English فارسی Suomi
Français Nederlands Translate

CiviCRM for human rights organisations

SECURITY

 The problem of protecting data from both unauthorised access and from accidental loss is quite self-explanatory in human rights work context. It's often crucial that collected information didn't ever fall into wrong hands. Making sure that a few requirements are met can highly reduce the risk of exposing data.

Secure installation

 Because CiviCRM is a web based solution, it requires webserver to run. It's most common situation that webservers are used for serving publically available data, so some attention is required, when setting up CiviCRM for storing sensitive data. Recommended approach in such situations is using some kind of VPN (Virtual Private Network) solution, which will encapsulate data transfers over public networks using secure cryptograhpic methods. One of non-complicated methods of assuring VPN functionality is using SSH tunnelling - blocking most kinds of access to the server and leaving only possiblity to access services via secure, encrypted SSL tunnel. 

Encrypted data transfer

CiviCRM, being server based software accessed through the browser (client), requires internet connectivity. All the communication that's happening between the server and the client is not encrypted by default in non-configured, default installation, which means that somebody can intercept it and gain unauthorised access to your CiviCRM installation. In order to ensure security of communication, you need to make sure that your webserver (or hosting company) supports so called SSL (Secure Sockets Layer). Once that condition is met, you will need to create or obtain an SSL certificate from trusted issuer and put it on your server and than enforce encrypted communication (through HTTPS protocol) by changing configuration options in administration section.

Backups and their security

All of the computer systems are prone to failures - both hardware and software. The way to make sure that data is not lost is creating backups - periodically made copies of all the data and sometimes software as well. Making backups serves two important purposes: recovery and retention. In case of recovery, it helps organisation make sure that data gathered and stored in databases isn't lost in case of any failure. It can also help make sure that service continuity is assured - sometimes it's important that data gathering or analysis operations are not ceased due to lack of functioning database system - in such cases recovering working tool from backup minimises downtime. Second purpose: retention, is userful when organisation needs to be able to check the state of data gathered in given time in past. It might be quite important for human rights oriented organisation, especially around projects where data gathering process can be sabotaged by introducing unneeded modifications. Being able to verify the state of database in given moment in time (and compare to current state) can help in discovering any inaccuracies.

 There is one more important issue to remember about when thinking about data backups. It sometimes happens, that the backed up system itself is well protected and there is a lot of attention being paid to its security, but the very backup security is forgotten. For example, it's important to have off-site backups (a copy of data that's stored in physically different location than original data - in case of natural disaster or fire), but it should be remembered that they contain all of the sensitive data. Therefore, it's a good practice to use strong encryption and physical protection (e.g. keep them in safe) for all the backups.

Data storage jurisdiction

 As mentioned before, CiviCRM can be run from the server or from the cloud. When working with issues around human rights, especially if organisation is gathering information against specific country's government or its officials, it is quite important to know where your data is stored. This is especially important when data is stored "in the cloud", when it's not obvious where the data is physically stored. Not getting into details, it might be good to have detailed information about where the servers are physically located, and which country's jurisdiction is used in case of governmental requests for information.

Other security concerns

It should be remembered that many successful attempts of unauthorised access don't have too much to do with IT systems security. It's often social engineering, physical access to server and client machines or using violence against people who have authorised access to data that are responsible for break-ins. Therefore, making sure that data is secure requires also extensive, on-going training of system users and making sure that they are familiar with all the necessary precautions. 


EDIT