Jason Montgomery

Security is an important element of any system, and K2 blackpearl has a good offering of security features; however, software security features do equate to a secure system. Like all software, the security of K2 blackpearl goes well beyond the administration and management of authentication (who can login) and authorization (what they can access) or the APIs that provide the use and extensibility of security features, which are all certainly important critical core security features. Instead, the security of any individual system requires a holistic, enterprise-wide approach starting with buy-in from the highest levels of management, mandated to all employees through the policies, including the ability to execute and enforce these policies in an effective manner, while balancing the business needs with the security controls so that information security doesn't present unnecessary barriers to actually getting the work done. What a daunting task! This is because information security is not simply an IT function; it is also a business function.

With that said, there are many facets of information security to cover. When you survey K2 blackpearl, including all the interdependent systems, a picture emerges of an overwhelming task of securing it all — a task that's often ignored due to a lack of knowledge or put off due to time constraints. Since this book is not strictly for developers, this chapter will provide security ...