Working in secure environments
Ensuring that ArcGIS software can function well in disconnected or secure environments is critical for protecting sensitive geographic data and ensuring the system’s availability. While ArcGIS has been designed at an engineering level to work in these disconnected systems, there are many variables that can contribute to complex deployments in these environments, with environment-specific challenges or integration issues. This page provides an overview of best practices in these areas:
Secure and disconnected environments
- Understanding the relationship: Recognize that “secure” and “disconnected” are closely related but distinct concepts. Secure environments protect the system and data from unauthorized access. In contrast, disconnected environments refer to the ability to operate without a consistent internet or network connection.
- Classification of data: Prioritize data classification, ensuring sensitive data is correctly identified and secured while allowing less critical data to operate in disconnected mode.
Architecture in secure environments
- Access Control: Implement stringent access controls, user authentication, and authorization mechanisms to ensure only authorized personnel can access the system. Utilize ArcGIS Enterprise’s security features, such as integrated Windows authentication, role-based access control, and security patches.
- Software Access and Licensing: Ensure that software installations and licensing are managed securely. Use trusted repositories for software distribution and keep licenses up-to-date. Work with Esri (the company behind ArcGIS) to set up secure licensing agreements.
- Secure Deployment: Deploy ArcGIS Enterprise components on servers that meet security best practices. Isolate sensitive systems, such as the ArcGIS Server, in a protected network segment and employ firewalls and intrusion detection systems to guard against threats.
Network connectivity assumptions
- Firewall rules: Configure firewalls to allow the necessary communication between ArcGIS components within your network and with external resources. Be strict about what traffic is allowed and only open the required ports and protocols.
- Encryption: Enforce encryption protocols (for example, using HTTPS) for data transmission and use encryption mechanisms to protect sensitive data at rest.
- VPN or secure gateway: In a disconnected environment, consider utilizing VPNs or secure gateways to establish a secure connection to your ArcGIS Enterprise deployment when needed.
Disconnected Use of ArcGIS Pro
- Basemaps and data: Preload and cache essential basemaps, data, and services locally on devices using ArcGIS Pro. This allows users to access critical information even in disconnected environments. Make use of mobile geodatabases or tile packages to facilitate offline access.
- Data syncing: Implement data synchronization strategies to allow mobile workers to update their data in disconnected mode. Esri provides tools like ArcGIS Online and ArcGIS Enterprise sync-enabled services.
- Utilities: Use ArcGIS Utility Network Management for disconnected utility network operations, enabling field crews to work on utility data offline and synchronize changes when connected.
Regular updates and testing
- Regularly update the ArcGIS Enterprise software and security patches to protect against vulnerabilities.
- Conduct penetration testing and security assessments to identify and mitigate security weaknesses.
Data backup and disaster recovery
- Establish a robust data backup and disaster recovery strategy to ensure data integrity and availability in secure and disconnected scenarios.
Security training and awareness
- Train your staff to follow security best practices and ensure they know the importance of maintaining security in secure and disconnected environments.
Documentation and compliance
- Maintain comprehensive documentation of security policies, procedures, and configurations.
- Ensure compliance with relevant regulations or industry standards, such as HIPAA and GDPR.
By implementing these best practices, you can create a secure ArcGIS Enterprise deployment that is capable of functioning in disconnected environments while safeguarding your valuable geographic data and services. It’s crucial to stay informed about evolving security threats and adapt your security measures accordingly.