In this day and age of digital proliferation, one of, if not, the most important pieces of information, is what the industry calls Personally Identifiable Information or simply PII. Guarding this PII has become very critical because this information can potentially unlock that person’s tangible as well as intangible wealth.
A username and password combination is usually sufficient to access an account be it financial, social or informational. However, what started with a simple password policy like having eight (8) letters has morphed into a combination of letters, numbers and special characters. This can be further secured by having the entity send a login link to the user’s registered email or a text to the user’s phone number. Other enhanced login mechanisms like multi-factor authentication (MFA) require a random-generated number on a hardware device given to the user or a software token installed on their phone to be entered as an additional credential to the username and password. To prevent a computer from simulating a user login, there is also the “captcha” mechanism wherein the user is asked to identify cells of a 9×9 square containing traffic lights or motorcycles etc.
In all of the above scenarios, the storing of this username-password combination is entrusted to the entity asking for the information prior to letting the user access whatever information is stored with the entity. The entity would then have to prove that it is trustworthy by complying with any number of Cybersecurity based standards such as ISO 27001, NIST, SOC 2 etc
When it comes to user authentication for an entire company or educational institution, this login access is already entrusted to an Identity Provider such as Microsoft Active Directory (now Microsoft Azure Entra ID) or Okta. Software as a Service (SaaS) companies providing EHS services such as SafetyStratus, leverage this authentication mechanism by using Single Sign-On (SSO) wherein the user’s login credentials are validated by the Identity Provider without making the user have a separate login and password combination to the software service provider.
The SSO integration not only manages user authentication but also enables management of users by changing the attributes such as name changes, emailID changes, department changes, user deletes if the user leaves the company. In addition, you can also map the level of access that the user has to the software provider’s predefined roles of access.
SafetyStratus has 4 primary levels of access. A general user, a Principal Investigator, An Area Manager and an Administrator in increasing hierarchy of visibility to the data. Additional Role Based Access Controls are empowered by the use of “tags” where-in elevated privileges may be given to a role beyond what it is generally capable of accessing.
For more information and understanding of how your personal data is protected by SafetyStratus, please visit SafetyStratus where you can speak to industry leading EHS professionals or schedule a demo of the product. Tune in to other EHS related Data Privacy articles coming soon…
AUTHOR BIO:-
KC (Kalyan Madhunapantula) has over 15 years of systems administration majority of which is on Unix/Linux. He holds an MS in Environmental Engineering. His thesis on watershed modeling using a program in Fortran inspired his foray into computers. Joining an IT team of a leading multi-media company, he progressed through DBA, system administration and management.
He was the lead administrator for overseeing IT SOX compliance for 20+ applications including HR and Financials. With the advent of Cloud Services, KC embraced AWS and today serves to ensure IT security and compliancy with frameworks such as SOC2, GDPR, HIPAA and PIPEDA at SafetyStratus.
