A few weeks back we had the opportunity to participate in an Esri GeoDev webinar, where we went into detail about technical and non-technical controls to help #ArcGISOnline be more secure, respect privacy, and prevent propagation of "fake news". We explain ArcGIS Online configuration options and best practices, explore the need for processes and pipelines to govern information delivery, and demonstrate tools to help regularly monitor the security and sharing status of both ArcGIS Online items and the ArcGIS Online organizational account as a whole. We also introduce and discuss Esri’s product security incident response team and discuss Esri’s incident response process.
Key take-aways: *Leverage "Organization Specific Logins" whenever you can *Enable MFA to ensure non-repudiation *Build processes for content validation before sharing *Join Esri's Verified Organization Program: Be the source of truth! *Use the ArcGIS Advisor to validate your Org settings