12-04-2010 09:13 AM
Hopefully this is a simple question.
If I use remote database sync to allow multiple remote staff to use Act! - Is my data secure.
I would like to ensure they can perform no form of Export
Is the 'raw' Database secure - could a SQL expert hack the database and gain access to the data.
Many thanks in advance
12-04-2010 01:24 PM
Export to excel can be disabled through tools, preferences.
Unhackable by an expert? No
You can find a whitepaper on the ACT security model here
12-04-2010 01:45 PM
12-04-2010 02:14 PM
Mike (and Jon)
Preventing Exporting is (I believe) relatively easy.
My greatest concern: Having a remote distributed workforce with Act! Remotely Synced.
Yes-I can limit 'subsets' of data to various remote users - but some will need access to the entire DataBase.
My greatest concern:
An employee leaves - and walks off with the 'entire' database (Sure some fields can be prevented from syncing)
I guess what you're saying is they would only need to go to a ??SQL Express?? Expert and it wouldn't be too long before the database was unlocked.
Am I correct here in this assumption.
Is there anything that can be done - i.e. if the Database was SQL Server rather than SQL Express - would this make a difference in terms of security??
Is it not possible to have the SQL (or SQL Express) Database authenticate with some form of One Time Key (i.e. using one of those dongles where the code changes every 15 seconds)
i.e.. They Authenticate in
But my guess here - is that even if this wishful thinking did exist - then a 'hacker' could still crack the database during the time it was 'authenticated'.
If you have any thoughts - it would be greatly appreciated.
If not - my gut is telling me a Hosted (Act Premium for Web) is the way to go??
Many Thanks for your thoughts so far
12-05-2010 01:02 PM
Your ACT database can be hosted either over ACT for Web or if you need the full desktop ACT product you could do a Citrix (Terminal Services) environmenet. With Citrix, We can control and lock down the abiliity to do almost everything except take a screen shot. We can lock down local saving, printing, export to excel and the database would not be on the users machine at all. If you need to terminate or have problems with an employee, it's a simple process to cut them off entirely.