As enterprise GIS platforms become increasingly central to organizational operations, security is no longer optional, it’s foundational. From sensitive spatial data to mission-critical services, modern ArcGIS Enterprise environments must be designed with resilience, reliability,and compliance at their core.
Working with the team at Blue Raster, Stearns Weaver Miller completed an ArcGIS Enterprise implementation with a strong emphasis on security hardening and compliance. Rather than treating security as a final checklist item, it was embedded throughout the systemassessment, configuration, and deployment process.
In this blog, we’ll demystify the Esri ArcGIS Enterprise Hardening Guide, explain why it matters, and share practical lessons learned from applying it in a real-world enterprise GIS environment.
Who They Are
Stearns Weaver Miller is a multidisciplinary organization with a robust GIS practice, delivering enterprise-grade geospatial solutions with an emphasis on security, reliability, and compliance. As a leading Florida-based law firm, the organization supports clients across highly regulated sectors including government, real estate, environmental, and financial services, where secure access to authoritative spatial data is critical. Their GIS platforms play a key role in enabling informed decision-making, regulatory compliance, and long-term operational resilience.
Our Project
Blue Raster supported an ArcGIS Enterprise implementation that included a system assessment, secure configuration, and alignment with Esri’s recommended hardening practices. The goal was to ensure the platform met both internal security standards and external compliance expectations.
Why It Matters
Given the sensitivity of the data and the critical nature of system availability, security and compliance were top priorities from day one.
What Is the Esri ArcGIS Enterprise Hardening Guide?
The Esri ArcGIS Enterprise Hardening Guide is a comprehensive set of security best practices designed to help organizations protect their ArcGIS Enterprise deployments from common vulnerabilities and emerging threats.
Definition & Scope
The guide provides recommendations across authentication, authorization, network security, encryption, system configuration, and operational practices. Its purpose is to reduce the risk of misconfiguration and minimize exposure in enterprise GIS environments
You can access the guide here.
Purpose
Esri developed the guide to help organizations take a proactive approach to GIS security, strengthening systems before vulnerabilities are exploited, rather than responding after incidents occur.
Why Compliance Matters
Understanding the Risk Landscape
An improperly hardened ArcGIS Enterprise environment can expose organizations to unauthorized access, data leakage, service outages, and reputational risk. These risks grow as GIS platforms become more tightly integrated with enterprise identity providers, cloud infrastructure, and external applications.
Alignment with Broader Best Practices
Following the Hardening Guide helps align GIS deployments with broader organizational and regulatory frameworks, including internal IT security policies, NIST guidance, and zero-trust principles.
Real-World Value
In practice, hardening measures, such as stronger authentication controls, reduced attack surfaces, and encrypted communications can significantly lower the likelihood and impact of security incidents before systems ever reach production.
Key Hardening Challenges and How We Addressed Them
During this implementation, we encountered a few common configuration gaps where environments often fall short of Esri’s recommendations. Below are three examples and how they were resolved.
Web Application Firewall (WAF) Configuration
What We Observed
The environment lacked a defined web application firewall rule set to filter unauthorized or malformed requests.
Why It Matters
Without a WAF, publicly exposed endpoints are more vulnerable to common web-based attacks and unauthorized access.
How It Was Addressed
We assisted with implementing and tuning a WAF rule set that aligned with ArcGIS Enterprise traffic patterns, while blocking unapproved requests. See “Implement Web Application Firewall” on page 43 of the Esri Hardening Guide.
Outcome / Benefit
Improved protection against malicious traffic without impacting legitimate GIS services.
Portal for ArcGIS Sharing Proxy
What We Observed
The Portal for ArcGIS sharing proxy was enabled even though it was not required.
Why It Matters
An enabled sharing proxy can introduce additional risk, including exposure to Denial of Service (DoS) or Server-Side Request Forgery (SSRF) attacks.
How It Was Addressed
We assisted with disabling the sharing proxy in accordance with Esri hardening recommendations. See “Configure Cross-Origin Resource Sharing Allow List” on page 47 of the Esri Hardening Guide.
Outcome / Benefit
A smaller attack surface and reduced risk without affecting core functionality.
Network Access Restrictions
What We Observed
Security group rules allowed broader access than necessary, including non-internal IP ranges and unneeded open ports.
Why It Matters
Overly permissive network access increases the attack surface and risk of unauthorized access.
How It Was Addressed
We helped restrict access to approved internal IP addresses and locked down all ports to only those required for ArcGIS Enterprise operations. See “Implement Intermachine Network Restrictions” on page 45 of the Esri Hardening Guide.
Outcome / Benefit
Reduced exposure and stronger alignment with least-privilege networking principles.
Lessons Learned & Best Practices
Several key best practices stood out during this implementation:
- Document everything. Clear documentation ensures hardening decisions are repeatable and defensible.
- Treat hardening as an ongoing process. Security requires continuous review as systems and integrations evolve.
- Automate where possible. Configuration checks and monitoring help reduce human error.
- Collaborate early with IT security teams. Early alignment prevents rework and accelerates delivery.
For GIS administrators, the takeaway is simple: start with the Hardening Guide early, and use it as a living reference throughout the lifecycle of your ArcGIS implementation.
The Esri ArcGIS Enterprise Hardening Guide provides a clear framework for securing enterprise GIS environments, but its true value comes from thoughtful, real-world application.
By prioritizing security and compliance throughout the ArcGIS Enterprise implementation, Stearns Weaver Miller delivered a system that meets both operational requirements and modern security expectations.
Take the Next Step
Ready to strengthen your ArcGIS Enterprise environment?
Contact Blue Raster to assess your current deployment and align it with Esri’s security best practices.