Securing Your FileMaker Server in the Cloud

Dimitris Kokoutsidis 19 mins0

Koen Van Hulle, Claris Engage 2020

Menu:

  1. Introduction: Why Cloud Security for FileMaker Server Matters
  2. Meet Eric: An In-House Developer’s Journey to Cloud Security
  3. The Growing Concern: Why Cybersecurity is Crucial for Small Businesses
  4. The CIA Triad: The Core of Secure FileMaker Hosting
  5. Exploring Hosting Options for FileMaker Server
  6. In-House vs. Data Center vs. Cloud: What’s Right for You?
  7. FileMaker Cloud: A SaaS Solution with Built-In Security
  8. What You Need to Deploy FileMaker Server Securely
  9. Preparing and Configuring FileMaker Server in a Data Center
  10. Firewall, VPN, Remote Desktop: Essential Cloud Security Configurations
  11. Securing Your FileMaker Server with SSL, Encryption, and Backups
  12. Eric’s Key Takeaways on Securing FileMaker in the Cloud

Introduction: Why Cloud Security for FileMaker Server Matters #tag1

With the increasing shift toward cloud-hosted solutions, securing your FileMaker Server has never been more critical. Hosting your FileMaker solution in the cloud offers many advantages, including accessibility and scalability, but it also presents significant security challenges. At Claris Engage 2020, Koen Van Hulle of Lesterius delved into these challenges and explained how developers and businesses can securely deploy FileMaker solutions in the cloud.

In this detailed blog post, we’ll follow the journey of Eric, an in-house developer at the fictional company ClipFactory, as he transitions his FileMaker Server to the cloud. You’ll learn about the critical steps Eric took to ensure his solution was not only functional but also secure in a cloud environment.

Meet Eric: An In-House Developer’s Journey to Cloud Security #tag2

Eric, a problem solver at ClipFactory, worked alongside Emma, a contract manager, to design an app for managing the company’s deals and contracts. Their application needed to support FileMaker Pro, FileMaker Go, WebDirect, and Claris Connect, while integrating with DocuSign for electronic signatures. The solution worked perfectly in-house, but Eric’s boss threw in a curveball: “Can we use this at home or at customer sites?”

Eric, like many developers, hadn’t considered the challenges of securely hosting his solution in the cloud. The journey to cloud deployment led Eric to ask himself several crucial questions, including:

  • Where do I host?
  • What about security and compliance?
  • How do I protect against growing cybersecurity threats?

This blog post will walk through the answers to these questions, drawing on lessons from Eric’s experience.

The Growing Concern: Why Cybersecurity is Crucial for Small Businesses #tag3

Eric quickly discovered some alarming statistics about cybersecurity:

  • Cyberattacks are increasing year by year, with the number of reported vulnerabilities growing exponentially.
  • 43% of cyberattacks target small businesses, not just large corporations.
  • A staggering 92% of internal networks fail basic penetration testing, revealing serious vulnerabilities.

The main security gaps identified in internal networks fall into four categories:

  1. Configuration Flaws: Misconfigured systems often due to lack of expertise.
  2. Failure to Install Security Updates: Unpatched systems become easy targets.
  3. Vulnerabilities in Web Applications: Outdated or poorly written web applications allow attackers in.
  4. Weak Password Policies: Simple passwords or weak security practices make it easier for attackers to gain access.

Eric realized he needed to secure his solution before bringing it to the cloud. The next step was understanding what security meant and how he could achieve it.

The CIA Triad: The Core of Secure FileMaker Hosting #tag4

A good security model is based on the CIA Triad, which covers three essential principles:

  • Confidentiality: Ensuring only authorized people can access sensitive data.
  • Integrity: Ensuring the data remains accurate and unaltered.
  • Availability: Ensuring data is accessible when needed, without unnecessary downtime.

Eric needed to apply these principles to his FileMaker deployment:

  • Confidentiality: Who can physically access the server or backups? Are there strict access controls in place?
  • Integrity: Is data properly encrypted during transfer? Are there mechanisms to prevent unauthorized tampering?
  • Availability: Does the server have backup power and network redundancy? What measures ensure uptime during failures?

These were the questions Eric would have to answer as he explored his hosting options.

Exploring Hosting Options for FileMaker Server #tag5

Eric had four main hosting options for his FileMaker Server:

1. In-House Hosting

This would allow Eric to maintain full control over his infrastructure. He would choose the hardware, configure the network, and manage every security aspect, including physical access. However, in-house hosting required:

  • High costs: For purchasing and maintaining hardware.
  • Security expertise: To ensure the infrastructure was protected from cyberattacks.
  • Remote access solutions: With many employees working from home, Eric needed a secure way to provide access to remote users.

2. Data Center Hosting

Data centers offer dedicated or virtual private servers (VPS) for hosting solutions. Some advantages of data centers include:

  • No hardware investment: Eric wouldn’t need to buy or maintain the physical hardware.
  • 24/7 monitoring: Many data centers offer real-time monitoring of the server infrastructure.
  • Better physical security: Data centers often have strict access controls to prevent unauthorized access.

However, Eric would still be responsible for installing and maintaining the FileMaker Server software and securing the server itself.

3. Claris Hosting Partners

Claris offers partnerships with certified hosting providers who specialize in FileMaker deployments. These partners provide managed hosting, where they handle all aspects of FileMaker server setup and management. While this reduces the complexity for Eric, it also comes with:

  • Higher costs: Managed hosting is generally more expensive.
  • Less control: Eric might not have direct access to manage every aspect of the environment.

4. FileMaker Cloud

FileMaker Cloud, a SaaS solution provided directly by Claris, simplifies many aspects of hosting. It offers:

  • Full infrastructure management: Claris takes care of everything, including security updates, server monitoring, and backups.
  • Built-in compliance: FileMaker Cloud meets various regulatory standards such as GDPR, ensuring data privacy.
  • Integrated security: End-to-end encryption, built-in SSL certificates, and Claris ID user authentication simplify security management.

However, Eric needed to consider the limitations of FileMaker Cloud, such as lack of support for ODBC, XML publishing, and certain plugins.

In-House vs. Data Center vs. Cloud: What’s Right for You? #tag6

Ultimately, the choice between in-house, data center, or cloud hosting depends on several factors, including control, cost, and security needs. Let’s compare the pros and cons of each option.

In-House Hosting:

  • Full Control: Eric would have total control over the hardware, network, and security.
  • Security Responsibility: All security concerns, including physical security, encryption, and backups, would fall on Eric’s team.
  • Cost: High upfront costs for hardware and ongoing maintenance.
  • Availability: Managing power redundancy and failover systems would be Eric’s responsibility.

Data Center Hosting:

  • Shared Responsibility: Data centers would handle hardware maintenance and physical security, but Eric would still manage the FileMaker Server software and configuration.
  • Security Benefits: Data centers often have strict access controls and monitoring systems in place.
  • Cost: No need for upfront hardware investment, but ongoing server rental costs.
  • Scalability: Easy to expand resources (CPU, memory, storage) as needed.

FileMaker Cloud:

  • Managed by Claris: Claris manages everything, from infrastructure to security updates, backups, and monitoring.
  • Compliance: FileMaker Cloud complies with global data protection standards like GDPR.
  • No Need for SSL Management: SSL certificates are handled automatically by Claris.
  • Limitations: Lack of support for certain technologies such as XML publishing, ODBC, and custom plugins.

FileMaker Cloud: A SaaS Solution with Built-In Security #tag7

FileMaker Cloud offers several benefits for developers like Eric who prefer a hands-off approach to infrastructure management. Here’s a closer look at its security features:

  • End-to-End Encryption: Data is encrypted during transfer and at rest, ensuring that it cannot be intercepted or tampered with.
  • Claris ID Authentication: Built-in Claris ID or OpenID support allows for secure user authentication, eliminating the need for Eric to manage passwords.
  • Compliance with Regulations: FileMaker Cloud meets compliance requirements for GDPR, HIPAA, and other data protection regulations.
  • Automatic Backups: Claris handles all backups, reducing the risk of data loss due to server failures or human error.
  • No SSL Hassles: Unlike on-premise servers, where Eric would need to manage SSL certificates manually, FileMaker Cloud comes with built-in SSL certificates that are automatically renewed.

What You Need to Deploy FileMaker Server Securely #tag8

Eric’s final choice was to host his FileMaker Server in a data center. Here’s what he needed to ensure a secure deployment:

  1. A Server: Eric chose a VPS (Virtual Private Server) for its flexibility and scalability.
  2. Registered Domain Name: A domain name like filemaker.clipfactory.com.
  3. SSL Certificate: To ensure encrypted communications, Eric needed to install an SSL certificate linked to the domain.
  4. Backup Solutions: Regular backups were essential to ensure data integrity and availability.
  5. Firewall Configuration: Eric had to configure his firewall to allow necessary ports: 5003, 80, 443, 16000, and 2399 (if using ODBC).

Installing and Securing FileMaker Server in a Data Center #tag9

After choosing a Virtual Private Server (VPS) in a data center, Eric began installing FileMaker Server. To ensure proper security, he took the following steps:

  1. Firewall Setup: Eric configured the firewall to allow traffic on the necessary ports while blocking unnecessary services.
  2. SSL Installation: He installed the SSL certificate to secure communications.
  3. Remote Management: To manage the server, Eric used VPN or SSH Gateway instead of directly exposing Remote Desktop.
  4. File Sharing: Eric avoided using SMB or plain FTP, instead opting for SFTP or FTP over TLS for secure file transfers.

Firewall, VPN, and Remote Management for Cloud Servers #tag10

For secure remote access to the FileMaker Server in the cloud, Eric followed these best practices:

  • VPN or SSH: Instead of exposing Remote Desktop Protocol (RDP) directly, Eric used VPN or SSH Gateway to manage his server securely.
  • KVM Management: In cases where Eric needed direct console access, he used the KVM (Keyboard, Video, Mouse) management tools provided by the data center.
  • Disable Unnecessary Services: He closed any unused ports and disabled unnecessary services to reduce the attack surface.

Essential Security Tips: SSL Certificates, Encryption, and Backup #tag11

SSL Certificates: One of the most challenging aspects of FileMaker Server installation is setting up an SSL certificate. Eric learned that the default certificate provided by FileMaker is only for testing purposes and that a proper SSL certificate must be installed for production environments.

Encryption: Both data at rest and data in transit should be encrypted to prevent unauthorized access.

Backup Policies: Regular backups, stored securely in multiple locations, are critical for ensuring data integrity in the event of hardware failure or data corruption.

Key Takeaways from Eric’s Cloud Hosting Journey #tag12

Eric’s journey to secure FileMaker Server in the cloud taught him several important lessons:

  1. Choose the Right Hosting Option: Whether you host in-house, in a data center, or use FileMaker Cloud, make sure the solution fits your security and performance needs.
  2. SSL Certificates Are Essential: Even for internal networks, an SSL certificate is required for securing communications.
  3. Keep Everything Updated: Always use the latest versions of FileMaker Server, operating systems, and security patches.
  4. Security is a Shared Responsibility: Cloud providers offer infrastructure security, but you must ensure that your application and data are protected.

By following these best practices, Eric successfully secured his FileMaker Server in the cloud, ensuring that his data and applications were safe from modern security threats.

This blog post serves as a comprehensive guide to securing your FileMaker Server in the cloud. Whether you’re an in-house developer or working with a hosting partner, following these steps will help you achieve a secure, compliant, and reliable FileMaker environment.

Dimitris Kokoutsidis

Related Articles