taylorsharpe

Is FileMaker Secure and Security Plans?

Discussion created by taylorsharpe on Mar 24, 2014
Latest reply on Mar 26, 2014 by taylorsharpe

I recently had a discussion with a client who wanted to know how seucre FileMaker is and about security documentation for databases.

 

The enterprise level of security (e.g., big corporations, governments, etc.) involves documenting a database's security plan. The International Standards Organization has a standard, ISO 27001, that steps through how to document security and have minimum security standards and it is a very thorough documentation and includes auditing, etc. Or you can look at the US Governments standard for documenting information database security plans which developed by the National Institute of Standards and Technology (NIST) in their Special Publication 800-53 (current version is revision 4). Basically the 800-53 publication shows you how to document all of the controls associated with a database.

 

I think some of the security plans described above are over kill and just document security you have hopefully already implemented. If you follow the FileMaker Security Guide, you'll meet minimum levels good enough for Top Security for the US Government computers, but if its a US Government computer, you'll still have to do a security plan.

 

The US Department of Homeland Security maintains a National Vulnerability Database to document all known vulnerabilities to various softwares. A search for FileMakerin March 2014 showed FileMaker to have only been 5 vulnerabilities documented since the year 2000. None since version 5 of FileMaker in the year 2000 have been classified as a High vulnerability (the other 4 were all Medium level). Compare this to Oracle that has 2585 vulnerabilities and MySQL has 461 vulnerabilities as of March 2014. Oracle's most recent vulnerability was in January 2014 and listed as a High vulnerability. MySQL's last High vulnerability was this month (March 2014) and is a SQL injection attack.

 

While FileMaker can never claim invulnerable, it certainly looks to have a lot less security issues than other major database platforms and this Vulnerabilities database certainly makes FileMaker seem to have a very good security record. In other words, from the security perspective, FileMaker is a good choice.

Outcomes