As the data in IBIS is confidential, and provisioning activities can affect equipment functionality as well as generate invoice charges, it is of key importance that an IBIS administrator has access to controls that govern who has access to IBIS. In addition, this access needs to be secure.
In order to comply with these requirements Digital Skies provides IBIS security at different levels:
- Roles that provide privileges only to those that require them
- An access audit trail and history for a number of key activities:
- Strict password management
- Two factor authentication (for user instructions, please click here). Please note that an IBIS release is required to implement this.
User Roles
IBIS provides a number of user roles that ensure that IBIS users only get access to those privileges that they are entitled to. There is a difference between internal roles, where the user can see all data in an IBIS, and external roles, where end users can only see their own installed base. Please note that which user roles are available in IBIS may be different per IBIS installation.
Example roles are:
- Billing admin: Full privileges including user creation, provisioning and billing, complex tasks
- Provisioning: Regular provisioning tasks, including tasks that generate invoice charges
- Read only role: for information only
Every IBIS instance has at least one user assigned as an Administrator that can set these roles for their own users, both for internal users as well as for their customers.
Access and change history
For key activities on IBIS, an access audit trail and change history are provided, listing which activities have been performed by which IBIS users. This is, amongst others, available for:
- Logging in/out of IBIS
- Provisioning tasks
- Changing monitors and alerts
- Updating firewall rule sets
- Changing price plans
Password management
IBIS provides several options to apply strict password management. Access to this functionality can be made available on request.
Two factor authentication
Digital Skies offers two types of two-factor authentication: DUO and Authenticator. Please note that an IBIS release is required to implement two factor authentication for DUO.
DUO
DUO is the industry standard and accredited multi factor authenticator of choice for many companies. DUO is provided by CISCO
- Ease of use: DUO supports confirming the approval with one touch, rather than keying in codes received via SMS
- Flexible integration with a broad range of applications and services
- Compliance with standards like PCI DSS, ISO 27001, NIST 800 and more
DUO requires a license with DUO as well as integration within IBIS. DUO provides four different variant of two factor authentication. The IBIS admin can select any of these variants based on their security requirements.
Once the DUO license is acquired from DUO, the details of the license have to be configured into IBIS by Digital Skies.
Authenticator
Authenticator is a generic module that works with MicroSoft Authenticator, Google Authenticator and many more MFA solutions. Authenticator is available in every IBIS and is available in two flavours:
- Strict – The IBIS admin determines for which users this is mandatory. This is set at the individual user account. Building in restrictions around which IBIS customer can have this, is additional development and is not planned at this moment.
- Opt-in – End users that make use of an IBIS where MFA is not made mandatory, may opt to implement MFA themselves by updating their own user account.
For user instructions, please click here