2021. What an interesting year. With the world turned upside down by a pandemic that seemingly had its sights set on...
ETI-NET – Making all the right moves to ensure security is a priority for all customer interactions.
Headlines keep appearing about one incursion or another. Parties intent on causing disruption, not to mention outright theft, seem to be moving around within our infrastructure almost at will. At ETI-NET we are as sensitive to this issue as we are to the need to provide our customers with the support that they need in a manner that doesn’t compromise their own operations. As we all have seen of late, it may be the PC attached to a copy machine, a coffee machine or simply a server tasked with performing minor maintenance tasks that has proved vulnerable to intruders and in so doing, has laid open the entire enterprise or agency.
As for the latest headline-grabbing cyberattack, it was indeed through an outside organization, SolarWinds, that was providing network management software which ultimately was the receptacle for malware. According to posts on the Microsoft blog, “As SolarWinds has reported, the attackers installed their malware into an upgrade of the company’s Orion product that may have been installed by more than 17,000 customers. If it can happen to Microsoft and the US Government, then as a responsible vendor supporting major corporations in financial services markets, we chose to take all necessary steps to mitigate possible compromises coming from ETI-NET.
With BackBox (BB) and now virtual BackBox (vBB) being as widely deployed as they are today, the opportunities to intercept basic communications between ETI-NET and any number of major global enterprises were such that we have now improved our BB security features to meet the customers’ compliance requirements. “Starting with two form-factor login, the new BB release 4.9 will have those security features we covered in previous articles,” said ETI-NET COO, Sylvain Tétreault. It was in an article published in the August 2020 issue of NonStop Insider of how ETI had been working on satisfying a security request from a number of our banking customers and how it has been a priority of late for our development team. What this has entailed has to do with the customers’ request to enhance the control of passwords. “As of now, when a bank wants to change passwords associated with BackBox (BB), they do so one at a time,” said Tétreault. “This is cumbersome with the potential for errors and without central control and oversight. What we will be providing will be a centralized command executing a script.”
In the December, 2020 issue of NonStop Insider, we further acknowledged that in exchanges with our customers, there were “security and compliance requirements we were already aware of but validation of our implementation was important for us,” said Tétreault. “There is still more work to be done in this regard but we continue to work closely with our customers to ensure our approach meets their security requirements.” However, our customers are also asking ETI-NET to meet their security requirements as they apply to our own internal procedures and systems.
“In 2020, we have been working hard to implement new tools in order to meet those requirements,” said Tétreault. “This most recent work further illustrates how ETI-NET is fully committed to its customers and makes sure that our internal procedures and systems meet customers’ security compliance requirements.” Looking through the list of requirements, four of our customer’s most urgent needs stand apart as they have led to further development having been undertaken on the part of the ETI-NET development team:
Some examples of requirements that ETI-NET has addressed by installing the proper tolls are:
1) Implement data loss prevention (DLP) controls for outbound emails,
2) Implement and document a process to ensure multi-factor authentication is applied,
3) Implement a process to ensure that the use of privileged accounts is logged, and
4) Ensure weekly network vulnerability scans are completed.
The task of ensuring security is in place to protect our customers and it is an ongoing process for ETI-NET. “We see little indication that there will be any easing in the number of attacks being launched by unauthorized parties,” said Tétreault. “What we are doing however is letting our customers know of our commitment to ensuring their requirements of us remain a priority for our development teams.” With our new BB release 4.9 you will find all of these new security enhancements but in time, it is likely that even more capabilities are provided as we continue to work with our customers and our partners to ensure their NonStop applications with their need for backup are not a vulnerability that makes headlines any time soon!
Should you then have questions about BB and vBB or if you need to know even more about the security measures we have taken, don’t hesitate giving us a call or sending us an email.
email@example.com (514) 663-0501