Page 74 - CON Boardpack July 20200708 Final_Neat
P. 74

Communication between Clients and Web Application
                 All communication and traffic between clients (Web Browsers and Mobile Applications) and the platform (World of Pork)
                 application hosted in Azure is secured with SSL (Secure Sockets Layer) and its successor, TLS (Transport Layer Security) and
                 uses up to date TLS 1.3 Encryption defined in RFC 8446 (August 2018) of the IETF (Internet Engineering Task Force).

                 World of Pork authentication and authorization
                 Authentication to the web application is implemented using Microsoft ASP.Net OAuth, while authorization is managed by
                 a secure Microsoft WEB API authorization implementation.
                   Custom role-based security has been implemented to enforce authorization to certain functionalities within the platform
                 based on the user role assignment. This ensures that users can only access functions and information that their role has
                 access to.
                 All role assignments and other authorization privileges are managed on a Site Admin level with only designated persons
                 able to create or modify these attributes.

                 Relational Database Data Storage
                 Microsoft Azure SQL Database is used for all relational data storage. All communication and data in motion between the
                 Azure SQL Database and any internal and external components i.e., including components of the World of Pork application
                 itself, is again encrypted with SSL/TLS 1.3 encryption.

                 Transparent Data Encryption (TDE) is also implemented and adds a layer of security to help protect data at rest from
                 unauthorized or offline access. The TDE encryption is implemented using an AES encryption algorithm.

                   Reporting and Dashboarding
                 Microsoft Power BI is used for delivering reporting and dashboarding capability to the users of the platform. This Azure
                 service makes use of the same Microsoft Azure SQL database technology used by the rest of the application. The reporting
                 database has been deployed separate  to  the application transactional  database  to further emphasize isolation and
                 separation of concern. Full record Row Level Security (RLS) is implemented to restrict data access to given users and applies
                 filters on row level based on defined roles of users that access this information.


                 Virtual Network Security
                 The various internal components of the World of Pork solution are connected by an internal virtual network. This virtual
                 network enables a private network within Azure and allows complete isolation of all components within the solution. Both
                 network and application security groups further filters traffic to and from the resources employed by the World of Pork
                 platform. No public endpoints are exposed to any internal part or component of the solution except for a single SSL/TLS
                 port that is opened to enable access to the web application via browser and mobile app clients.





















                                                               74
   69   70   71   72   73   74   75   76   77   78   79