Jump to content
  • entries
    44
  • comments
    59
  • views
    88,309

FileMaker Security Survey Reveals Interest and Some Confusion

Sign in to follow this  
Steven H. Blackwell

1,051 views

FileMaker Security Survey Reveals Interest and Some Confusion

 

During early and mid-July, I posted on FM Forums a multi-question survey asking people about their use of various FileMaker product security features. I also asked for any comments or for any recommendations they might have for enhancing product security features.

The results are interesting. They reveal a high level of use of many security features; they also indicate some areas of confusion about how security features in FileMaker products work.







Who were the people who responded to the survey? Where were they located?

 

Respondents said they worked in a variety of different environments:



Full time independent developer

47%

Full time in-house developer

18%

Work at or for a FileMaker development company

17%


Part time in-house developer

 11%


Power user

3%

Regular user

1%


FileMaker hosting company

1%

 

Respondents were primarily North American and European with a smaller number from other areas:



USA

71%

Western Europe

12%

Canada

6%

Australia/New Zealand

4%

Eastern and Central Europe

 2%

Latin America/Caribbean

 2%

 

Security Features Respondents Utilize

 

One of the most important FileMaker security features is File Access Protection, introduced in FileMaker® Pro 11. This feature is vitally important for securing files and for preventing unauthorized external compromise of a database’s business logic and manipulation of the User Interface.

 

Respondents indicated considerable use and support for this feature:




Category

Use File Access

Not Use

Full time independent developer

68%

32%

Full time in-house developer

63%

37%

Work at or for a FileMaker development company

62%

38%

Part time in-house developer

62%

38%

 

 

Privilege Sets are the method by which FileMaker Pro enforces and supports Role Based Privileges in files. The level of granularity for Privilege Set construction is very fine and precise.

 

How did respondents to the survey utilize Privilege Sets?



Category

Never

Sometimes

Always


Generic Privilege Sets

19%

65%

10%


Basic Privilege Sets

11%

66%

17%


Customized Privilege Sets

3%

53%

39%


Custom Extended Privileges

6%

59%

30%

 




External Server Authentication is another key tool for effective security management of FileMaker Pro solutions, especially for multi-file systems hosted by FileMaker Server. Easing of Account management and leveraging of existing IT security assets make External Server Authentication a very important tool.



Category

Yes

No

Use External Authentication of any type

58%

42%

External Authentication (Macintosh OS)

35%

65%

External Authentication (Windows OS)

52%

48%

 

The type External Server Authentication respondents say they used provides some interesting results:



Type

Yes

No

Open Directory Domain

23%

77%

Active Directory Domain

47%

53%

Local Server Groups (Macintosh)

26%

74%

Local Server Groups (Windows)

30%

70%

 



Finally, respondents revealed widespread use of some key Record Level Access features for controlling creation, viewing, editing, and deleting of records.

 

Category

 Yes

No

Use any type RLA

71%

 29%

View Records

63%

37%

Create Records

60%

40%

Delete Records

71%

29%

Edit Records

66%

34%

 

Analysis and Interpretation.

 

While I am wary of over-generalizations from the information provided by survey respondents, I nevertheless can offer some observations.

 

1.     FileMaker developers are concerned about security items. They know that systems they develop, either for clients or for their employers, can and will be subject to attacks seeking the data in the files. They also know that the business processes the databases manage can be disrupted if users are not constrained from potentially damaging actions, such as inadvertent or careless record deletion. To that end, they employ a number of the standard security features both for Identity and Access Management and for Role Based Privileges.

 

2.     Utilization of security features tends to cluster towards and in the Great Middle, with only 39% of respondents saying they always use customized Privilege Sets. We also see a marked differentiation between Macintosh OS and Windows OS in the use of External Server Authentication with the respective Domain Controller.

What this suggests to me is that while a significant portion of respondents have an understanding of the basic security features of the products, that only a highly diminished segment utilizes the more nuanced and advanced security features. This is unfortunate, because these features are very valuable––not to mention very flexible––in aiding creation of robust security for FileMaker Pro files. Since nearly two-thirds of respondents work full time developing FileMaker databases, this is a loss to the developer community.

 

3.     The relatively high level of adoption and use of the File Access Protection feature is gratifying. Particularly for the developers of commercial products based on FileMaker Pro, but for all of us as well, File Access Protection is one of the very most important features we can employ to protect our and our clients’ files. The cluster around the 37% to 38% of developers who say they do not use File Access Protection is a cause for concern. Without this feature, their files are vulnerable to manipulation and compromise.

 

4.     In the Comments section of the survey—about which we may have more to say at a later time—a couple of items were noteworthy. First, a number of people requested the ability to have dynamic Field Level Access similar to Record Level Access. I fully endorse that request. Second, a number of people requested that a variety of features and capabilities in the security arena be added to the products. They spoke as if the items they requested could not presently be accomplished, when, in fact, they can be. This indicates that some specialized information about these capabilities needs developing. I will undertake to do that in the coming weeks.

 

Finally, a word of thanks to all who participated in the FileMaker Security Survey. And a very special thanks to Stephen Dolenski of FM Forums for hosting the survey.

Sign in to follow this  

×

Important Information

By using this site, you agree to our Terms of Use.