FusionDox Platform Security

The security of any web application and your content depends on several key factors:

1. The server environment where the application is hosted
2. Having a tested backup and disaster recovery plan
3. The accessibility of the back-end data (database and documents)
4. The architecture of the web application and its susceptibilities

Server Environment

FusionDox software can be installed either at your location, or as a hosted service.  If you choose to install the software at your location, you should have experienced on-staff IT personnel who can assist you in ensuring that your hosting environment is secure.

If you selected a hosted solution, we have an expert team who configure the hosting servers with industry standard tools and in a proven way to ensure your content is secure.

Backup and Disaster Recovery

This is often overlooked by smaller organizations.  In your hosting environment, your content may be backed up to tape or to a remote location electronically.  You should be familiar with how backups are taken, and their frequency.  Most hosting environments will take daily backups at a predetermined time in the day.

Depending on the critical nature of the content you are managing with FusionDox, once a day may not be enough, in which case you should make special arrangements to backup your content more often.  Only your company can determine the value of the documents you manage and determine the cost if one or more documents are lost because of a hardware failure and restoring data from earlier in the day.

In addition to backing up your data, it is critical that you develop a complete disaster recovery plan.  Ask the difficult questions such as:

• What would happen in the event of a natural disaster?
• What would happen in the event that the network went down?
• What if the server hardware failed?

Answering these types of questions and documenting a solution to protect your data can help minimize the impact whenever system failures occur.

Back-End Data Accessibility

FusionDox, like most web applications, has application files and application data.  The Application data is stored in the FusionDox repository database, and optionally, documents can be stored on a file system or FTP server.  This provides several key methods of how individuals can gain access to your content:

• Through FusionDox web application
• FusionDox application API
• Drive sharing
• Direct database connections
• FTP
• Console Access
• Data backups

The company or group responsible for hosting your web application should also be responsible for the above.  It is critical to understand all the above method that users can access your content, and to only open access to those whom you can trust with your content.

Access to FusionDox through the web application is managed with built-in security tools, and access via the FusionDox API requires a valid user account to be used for all API calls.  Only privileged team members should have access to this information.

FusionDox Architecture

FusionDox uses a ColdFusion application framework for managing access to your documents.  This framework provides security that requires a username and password for access to the system.  Administrators can create a guest account for access to documents as well, but this feature should be used with caution.

In a default configuration, all documents are stored in the repository database and not on the filesystem.  This provides the most secure method for controlling access to your documents.  Even users who have access to the server, drive shares or FTP to your server would not have access to individual documents, and cannot change documents without going through the FusionDox web interface.

Optionally you may choose to save documents to the filesystem instead of in the database, in which case you should refer to the Back End Data Accessibility section above, and ensure that you limit access to the documents managed by FusionDox.

The FusionDox API (Application Programming Interface) allows programmatic access to FusionDox, and can both read, export, modify and delete (move to the recycle bin) documents from another web application.  Any applications built using this API should have been developed in-house, and so should be a known access point to your content.

When deployed with our recommended configuration, FusionDox is a very secure application that provides access to your content only through permitted methods. 

In addition to deploying FusionDox in a secure fashion, you can help increase the security of your content by adopting good internal use policies, such as:

• Change user account passwords at least twice a year
• Schedule backups and verify the backups periodically to ensure data integrity
• Have a clear disaster recovery plan
• When employees leave your organization, immediately disable access to the server and web application
• Perform a yearly audit of who has access to the system