Some Security Basics
We will use the term administrator to refer to anyone who is responsible for managing a company's data and who can access that data. For our purposes, administrators includes a wide variety of IT professionals, from those who define roles in the P6 EPPM application to those who manage company servers.
An end user is anyone who uses P6 EPPM to do their job. This includes project managers, subcontractors, general contractors, and everyone else who logs into P6 EPPM from an office or jobsite to get their work done.
Administrators should:
- Set up Single Sign-On (SSO) with SAML to minimize the number of passwords that users have to remember and to consolidate risk.
- Educate users on how they can avoid unwittingly helping hackers. One of the best ways application administrators and security advocates can help users is by helping them to prevent security breaches.
- Use a VPN to encrypt data being sent over the internet.
- Configure the Site Allow List to prevent access to unnecessary sites and the Web Services Allow List to restrict access to P6 EPPM Web Services to specified client IP addresses.
- Stay up-to-date about security trends and best practices.
End users should:
- Follow security guidelines created by their companies and the administrators of any network applications they use.
- Use strong passwords. The more random-looking the better, and avoid reusing passwords.
- Learn to recognize phishing. Phishing is when someone disguises an email or some other transmission as a legitimate message in an attempt to get a user to reveal sensitive information. For example, a hacker may send you an email disguised to look like an email from your employer requesting login information. These attacks are becoming more sophisticated, but you can still protect yourself by making sure any emails you receive or websites you visit are legitimate before using them to share sensitive information.
Related Topics
Security Considerations in P6 EPPM
Authentication: How Users Sign On
Authorization: What Users Can Access
Privacy and Personal Information
Data Export and Integration with Other Applications
Security for Developers - Web Services Security
Establishing Security Contacts
Last Published Monday, October 7, 2024