Security… can you tell us more?

Wow, first, THANK YOU for all the great feedback on the "annual review" question. It was a nice shot in the arm for the team. I have this theory on the type of folks we hire here… “A students”… always look at what needs to be done and tend to forget about what has been done. I’m really glad that you reminded them of the terrific work they’ve done this year and in the years past! As for your annual review… QuickBase has the best customers!!! You all get A+ for active, thoughtful participation!

Speaking of stuff to be done though… one theme in what you wrote is security. This is also a hot topic in the industry (software-as-a-service and software in general). Baseline magazine recently had a good, brief Q&A with Howard Schmidt (a top security expert from eBay and Microsoft). In this article, I noticed a focus on the enterprise as a large group of individuals, rather than the enterprise as a big box we can fortify and control. For example, he talks about encryption, which is an "edge" strategy, as it happens not only on the corporate systems, but on the laptops of individuals. And, he talks about accidental data leakage by “personal” systems, etc.

Following Schmidt’s lead, QuickBase is a platform, where you have the ability to control access to your data. We both have critical roles in the security of your data, which leads me to the following questions:

1.    Do you use any other hosted applications? If so, who makes you feel the most comfortable about their security and why?

2.    What have you done in your own company that makes you feel secure about your data and why?

3.    What would you like to see as a security statement on QuickBase? How often would you expect this to be “audited”, if at all?

4.    What practices and processes have you put in place for your QuickBase applications to control access to data? Are those different from your internal systems?

5.    What are the additional product features that would make you feel more secure when using QuickBase?

Did I miss any key questions or thoughts?

Because I know security is a sensitive issue. If you want, you can send me your responses directly. Intuit’s email convention is firstname_lastname@intuit.com. For those of you who don’t know me, my first and last name are after the "Posted by" at the end of this post. :-)

Also, for anyone new to QuickBase, QuickBase has many capabilities to allow you to control access to your data. If you have questions, please submit a Support request if you are a current customer or ask your Application Specialist about it if you are in a trial. Also, you can check out our Security Statement for the basics on what we do on our side.

  • Ivan Uhrin

    Hi Jane,

    I am using this way for request of help therefore option Support under Help option is not working. Problem described below has connection with security inside company.

    Description of stage:
    We have in QuickBase one role, for group of persons which have special rules. For each person of this role exist own view where is allowed to view complete records (all fields)if this record meets condition with name of person in this view is allowed to edit some special field. For all person of this role exist common view where is allowed to view all records of database but not complete (only some not sensitive fields).

    Description of problem we have and we need to solve it:
    If person of above mentioned role are using option “FIND” then they are able to see any complete records, the conditions for views are not valid. I don know how to restrict ability for this option “FIND”. Found record is possible see completely after pushing button “DISP” or “EDIT”. Could you give me some advice how to solve this problem?

    Ivan Uhrin

    [Reply]

  • Ivan Uhrin

    Hi Jane,

    I am using this way for request of help therefore option Support under Help option is not working. Problem described below has connection with security inside company.

    Description of stage:
    We have in QuickBase one role, for group of persons which have special rules. For each person of this role exist own view where is allowed to view complete records (all fields)if this record meets condition with name of person in this view is allowed to edit some special field. For all person of this role exist common view where is allowed to view all records of database but not complete (only some not sensitive fields).

    Description of problem we have and we need to solve it:
    If person of above mentioned role are using option “FIND” then they are able to see any complete records, the conditions for views are not valid. I don know how to restrict ability for this option “FIND”. Found record is possible see completely after pushing button “DISP” or “EDIT”. Could you give me some advice how to solve this problem?

    Ivan Uhrin

    [Reply]

  • http://www.quickbase.com/ Jana Eggers

    Hi, Ivan,

    I’ve asked the Support team to get in touch with you to understand why Support isn’t working for you.

    Regarding your comment on security, what you are describing (and our Support team will follow up with you on this as well) sounds like you need to work on field (and possibly record) permissions in your QuickBase application. Restricting Views to a role is not a form of data security. Restricting Views for a role is about focusing the end users on the Views they need for their job… to make their job more efficient. These help topics should get you started:

    Field restrictions: https://www.quickbase.com/help/about_restricted_fields.html
    Record restrictions: https://www.quickbase.com/help/creating_a_custom_rule.html
    Group record permissions: https://www.quickbase.com/help/assigning_group_records_access.html
    Associating views with roles: https://www.quickbase.com/help/specifying_views.html (Note this one isn’t about data protection, but describes why you limit views, i.e., for workflow.)

    I’m also going to talk to our help guru about how to make this more clear to folks, because with this great example, I see what you were expecting. THANKS! With all this functionality, it is hard to sort through what is exactly right for your situation.

    Hope that helps!
    Jana

    [Reply]

  • http://www.quickbase.com Jana Eggers

    Hi, Ivan,

    I’ve asked the Support team to get in touch with you to understand why Support isn’t working for you.

    Regarding your comment on security, what you are describing (and our Support team will follow up with you on this as well) sounds like you need to work on field (and possibly record) permissions in your QuickBase application. Restricting Views to a role is not a form of data security. Restricting Views for a role is about focusing the end users on the Views they need for their job… to make their job more efficient. These help topics should get you started:

    Field restrictions: https://www.quickbase.com/help/about_restricted_fields.html
    Record restrictions: https://www.quickbase.com/help/creating_a_custom_rule.html
    Group record permissions: https://www.quickbase.com/help/assigning_group_records_access.html
    Associating views with roles: https://www.quickbase.com/help/specifying_views.html (Note this one isn’t about data protection, but describes why you limit views, i.e., for workflow.)

    I’m also going to talk to our help guru about how to make this more clear to folks, because with this great example, I see what you were expecting. THANKS! With all this functionality, it is hard to sort through what is exactly right for your situation.

    Hope that helps!
    Jana

    [Reply]