most advanced security standards and best practices, Odaseva allows admin to setup a whitelisted IP address range to prevent any unauthorized access.
Look for the next part of this series soon and learn more on how to secure your access with Single Sign-On.