With data security a key priority for schools and organisations alike, our Development team is constantly striving to improve the security of iSAMS. Work has been taking place on many areas of the system, on a weekly basis, to review and ensure a secure system. As part of this on-going work, we recently added a new ‘Whitelist’ and ‘Blacklist’ for files, which ensures greater control around which file types are permitted to be uploaded to your iSAMS system. This was first communicated on 15th June 2017 - please find out more about this change here.
The iSAMS File Directory
More recently, we have focused our attention on the iSAMS Files Directory, where all generated and uploaded files are stored. The web server currently serves files from this directory unhindered, which does not support the OWASPs* recommended security best practices.
Due to this, we have spent most of 2017 implementing a new strategy for managing files in iSAMS. This is a two-step process; the first step is now live, in which all of our applications have been converted to use a single service to manage file access. The second step is to enable our secure files solution, however before we can take this step, we require all other third-party applications to be ready.
* The Open Web Application Security Project (OWASP) is a worldwide not-for-profit charitable organisation focused on improving the security of software. Find out more about OWASP here.
Who does this Affect?
As well as third party Partners, we are also aware that many of our schools have bespoke applications that access files directly on disk, and as such, we want to give you sufficient notice of our plans to enable our enhanced file security solution.
When is this Changing?
We will be enabling our secure files solution in full, in approximately six months’ time.
This means that files previously located under the Files Directory on the web server will now need to be accessed through our API.
Need to Talk to Someone?
If these changes will affect you and you need to find out more, please contact our Partner Manager, Felice Plava [email protected] who will be happy to discuss your options and how you can adhere to the new access method.
Further updates will be shared in due course.