The Delft-FEWS software historically was most commonly installed on-premise at the customer site on servers that were not directly connected to the internet. Nowadays, there are also more and more Delft-FEWS applications that are being deployed in the cloud. This means security standards and guidelines have become more critical than ever before. The Delft-FEWS runs on top of a stack of components like 3rd party components: databases, Tomcat and an embedded JRE. It is the primary responsibility of the customer to apply the latest security fixes to the database and Tomcat. For updates for the embedded JRE it is recommended to contact Deltares. The role of Deltares is to supply guidelines and facilitate security best practices where possible. Deltares maintains a separate section of the WIKI especially for system and database administrators. To view these pages, personal credentials can be supplied. These pages contain highly detailed information for installing and upgrading Delft-FEWS, amongst others about security aspects. For the near future it is foreseen that also managed services from cloud providers (e.g. Tomcat, database) can be applied. All Delft-FEWS developers are security aware and evaluate the existing and potential vulnerabilities on a regular basis. Together with our colleagues from our ICT department they meet regularly to discuss (potential) improvements for each Delft-FEWS release.
...