RapidBIZ Security

In this blog post, I outline common security challenges that IT departments are facing today and the security capabilities built into RapidBIZ to efficiently secure application environments.

Security experts know that Availability, Integrity, and Confidentiality (AIC) based on a Quality Model is the foundation of good security practices. Unfortunately, trained security professionals are in short supply making identifying and implementing security requirements difficult. Additionally, lack of time and resources are forcing IT departments to implement software quickly, limiting the amount of time available for researching best practices for implementation.

Today’s IT security challenges include ensuring that:

  • Application security is optimized based on the role of the application.
  • Privileged decisions are made on the server side and not the client side, in client server applications.
  • Execution environments are not running as privileged users.
  • Encryption keys are not stored on the system that has access to the encrypted data.
  • Government auditing & reporting requirements are implemented for user activity.
  • Customer passwords and confidential data are protected.
  • Software interfaces with existing infrastructure and identity services.
  • Multi-level security and data compartmentalizing is in place to protect against human error.

RapidBIZ Security

With RapidBIZ, we simplify your security activities with a rich set of security features that are available out-of-the-box, or with minimal configuration.

RapidBIZ:

  • Runs on an optimized SELinux enabled operating system, preventing many intrusion attempts.
  • Executes code as a non-privileged system user, compartmentalizing application execution environment from privileged system users.
  • Execution engine is compiled in C++ with native OS libraries, increasing application availability and quality of service.
  • Features the common Discretionary Access Control, but can be adapted for Mandatory Access Control for flexibility in security models for higher security environments.
  • Command and control and privileged decisions are implemented on the server side, preventing many attack attempts.
  • Allows segmenting data into organizations for compartmentalization that denies by default, but can be configured to share data with other organizations.
  • Core code and APIs are tested using a Quality Model, the code is developed, tested, revised and revisited, to prevent common programming mistakes, and save developer time.
  • Provides access logs of the users logging in by IP, date/time, user, and the browser, as well as user activity logging, allowing auditing, and tracking.
  • Provides immediate notification to users on security events such as password resets and failed login attempts, included by default when using our standard security model complying with many regulations.
  • Has a secure configurable password policy, or can be configured to work with your LDAP or SAML enabled identity services, allowing integration with your current infrastructure.
  • Passwords are never stored in plain text, most commonly they use a SHA one-way hash to encrypt the passwords. Completely preventing your company from being responsible for compromising user passwords.
  • Passwords are transmitted and compared with a rolling double SHA hash to make eavesdropping and man in the middle attacks harder.
  • Uses standard TLS 1.0,1.1,1.2 configured to use high encryption cipher suites by default, just add your certificate, to protect your data, and comply with the in-transmit requirements of most regulations.
  • Uses multiple encryption protocols as well as multiple keys for back-end communication to compartmentalize communications.
  • Uses full path encryption, encrypting data from the client site through connection, into storage, and even in backups, without storing the keys on the server, protecting your data.
  • By default stores data in a standards based SQL database, and can connect to multiple JDBC enabled databases, allowing your data to be available to other applications.
  • Contains pretested libraries that save time in data validation, encryption, data access, and much more, allowing design of your regulation compliant application such as HIPAA, FIPS, and 21 CFR 11
  • Designed to be portable to physical, and virtual environments allowing it to move from one hosting provider to hosting provider, or private networks.

RapidBIZ managed environment includes:

  • A proxy with firewall, firewall on the system, configured to deny everything by default with minimum of exceptions.
  • Daily backups configured in a five working day rotation, to protect data from being altered maliciously or accidentally by users.
  • Optional weekly off-site backup and disaster recovery, to fulfill disaster recovery requirements for HIPAA, with regular validation to make sure they are running and meaningful.
  • Host Intrusion Detection (HIDS), to fill the Intrusion Detection (IDS) requirements of regulations like HIPAA.
  • Malware detection to make sure that the system does not have compromised files.
  • Monitors for system resources, to help troubleshoot or identify abnormal function of the server.
  • Intrusion prevention to actively block persistent/prolonged attack attempts against a server.
  • A system administration activity log.
  • Periodic vulnerability scans, to assess current vulnerabilities and catch newly occurring vulnerabilities.
  • Operating System updates are applied after being tested for compatibility, and periodically.
  • Application Platform updates are applied after being testing and with compatibility in mind.

I hope you can see how important security is to RapidBIZ. If you have further questions, please don’t hesitate to contact me, Louis Seifert, VACAVA Chief Security Officer.

VACAVA Introduces RapidBIZ Cloud Development and Delivery Platform

I am excited to announce the general availability of RapidBIZ™ via VACAVA®, our simple to use, easy to afford integrated cloud application development and delivery environment. It truly delivers new IT productivity gains with simple to use pre-built/pre-tested application components assembled via a graphical drag and drop interface. VACAVA application process experts, architects and developers are using RapidBIZ today to quickly assemble and modify custom applications for our clients. We have built in strong database, security, and code extension capabilities to tackle complex application requirements efficiently. The headaches and expense of in-house servers is eliminated because we host RapidBIZ development, test, and production environments in IBM's SoftLayer cloud services.

We started building RapidBIZ 6 years ago for our own custom application development business. I've got to say, it was a bit painful for the first couple years because we didn't have all the functions and capabilities needed. But the RapidBIZ design team was quick to respond. We are now on our 6th major release of RapdiBIZ and use it exclusively to deliver cloud applications.

The VACACA team has experienced productivity increases up to 80% using RapidBIZ over traditional development methods! This chart shows how our productivity increases based on the complexity of the application type. We know this is true because it's what our programmers experience every day.

We are making RapidBIZ publicly available so that others can benefit from the significant productivity improvements that we've seen.

I want to make cloud development and delivery affordable for business of all sizes. Our pricing has no hidden fees, no surprises, and no long term contracts. We are offering the development cloud for one developer free of charge. This is not a try it and if you like it we charge you - this is full development and deployment capability enabling you to develop and deploy for testing purposes for one developer for free ongoing. Once you've developed the application and now want to move it to production, we have a very affordable cloud hosting environment to run the application in production -- all based on a monthly, pay as you go model with no ongoing commitment required.

Check out RapidBIZ today. Learn more at www.vacava.com/rapidbiz where you can chat with a RapidBIZ developer, read our press release on PR Newswire or contact me.

SERV Kent charity improves security, stability, and efficiency with help from VACAVA, Inc.

SERV Kent, Service by Emergency Response Volunteers, is a UK charity based in county Kent. The charity provides out-of-hours free transport of blood and samples between all the major hospitals and hospital services including some hospices, blood banks and air ambulances. To be able to offer these services, the charity has approximately 130 volunteers, available every night, weekend and holiday, spread across 1,442 square miles of Kent. Volunteers fulfill various roles ranging from motorcyclists and drivers riding and driving their own vehicles, duty controllers manning the phones and a fleet of marked emergency response vehicles, some run by dedicated individuals and others shared across teams.

Managing SERV Kent operations requires rota, response availability lists and callout recording, capabilities to manage incoming calls, start dispatches and collect responder information, all available from remote locations. Additionally, supporting functions are required including management of membership, events, documents, fleet vehicles and supporting information.

Previous volunteers had constructed a convoluted management system via Google Sheets, which were then served to members via iframes in a Joomla website. Apart from being cumbersome this meant that much of the information was managed on a few local PCs. Only one or two individuals had authority to change it online and significant manual effort was required at the end of each month to set up and configure the following month.

As an example, the response list was a collection of 30 Google sheets, 15 of them reading from the other 15 which were updatable by 15 forms feeding those. Served to the members through 15 Joomla custom modules on a single Joomla article. One change in just one detail and the entire system would collapse, not to mention the slow performance and complete lack of security. The system was completely open to abuse as forms were freely published.

David Brown, Secretary and Web Master of SERV Kent said "I knew of the fantastic capabilities of VACAVA's RapidBIZ, combined with IBM SoftLayer. When VACAVA offered us an instance as a charitable contribution, free of charge, I jumped at it. I have experienced the immediate advantage of RapidBIZ application development along with flexible IBM SoftLayer hosting."

VACAVA's generous contribution of RapidBIZ, IBM SoftLayer capacity, and VACAVA services, has enabled SERV Kent to develop a secure, fast extranet with new applications available anytime, anywhere. This has vastly improve organization management and member service. With the productive RapidBIZ environment, new capabilities have been developed for fleet and response management, event attendance along with a self-service rota. These new capabilities have vastly improved the volunteer experience with easy, yet secure, information access. Real time updates anywhere, anytime, have completely eliminated the need for monthly configuration planning, reducing monthly staff workload and bottlenecks. Members now interact with the charity real time, from any location, with greater efficiency and user satisfaction.

As Founder and Managing Partner at VACAVA, I am grateful for the opportunity to share technology that can advance the important cause of SERV Kent. RapidBIZ and IBM SoftLayer were a perfect solution to help quickly and affordably solve SERV Kent business management issues.