GDPR Security Add-in

3 min read
Vlad Kovalskiy
October 9, 2018
Last updated: December 15, 2020
GDPR Security Add-in

The article has been provided by MAKE Interactive, Bitrix24 Gold Partner. Please contact them directly regarding installation or additional details.

For its large European clients, MAKE Interactive has deployed a package of data-security measures using both the powerful out-of-the-box Bitrix24 security features and some custom-built tools. This package is available only in the on premise, also called the self-hosted, edition of Bitrix24.

Starting point


It is recommended to provide true administrator access to the very minimum number of employees possible. Because User Groups in Bitrix24 are flexible, ‘power users’ and users who should have wide permissions in the Control Panel (back end), can be assigned to user groups configured very particularly, but denied full access. Additionally, back-end access can be limited by IP so that only users physically located at your office or designated locations can make administrator-type changes.
Furthermore, Google analytics can be installed to track page visits, the Bitrix24 web analytics module logs events, and there is a code integrity checker in the proactive protection module.

Gaps


But there is still the fact that an administrator can authorize as a different user. Thus, a person with access to an administrator account could potentially cause a great deal of harm while effectively remaining anonymous. Furthermore, users can edit their own posts and chat messages at practically any time in the future, creating another scenario for potentially misleading historic records.

Solution


To untangle the confusion that could be created in this ‘impersonation’ scenario, MAKE Interactive developed a set of tools to store user actions using the user session as the fundamental identifier. These tool tracks the original user, the impersonated user, the IP of user, and the session ID. Using the session ID, nearly all actions in the Bitrix24 analytics module and logs can be tracked – thus identifying the original user.

Additionally, a notification via the chat message is sent to User #1 or any other chosen user stating that User X has logged in as User Y, so immediate action can be taken if needed. It’s also just good for people to know that all actions are recorded, to prevent temptation of abuse.

Another feature added is that changes (edit of messages) in (all) posts on the Bitrix24 stream and change to all chat messages are logged. Weekly logs are saved in file form and can be emailed to a system administrator for example. These data security measures and others are available from MAKE Interactive so that you can rest easy knowing that you conform to GDPR requirements.

Do you take security serious with your confidential Bitrix24 information?

Contact MAKE Interactive for this security upgrade or visit their website for more information. Implementation of this security pack includes a free security review and consultation of your portal to make sure the great security tools that come standard with Bitrix24 are configured optimally.

Most Popular
Beyond the Click: How Bitrix24 and Google Docs Integration Enhances Team Collaboration
Inside Teamexpansion's Transformation: The Role of Bitrix24's Innovation Commitment
Managing Leads with Mobile CRM: A Guide to Staying Connected
Staying Ahead: Transforming Customer Relationships With Proactive CRM
Bitrix24 Spring 2024 Live Webinars
Table of Content
Starting point Gaps Solution
You may also like
articles
webinars
glossary

Free. Unlimited. Online.

Bitrix24 is a place where everyone can communicate, collaborate on tasks and projects, manage clients and do much more.

Start for free
You may also like
Product Properties In Deals
Bitrix24 tips and updates
Product Properties In Deals
1 min read
Bitrix24 Plans: Which One To Choose
Bitrix24 tips and updates
Bitrix24 Plans: Which One To Choose
3 min read