Explanation of the security set up on the community platform for ESA
The aim is to describe in a simple way the elements implemented to ensure data security on our community platform.
Points to address:
-
Check that the endpoints are not easily accessible
--> Known problem on the chat to be solved quickly, if the resolution can not be done quickly, in my opinion we should not hide this point and be transparent even if it may delay the contractualization -
At the infrastructure level, we rely on Always data
--> Find the details provided by always data in order to extract useful information to transmit to ESA -
Connection of administrators and developers only by SSH on public key only (No use of password for more security)
-
Connection of the users by Open id connect
--> Maybe explained in a few words what it consists of -
We do regular audits and security monitoring
@sylvain ,
there is one last point that we did not discuss on the phone, which is the isolation of data between 2 platforms hosted in the same place, one master and one duplicated but not federated, how is the isolation of data between these 2 platforms ensured?
PS : we need this information quick enough because we are in discussion with the ESA for a contractualization that we would like to realize quickly
Thank you