Enterprise security is not a new concern, but has been getting increasing attention due to high profile headlines about cyberattacks, the ever increasing list of discovered security flaws, and poorly implemented access control leading to sensitive documents ending up in the wrong hands.
Whether it's closing the security gaps against external cyber security threats, or implementing compliance-driven policies to compartmentalize sensitive content and your intellectual property, your IT department needs to stay on top of current threats and best practices.
But … what about your external vendors? Are they doing the same? Are they following your processes & policies? What good is it to have your internal systems secured while employees use third-party services that don’t adhere to your policies?
This is why ConceptShare is very proud to announce our latest security feature: Heartbeat - which incorporates your organization’s session management policies into our application.
Why does that matter?
Suppose your organization has a policy that dictates that users must be logged out after 15 minutes of inactivity for security reasons. Adherence to this policy could be the difference between passing or failing a security audit by a client, and the policy could be in place to prevent leaving unlocked systems unattended for long durations.
With Heartbeat, you can configure it to logout inactive users after 15 minutes, so that anyone from your organization would be requested to log back into ConceptShare whether they accessed ConceptShare from an enterprise device or not. Your ConceptShare account now adheres and complies to your session management policy, irrespective of where it’s accessed from.
It’s also important to note that the reason for terminating a session is entirely for you to dictate. In our example, we use a simple blanket rule: 15 minutes of activity, however, your conditions can be as complex as you need them to be to support your internal policies.
How does it work?
- When a user is actively using ConceptShare, ConceptShare will periodically send a server of your choice a specific "heartbeat" payload which identifies the user.
- If the user becomes inactive, they stop sending heartbeats.
- If you haven’t heard from a certain user beyond the allowable threshold; the next time anyone tries to access ConceptShare from their machine and a heartbeat is sent again, your server can respond, signalling ConceptShare to revoke that user’s session.
- The user will then need to pass an authentication challenge in order to continue accessing ConceptShare.
We work very closely with our enterprise customers to understand their needs, not only to continuously innovate on product features for end users - but to meet internal security and compliance requirements as well.
If you would like to learn more about ConceptShare, or the new Heartbeat feature, get in touch. We’d love to get a better understanding of your needs, and see how we can help.