Architecture and security
This diagram demonstrates a fairly standard configuration for the BoardWorks application. The servers can be separate servers, shared environments or collapsed on to fewer boxes if necessary. Naturally there are many more configurations that BoardWorks can support dependant upon the scale you wish to achieve.
The content server is Microsoft SharePoint Portal Server 2003. The standard Domain Controller is Microsoft Active Directory. The underlying databases of SharePoint Portal Server are Microsoft SQL Server 2000. Licenses for these components are included within the BoardWorks service solution but not in the BoardWorks Enterprise version.
A more detailed architecture document is available upon request.
Security Features
Security of BoardWorks is the primary solution requirement, and can be divided into three areas: External, Internal and Team.
External Security
External security is provided primarily by these features:
- Physical Network Security – The web server is protected by a firewall and all content is stored on a separate server behind a second firewall. If the solution is deployed at the customer site it can leverage all the security infrastructure you already have in place. Our hosting site is a SAS 70 secure facility that is monitored and manned 24/7. Further details on the various physical security protocols we have in place are available upon request.
- Authentication – All authentication requests are handled by Microsoft’s Active Directory or another LDAP-compatible directory service. The optional Enhanced Security Package provides two factor authentication – to gain access to the system you need to know something (a username and password) and you need to have something (a fob from RSA). Two factor authentication is available on our service model or can be configured on your own servers too.
- Secure Sockets Layer (SSL) – SSL is an encryption mechanism widely used on the Internet to encrypt network traffic while it is en-route from the server. It is used by all online banking sites and effectively renders any intercepted network traffic useless.
CGS recommends that customers use an independent third party to perform a black box and white box penetration test. While BoardWorks has already undergone two formal third party testing engagements, it is important that customers have their own assurance from their standard security provider that the solution meets or exceeds all requirements.
Internal Security
Additional Internal Security is provided primarily by these features:
- Optionally Isolated Forest – The solution can be deployed in a separate Active Directory forest, or integrated into the customer’s existing Active Directory installation. This provides flexibility with the amount of internal isolation required, and allows a separate administrator of the Board who can be different from those who administer the corporate Active Directory.
- Application Functionality – The application delegates all common administrative tasks to the Corporate Secretary group, removing the requirement that IT maintain powerful access permission. In addition, meeting-level security and agenda-item security work together to only allow appropriate internal users to view a meeting, and then to only the agenda items they need access to.
Team Security
At the team level, additional security is provided by these features:
- Agenda Item Security – Each meeting agenda document is secured to individual users, significantly reducing the likelihood that new members to the group inadvertently gain access to information.
- Corporate Secretary Security – Occasionally, meetings need to be secured even between members of the corporate secretary group.
- Rich Client – The use of MeetingBuilder, a smart client for corporate secretaries, helps improve accuracy. MeetingBuilder’s easy to use interface allows corporate secretaries to quickly and accurately apply security to individual meetings and agenda items.
Document Security
The system protects users by working behind the scenes to always keep documents encrypted and safe:
- Document Protection – Digital Rights Management technology protects documents accessed through BoardWorks from being opened by an unauthorized user, or optionally copied or printed.
- End-to-End Encryption – From physically storage on the server, through transmission and temporary storage on the client, documents are always encrypted.
