search

fgacyc / erp-deprecated

0 stars 0 forks source link

💡 [REQUEST] - Access ERP through VPN #8

Closed yuenci closed 1 year ago

yuenci commented 1 year ago

Summary

Our ERP systems contain sensitive data and a lot of operation on data, we need keep, we need to use VPN to protect the security of our system.

Basic Example

We need a Enterprise VPN system like Cisco AnyConnect

General things to do

Unresolved questions

I have no experience in deploying VPN and need @ETCasual @xylim98 help to choose tech plan

ETCasual commented 1 year ago

Means CGL need VPN to access? I dont think this is suitable

yuenci commented 1 year ago

Means CGL need VPN to access? I dont think this is suitable

Maybe higher than CGL, Coach / Team leader level. Or another Important question:do we need VPN?

marcustut commented 1 year ago

@yuenci we can just use SSO for this. No need to use VPN. Big companies use SSO to protect these kind of stuff.

Auth0 does provide it but I have no idea how to use it yet.

ETCasual commented 1 year ago

VPN doesnt make any sense now due to us not hosting anything ourselves, they are only accessing database through our web client. Even with VPN they are only interacting with the API's we exposed.

VPN at this stage would just add a layer of friction between interactions.

Dorothea303 commented 1 year ago

Q : Will we eventually need VPN or we can work around it entirely without compromising the safeguard of user's info? note: I would prefer that we keep this ERP as user friendly and as straightforward as possible.

ETCasual commented 1 year ago

Dont think we would ever need VPN, as per what @marcustut said, SSO (Single Sign On) works the same way in this regard where we only allow sensitive data to show to specific roles or user

@yuenci @marcustut @xylim98 can we confirm or this?

xylim98 commented 1 year ago

I think for long run, to keep our apps more safe we would somehow need VPN. Since ERP is an internal application with many internal and sensitive information, don't think it's appropriate to make it public facing.

The difference btw SSO and VPN is, SSO is internet facing, while VPN is in private network. VPN is just another layer of security. If we are confident with our apps security, maybe we don't really need VPN?

Agree on adding VPN will make CGL or erp user more difficult to access. Perhaps, not a topic to focus for now?

I'm fine in closing this for now and revisit when time comes :)

xylim98 commented 1 year ago

Pray that no hacker. Amen.