Friday, February 10, 2012

Explain it to Your Boss: The Map is There but Your Data is Still Here

Some business managers don’t want “our” data sitting on “their” map server.   So they’re reluctant to share sensitive business data in maps that are authored and published at public map portals.

They may think that when we publish our map data in the “cloud”, we give up ownership and the security oversight of our data.   That’s not necessarily so.  You can explain it to your boss like this, using an example from the ArcGIS Online mapping portal --  

You can sit behind your firewall and publish your sensitive data in a web map.  Here's what it looks like:

Your boss might not understand that although the map is at ArcGIS Online, your map data does not have to be.  Web page and map components can come from many public web servers, while the map data itself remains secure.  The map data comes from your secure GIS server:

It gets delivered to the web map only if the browser user has been granted access to our GIS server; that is, if the user’s computer is also sitting behind the same firewall with the GIS server, or if the user has login access to your GIS server from outside.   

If no access is granted to your GIS server, the points will not appear on the web map.   Only the background (basemap) will appear.

The business data (map points) are all we need to own and control.  At the same time, we can build on free, publicly-available code and data platforms for map programming and publishing.   For example, the background map could come from public servers at Esri, Google, or OSM:

We don't have to build the map widgets ourselves.  In this example, they're sent to the browser from Esri’s Javascript API server.  But they could have come from Google Maps or another server:

The ”Dojo-Javascript”  layout of the web page – header, banner panel, navigation panel – could be from code that sits on the Google or Yandex CDN servers:

Code from other Web servers could also be embedded in the map or the web page.  For example, we might overlay our data layer with weather data coming from NOAA or tweets from Twitter.  So, in an example like this, we may rely on 4 or more different public web servers, all supporting the publication and sharing of our secure geospatial data.

So, your boss and trusted colleagues can sit behind our firewall and benefit from web mapping in the public cloud.  Their web browser reaches out to the public Internet to bring in elements of the map and page that surround your map data.  But the map data itself stays inside a secure channel from our GIS server to the web browser and map.

I know you understand this.  But your boss might not.

::: ------- :::

Not so simple?

My scenario above won't address the concerns of all business managers.  For example, I worked with a county health department whose management was reluctant to serve up water quality monitoring maps to the public unless they appeared on the county’s web site, rather than at  It was an ownership and branding issue. 

Esri has tried to address this concern with its Public MapsGallery template.  The Gallery is a clever approach that lets an organization author, publish, and host maps at ArcGIS Online, but deliver them in web pages that come from the organization’s own web server, with the organization’s own style and labeling.  No “ArcGIS Online” labels anywhere.  Too clever?  Your boss will have to decide.

Valid security issues -- not just branding -- are raised if you actually upload some or all of your data to the public map portal.  Or if you go to the public portal to author and publish information related to the map, such as authorship, map description, and geospatial metadata.  In that case, you need to understand the hosting services security policy and implementation.  You can read about Esri's for ArcGIS Online, here .

No comments:

Post a Comment