No time to go, unfortunately. Hopefully there is going to be a recording. The topic is essential.
YES! this is a serious topic that needs to be disseminated to the masses, not just the DevCon attendees.
Good recommendation Wim. I go to the security session each year at Devcon and it is rather important to keep upon.
One thing that I find few FileMaker developers have experience in are written security plans and continuity of operation plans (COOP) for their solutions. When you get with the big boys (aka, the enterprise level guys), that is just one of the requirements and something often holding back FM being a viable solution if the developer can't provide good documentation. If you work with the US Government, you always have to have a security plan and they are not simple little 10-20 page reports.
And while smaller and medium sized businesses might not need such full documentation, I still recommend light versions of security and COOP plans. These plans often force companies to assign responsibilities to staff regarding aspects of security from updates, to who makes decisions for each solution, to how security is managed, to who handles backups, scheduled hardware upgrades, plans on how to respond if a breach happens, etc. Few companies I talk to have tools to know if they have been breached and, if they are, who is responsible for securing their info, minimizing impact, securing the network, and reporting to decisions makers on what happened and potential liabilities of the breach. These are all things familiar to a CIO, but many FM solutions are with companies too small to have a CIO, let alone full time IT staff. But it doesn't mean they still shouldn't have response plans.
As a developer, these are also additional services that can be offered and companies are becoming more willing to pay for them as necessary part of business.
If you want to do some brushing up on security plans, you might look at the US Government's NIST 800-53 "Security and Privacy Controls for Federal Information Systems and Organizations" as well as the ISO 27001/2 international standards of security documentation. These are all well documented on the internet.
I actually thought about applying as a Devcon presenter to go over making a security plan for a FileMaker solution that would meet US Government requirements. Then again, it would be a rather dry and narrowly focused session.
I hope to see many of you at Devcon and the Security Session. By the way, the Devcon Security session is being taught by Rosemary Tietge and she really is quite knowledgeable! She is a FileMaker, Inc. employee and technical engineer, as well as a graduate of MIT.
Taylor Sharpe wrote:
By the way, the Devcon Security session is being taught by Rosemary Tietge
There are 3 security sessions at Devcon. The one that I referenced is by Steven Blackwell. The others are by Rosemary Tietge and Ronnie Rios.
Agreed with the main point that even small(er) companies benefit from a structured approach to security. Same with backups and disaster recovery. The approaches that work for big enterprise in this area can easily be scaled down and provide a lot of value.
Wim: There are 3 security sessions at Devcon. The one that I referenced is by Steven Blackwell. The others are by Rosemary Tietge and Ronnie Rios.
Ahhh... so noted. Thanks, Wim. Steven Blackwell has quite a security reputation and I'll plan on attending his too. Thanks for pointing it out.