Lakeside Scout has numerous methods and points of security. Please find details below outlining core security features.
SSL (Secure Sockets Layer)
Lakeside Scout utilizes a secure connection via an SSL protocol or secure site. SSL protocol is an internet standard that provides secure access to websites. This is accomplished by using a combination of encrypted public and secret key technologies. SSL authentication utilizes digital certificates that allow web servers and the user to verify each other’s identities before establishing a connection.
User Authentication and Access
Lakeside Scout users authenticate via the Keycloak Single Sign-On (SSO) module. Keycloak is specifically designed for authenticate requests while delegating all other functionality to the application. Given that Keycloak’s sole purpose is authentication, it helps keep it separate from the core code ensuring the code is clean and easier to maintain or add additional security to if required. All accesses are logged including the user and the IP address of the request.
User Information
Lakeside Scout user information is stored in a Mongo database table with the password stored in an encrypted form.
Newly created users are sent an email to verify they are real people and not a bot. Within the verification email is a link to create a unique, strong Lakeside Scout password. Passwords are never sent or displayed to the user. Lakeside Book Company does not have access to user passwords. All user account usernames are their unique email address.
AWS (Amazon Web Services)
Lakeside Scout utilizes Amazon’s best-in-class cloud infrastructure, Amazon Web Services (AWS).
Two (2) specific storage tiers are currently utilized:
- Ultra-fast EFS for uploads, preflight, corrections, proofing, etc
(considered checked out) - S3 for approved and ready to print files
(considered checked in)
EFS (Elastic File System)
The EFS file system is AWS restricted to the security zone of the Virtual Machine (VM) Servers within the Lakeside Scout ecosystem. There is no other access than the API and background working servers.
All access to the EFS files are moderated by backend web servers. The backend web servers enforce strong password authentication and limits access to those the user has been giving rights to.
S3 (Simple Storage Service)
Security for S3 is by zone restrictions in combination with access key/secret. You must have both to get access to the existing S3 files. The effective limit for these files are the AWS VMs and Lakeside Book Company for direct uploads from our existing Prinergy archives.
APIs (Application Programming Interface)
Lakeside Scout uses numerous custom APIs for various communication needs. An API is a computing interface that defines how different software applications can interact with one another.
Strong authentication is strictly enforced when accessing or calling any Lakeside Scout API interface.
File Uploads
PDF files uploaded to Lakeside Scout will immediately begin checking for file integrity via the uploads window for encrypted or corrupt files. If neither encryption nor corrupt files are detected, the system's preflight engine will automatically checks for JavaScript, actions and attachments that represent a security risk as they may contain malicious code. The user is required to remove these elements during the preflight process.
File Downloads
PDF file downloads are restricted to users that have access to the specific account with the role-associated permission to download files. When the user requests the download, they receive a secure time-expiring, pre-signed URL via email.
Additional Security Measures
Lakeside Scout also utilizes best-in-class security threat solutions that actively scans for threats.