In my previous post (Creating a Flow to set record image), I created a way to bring an image into the CDS from an external source. This works well (obviously!).
There are 3 stages involved in the process:
The next stage of thinking is if we would be doing this in an enterprise environment, how would we do things differently? Talking to Mike Carlton, there are a number of things that we’d need to take into consideration, including (but not limited) to:
- Security
- Storage
- Compatibility
- Classification
- Record management & lifespan
Let’s talk about these, and go into more detail for each
Security. There are a number of ways in which people try to hide attacks. One of these ways are in images – it’s possible to include a .exe file (or similar) – the user downloads a normal looking image, which is actually an attach vector onto the computer. To minimise the risk of this occuring, the image file would need to be scanned by appropriate antivirus/antimalware first (which is a Flow action, using Azure Security for this purpose). Incidentally Microsoft use the same heuristic engine across all of their estate, so some people would want to also incorporate a second one as well
Storage. As everyone knows, storage is important! And depending on what type of storage is being used, pricing can vary greatly (anyone who’s costed D365 storage against Sharepoint storage against Azure Blob storage will know this). It’s therefore important to keep on top of this, as otherwise it’s very possible that the storage costs will increase rapidly! It would therefore be rational to include a file size check, to avoid someone trying to use an image file that’s hundreds (or thousands) of MB’s.
Compatibility. In the scenario here, we’re using an image. There are many different image types, and when scaling up we should implement checks to ensure that the image type is indeed one that’s supported (by whatever system we’re pushing the image into). In scenarios for other data types, it would also be important to check (and enforce when required).
Classification. When bringing data into a system from external resources, it’s essential that correct classification (ie metadata) is stored against the data. This ensures that the system is kept
Records Management & Lifespan. When scaling up functionality, it’s important to start considering who should have access to the data, and if any necessary security controls should be put in place to manage this. It’s also important to understand how long data should be kept with the system, and if processes should be implemented in order to redact and/or remove the data after a specified period of time (this is extremely relevant with GDPR now being in place)
