«  
 

Improving the Security of Your Data

Adam Monsen & Denis Foo Kune

Volunteer Security Expert, Denis Foo Kune, with Mifos Software Engineer Adam Monsen

How Secure is Your Data?
Mifos houses a vast amount of priceless personal and financial client information; as a web-based system we realize that this could become vulnerable to external threats.  As the industry grows this client data will become more and more at risk to the ever-present external threats out there.  To advance the security of our platform and help our microfinance customers maintain the integrity of their client data, a team of volunteers from around the world have recently worked together to build a complete set of security best practices and recommendations to ensure data.
Denis Foo Kune, a PhD student from the University of Minnesota and an expert on internet and wireless security, in collaboration with Graeme Ruthven from New Zealand, and Krishnan Mani from India developed a threat model outlining recommended operational procedures and technology measures to protect against a range of potential threats.  Attacks against the client, loan officer, and entire system can lead to identity theft, the leak of sensitive competitive information, and potential damage to clients.  Following this thorough guide, MFIs are now equipped with the means to protect their data against threats to the user, the database and Mifos application, the web server, and the network.  To learn more about Mifos security, please visit: http://www.mifos.org/developers/wiki/ThreatModel
Security in Mifos:
Within the application Mifos follows the AAA protocol of authentication, authorization, and accounting. User authentication is emphasized through a login-based credential that can be encrypted via SSL. Authorization can be delegated according to the unique needs of the MFI through a granular role-based permissioning system.   To account for and track changes to data in the system, Mifos generates in-depth audit trails.  This threat model helps to extend robust security measures beyond the application to protect against web-based threats.
Get Involved:
Through our open technology platform being adopted by MFIs throughout the world, contributions from volunteers like Denis can have a substantial impact in the fight against poverty.  To contribute in our mission to transform technology from a barrier into an accelerator for microfinance please view our volunteer projects   to learn how you can get involved.

How Secure is Your Data?

Mifos houses a vast amount of priceless personal and financial client information; as a web-based system we realize that this could become vulnerable to external threats.  As the industry grows this client data will become more and more at risk to the ever-present external threats out there.  To advance the security of our platform and help our microfinance customers maintain the integrity of their client data, a team of volunteers from around the world have recently worked together to build a complete set of security best practices and recommendations to ensure data integrity.

Denis Foo Kune, a PhD student from the University of Minnesota and an expert on internet and wireless security, in collaboration with Graeme Ruthven from New Zealand, and Krishnan Mani from India developed a threat model outlining recommended operational procedures and technology measures to protect against a range of potential threats.  Attacks against the client, loan officer, and entire system can lead to identity theft, the leak of sensitive competitive information, and potential damage to clients.  Following this thorough guide, MFIs are now equipped with the means to protect their data against threats to the user, the database and Mifos application, the web server, and the network.  To learn more about Mifos security, please visit: http://www.mifos.org/developers/wiki/ThreatModel

Security in Mifos:

Within the application Mifos follows the AAA protocol of authentication, authorization, and accounting. User authentication is emphasized through a login-based credential that can be encrypted via SSL. Authorization can be delegated according to the unique needs of the MFI through a granular role-based permissioning system.   To account for and track changes to data in the system, Mifos generates in-depth audit trails.  This threat model helps to extend robust security measures beyond the application to protect against web-based threats.

Get Involved:

Through our open technology platform being adopted by MFIs throughout the world, contributions from volunteers like Denis can have a substantial impact in the fight against poverty.  To contribute in our mission to transform technology from a barrier into an accelerator for microfinance please view our volunteer projects to learn how you can get involved.

Share and Enjoy:
  • Digg
  • del.icio.us
  • Facebook
  • Google Bookmarks
  • LinkedIn
  • email
  • PDF
  • RSS
  • Slashdot
  • Technorati
  • Twitter

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

September 2nd, 2009 | Tags: , | Category: Community Spotlight

Leave a Reply

 

 

 

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>