Hello -
We are looking to create a publicly shared survey using Survey123 that captures photos (to determine if holes have been dug correctly). The users will change frequently and are external partners that we have contracted with. To manage these new users and add them to our portal with the correct User Type, we fear will become an daily administrative burden.
Because of this, we are exploring sharing the survey with the public and also following Esri’s Best Practices - https://downloads.esri.com/RESOURCES/ENTERPRISEGIS/Limiting_Access_to_Public_Survey123_Results.pdf
IT Security Issue
The issue raised by IT Security is the potential for malware to be embedded/included in Photos submitted from this public survey.
Questions
I found this post, but it did not provide any answers to my specific question - https://community.esri.com/thread/246340-does-survey123-create-vulnerabilities
I could imaging other companies may have this concern if you generate a publicly shared survey in Survey123 to engage the public to assist in identifying Street Lights that are broken/not working or reporting graffiti.
Thanks in advance for any assistance Esri can provide regarding my questions. Have a great day!
Best regards,
Colleen Madigan Schelde
Orsted/radiuselnet
comas@radiuselnet.dk
Hi Colleen,
To asnwer your questions:
1. With image question, only the image format is allowed to upload and if the format is other than the supported image formats, it will throw an error and upload is not allowed. I am not aware of the malware scanning on AGOL. The image question will initially scan the file format and will bock any other image formats which we do not support with.
2. Currently there is an enhancement request submitted for this request.
ENH-000116753 Allow disable the upload image from device's files in survey 123
I encourage you to contact Esri Support. Our Support team will assign an official enhancement number for your records. Similar requests from other customers can then be attached to the same enhancement request, which helps us assess demand for the enhancement and prioritize it accordingly.
Hello Shwu-jing-
Thank you for your quick response to my questions.
I was wondering if you have some more detailed documentation regarding the ArcGIS Online supported image formats and the process ArcGIS Online goes through to approve/reject the image that you could share with me (in PDF or links). I will need to provide this information to IT Security for clarification.
I will Question # 2 to Esri Support as you suggest.
Thanks again and I look forward to hearing back from you.
Have a nice day!
Best regards,
Colleen Madigan Schelde
Orsted/Radiuselnet
comas@radiuselnet.dk
Hi Colleen,
All uploads submitted to ArcGIS Online are scanned for viruses and malware as required by our FedRAMP accreditation.
You’ll find our attestation to this fact in our Cloud Security Alliance (CSA) Consensus Assessments Initiative Questionnaire (CAIQ).
This document is one of many we provide in the documents tab in the ArcGIS Trust Center. We scan all uploaded files submitted to ArcGIS Online for viruses/malware. If malware or a virus is detected, the file is rejected and the event is logged in the customer’s organization in the activity log.
Common Questions we answer here include:
Thank you for this information!
Do these security measures also apply when using a feature service hosted on ArcGIS Sever as opposed to hosted through ArcGIS Online through AWS and MS Azure?
Thanks.