Since the end of 2024 we have been communicating on our official Lifecycle Policy page that the Windows GUI (2-tier) would no longer be supported with Platform releases in 2026. In addition, we have been warning about the end of the Windows GUI (2-tier) in all 2025 Platform release notes, in multiple Community blogs, as well as on the 2025 Developer Event. In a new series of blogs we aim to clarify why transitioning to the Universal UI benefits you as a customer, from the angles of security, functionality and usability. This time from the angle of Security-by-Design.
How to transition to the Universal UI is already covered in below blog and dedicated Documentation:
Security-by-Design
Recent news items once again highlight the importance of Security-by-Design. The hype of Vibe coding solutions from a blank canvas throws us back in time by essentially spitting out an overload of spaghetti code and introducing governance & security issues. At the same time, established solutions like Salesforce (Odido hack of 6 million+ customer records) and Mendix (2000+ application with data exposure due to misconfigured authorization) prove vulnerable as well.
The Thinkwise Platform is specifically focused on enterprise-grade applications, making Security-by-Design a core architectural principle. As such, we offer Multi-Factor Authentication (MFA) and Single Sign-On (SSO) out-of-the box, have built-in Security Checks, provide additional Encryption capabilities, and don’t support Anonymous Users at all. In addition, the default settings are usually the most secure options of our platform.
Nevertheless, for the Thinkwise Platform the same risks apply and the Salesforce and Mendix examples provide valuable and urgent lessons. Security is a shared responsibility and 3 important layers must be distinguished:
- Security of the Thinkwise Platform components
- Security of the Infrastructure hosting the Thinkwise Platform
- Security of the Applications built with the Thinkwise Platform
Security of the Thinkwise Platform components
Thinkwise is primarily responsible for releasing a secure Thinkwise Platform. The latest versions of our Platform components are always the most secure. The old adagio “if it ain’t broken, don’t fix it” is no longer valid in the era of constant cyber threats. Therefore, we strongly recommend you keep your Thinkwise Platform up to date with the latest Releases of our products. Also make sure to install all available Platform improvements (hotfixes) on a regular basis.
Pentests are regularly performed to verify the security of the Thinkwise Platform. Find the latest report here: External Penetration Test Thinkwise Platform.
Role-Based Access Controls (RBAC) have been available in the Thinkwise Platform since 2017, allowing you to granularly define access controls and smartly re-use Roles in User Groups:
3-tier architecture
The Windows GUI is directly connected to the Database (2-tier) and each individual user needs access rights on the database to work with the Thinkwise Application. Due to these database rights, enforcing column-level security and row-level security cannot be done by default. As a result, Thinkwise Applications running on the Windows GUI are typically only available on local networks and not exposed to the public internet to ensure they remain secure.
Thanks to the 3-tier architecture with Indicium as Service Tier and Universal as User Interface, significant security improvements are realized.
Column-level security: Indicium is much stricter when accessing an Entity like a Table. If a user isn’t specifically authorized to access a certain Column, they are simply not returned by the API. If this would have been applied to the customer data of Odido, sensitive customer details like the ID-numbers could have been unauthorized to the Support staff.
Row-level security: Authorization / Always On prefilters are used as filters on the data set within an Entity. Instead of returning all records that exist in a Table, Indicium will only return records that are specifically allowed for the authenticated user. Always On prefilters can be used to limit access to data on various levels. Typical examples:
- Individual: records that belong to the user as an individual. E.g. expense reports, personal details, booked hours.
- Legal Entity/Administration/Cost Center: records that belong to the Legal Entity, Administration or Cost Center a user is responsible for. E.g. invoices or projects.
- Status: records that match certain statuses. E.g. Active customers, Approved proposals, Open production orders.
A smart prefilter that only returns customer data when e.g. a birthday and phone number is provided would have significantly reduced the number of leaked Odido customer records. Check for more details “The encouraged way” in below blog:
Security of the Infrastructure hosting the Thinkwise Platform
Customers have always been responsible for the hosting and integration infrastructure of the Thinkwise Platform. Now that applications are supposed to work anywhere, anytime, on any device, the complexity of securing the application has increased. Only allowing access from trusted devices, with VPN connection or via VDI often doesn’t cut it anymore, especially not for API integrations or external portals.
Network segmentation, HTTPS, Certificates, DNS records and Security Headers are crucial elements for securely deploying the Thinkwise runtime components. Refer to our Security documentation and check your public deployments on internet.nl and/or securityheaders.com.
Don’t forget about your File storage locations either. Make sure to encrypt your files data at rest and to perform an antivirus scan on newly uploaded files.
With the Thinkwise Cloud we take care of all above security challenges. Join our Thinkwise Cloud webinar on the 19th of March to learn more.
Multi-Factor Authentication is a must and results in an additional 99% risk reduction on unauthorized access. However, this didn’t safeguard Odido from being hacked, due to social engineering. We strongly recommend Single Sign-On (SSO) with an OpenID provider and enforcing the latest phishing-resistant MFA options.
Security of the Applications built with the Thinkwise Platform
All of the above security measures only safeguard your applications if Thinkwise Developers take their responsibility and consistently apply the available features. The Mendix news highlighted that application-level authorization misconfiguration is the cause of the 2000+ applications with exposed data. While the Thinkwise Platform in combination with the 3-tier architecture offers better security measures out of the box, most of the misconfiguration examples can happen with Thinkwise Applications as well.
We therefore urge our Customers and Developer community:
- to transition to Indicium and Universal UI for security sake, sunset the Windows GUI and remove database rights for users
- to review infrastructure security
- to use phishing-resistant MFA
- to apply Column-level security consistently
- to apply Row-level security consistently
- to use File storage whitelisting
- to use Custom components prudently
- to validate configuration using Security Checks and End-2-End tests
Don’t be the next newsworthy hack. Stay secure!