Skip to main content

Essential Security Best Practices for ArcGIS Online Administrators

ArcGIS Online Administrators plays a crucial role in ensuring a secure and efficient environment for your organization’s subscription. Let’s explore best practices that will help you optimize performance and safeguard your organization’s data.

Content Awareness

  1. Monitoring and Cleaning Up Content:

    • Regularly review the content within your ArcGIS Online organization. This includes web maps, apps, layers and other items created by your organization’s members. Be aware of their usage and size. Use the Organization Status page to get a pulse on your organizational content. 
    • Identify outdated or irrelevant content. Reach out to the content owner, and discuss or assess the need for the item. Make an action plan, whether it is transferring ownership if the owner is no longer with your organization, and either archive or delete it.

Use the Organization Status page to view details on your content.

2. High Consumption Content:

    • Keep an eye on items with high consumption rates (such as heavy traffic maps or layers). Engage with content owners to validate the necessity and security of high-consumption items.

    • Follow up with individuals who own or use these types of content to ensure it aligns with organizational goals.

    • Assess what factors are driving the traffic on these items. Are they internal or publicly available? Look at the number of views on these items.

View the Trending and Most Popular Content.

3. Delete Protection Enabled Content:

    • Some items may have Delete Protection enabled. Monitor these closely for any unusual activities or security threats. Access the settings from any Item’s description page to validate if this option is enabled.
      Checking Delete Protection from an Item’s Details page.
    • If necessary, engage with the owners to verify the need for this protection.
    • Create and enforce content categorized as “Do Not Delete” for a quick review of these items.
      Utilizing the Do Not Delete Category.

4. Review Older Items Older (on a preferred schedule):

    • Evaluate items that have been inactive for more than your preferred schedule. Review their last modified date from your My organization content page. Archive or delete content that is no longer relevant.
      Viewing a Table sorted on Modified Date.

5. Trusted Servers:

    • Trusted Servers can be a gateway you grant to your organization for collaboration outside the organization. Ensure that servers added to your ArcGIS Online organization are secure and trusted.

    • Regularly review and validate the Trusted Server connections defined in your ArcGIS Online security setting.
    • Remove immediately any Trusted Servers that you cannot identify or are no longer needed.

Explore Trusted Servers added to your ArcGIS Online Security Settings.

6. Groups by Owner Outside the AGOL Organization:

    • Monitor groups created by users outside your organization joined by members of your organization. View this list on the My organization’s groups option from the Groups item on the menu.
    • Assess the relevance and security of these groups.

Using filters to triage groups with external connections.

User Management

  1. New and Past Employees:

  • Be diligent. Grant or revoke access based on current employment status.

  • When an employee leaves, promptly remove their access to prevent unauthorized use.

  • Clean Test Users:

    • Test accounts can accumulate over time. Identify and remove them to free up resources and avoid unauthorized access

    • Ensure that test users are not consuming licenses unnecessarily.

  • Users You Cannot Identify:

    • Avoid retaining users whose identities cannot be verified.

    • When deleting a user, remember that it also deletes their content and revokes licenses. Assign new owners if necessary.

    • Perform this cleanup on a preferred schedule or as needed.

    • Order the cleanup process by the last used date to prioritize active accounts.

    Deletion Schedule

    Regular Checks (as preferred schedule):

    Implement a systematic deletion schedule. Design a desired frequency and opt for a regular schedule such as bi-weekly, monthly, quarterly or the requirement of your choosing.

    Takeaways

    Remember, we must maintain a clean and organized ArcGIS Online environment that contributes to better performance, security and user experience. By Adopting these tactics, you are taking a step ahead towards:

    • Protection of your organizational content

    • Avoid leaks of your confidential data

    • Awareness of your public exposure

    About the Author

    Jessica McCann is a Senior Support Enablement Consultant at Esri Canada. She supports a wide range of Esri products, including ArcGIS Pro, ArcGIS Online and ArcGIS apps for the field. Jessica holds a BA in geography and education from the University of Moncton and a certificate in cartography: digital mapping from the Centre of Geographic Sciences. Her past times are camping with her family, orienteering, and spending time outdoors. Jessica is fully bilingual in English and French.

    Profile Photo of Jessica McCann