Chapter 10: Security and Personalization | Practical Intranet Development

Overview

Author: Jeffrey Haas

Intranet security options
Security policies
User directories and personalization

This chapter explains why securing an intranet is important and outlines a variety of approaches that can be taken. Once the decision about security has been made, you'll likely find that the personalization issue has simultaneously been decided. This is because the user identification process inherent in a security authorization scheme will naturally extend to customizing that user's experience according to their security profile or other extended settings. Then, when basic customization is occurring, it's not a very significant theoretical step towards complete personalization (by either the system or the users themselves).

It's important to remember that security can be implemented without personalization, but the opposite is not true. If your intranet's personalization engine isn't absolutely certain who your users are, customization with integrity will be impossible. That's why it's important for us to discuss intranet security first.

Intranet security isn't just about keeping people out. You should certainly consider the implications of placing sensitive business data on your intranet and what might happen if it falls into the wrong hands, but there are other aspects to consider as well. A secure intranet can empower your organization by giving employees an opportunity to freely share and exchange information for projects and corporate initiatives. If you can guarantee that limited groups of users will have access to sensitive data (year-end financial results or salary increases that are being discussed, for example), then all the benefits of interactivity and collaboration that are inherent to web-based applications can take effect.

If intranet users know that their data will only be accessible to appropriate parties, the adoption rate of functional areas will skyrocket. Strong security policies can make insecure users feel secure in their use of your intranet. Payroll, benefits, and training areas of a business, for example, could be integrated into an intranet and embraced by users if this sense of security existed, resulting in substantial cost savings for your company.

"If intranet users know that their data will only be accessible to appropriate parties, the adoption rate of functional areas will skyrocket"

Note

This chapter talks in absolutes such as 'guaranteed restrictions' and binary access permissions that define individual users and groups of users who can either get in or not get in to a system, but be aware that absolute guarantees do not exist in the real world. You can be careful - and you must be careful in regard to anything that cannot be made public for any reason - but you must realize that even large corporations with multi-million-dollar IT budgets, governments, and military installations get hacked periodically. Read any IT news site for news of this and realize that internal dangers are as relevant as external ones (more on this later). You should take reasonable precautions to secure your network, your data, and your company from the many dangers of a networked world, but do not put your career on the line by promising your system will never be compromised. Also, do not ever be complacent with your existing standards, best practices, and rulebooks. Constant vigilance, unfortunately, is necessary if you want to minimize risks.