June 10, 2022
Safeguarding your data
How we make sure your data is safe
The recent global development with the war in Europe and increased tension in the Nordic countries has increased the risk of cyberattacks. Only 28% of professionals in the energy industry are making cyber security a high priority. Skyqraft puts cyber security at the top of our priority list. It is important to us that you feel safe entrusting Skyqraft with your data.
One key element of cybersecurity is to define who can access what. This concept is often called “Broken Access Control” and affects 94% of all applications. Access control is a multi-layer problem that has many edge cases. This article provides a method to manage access to sensitive data. The engineers behind Skyqraft have many years of experience with security. We want to share some insights we have gained over the years to increase awareness of cyber security, and demonstrate how secure our software is.
We will describe one way to design a system to be secure. Whenever we add security checks to a software system, it adds syrup to the machinery. Finding a good tradeoff between security and development speed can be tricky. We utilize multiple strategies to minimize the risk of a data breach while keeping the development environment fast and agile.
The weakest point of a system is usually the developer's machine. These machines often contain private keys, credentials, and other sensitive information. If one computer gets stolen, lost, or hijacked, we must have safeguards to ensure unwanted actors do not gain access to our systems. The best method to keep this data safe is to encrypt the hard drive and have malware detection installed on the machine.
There are more restrictive methods to mitigate the risks of infecting devices with malicious software. These restrictive measures include but are not limited to:
- Whitelisting approved software
- Limiting administrative access
- Antivirus software monitors for any malicious software
Since the server provides access to the internal architecture, including the database, that is where we want the maximal amount of security validation. There are three ways we can limit access to the server.
- Intellectual security (username and password)
- Geospatial security (IP Whitelisting)
- Device security (MFA and Private Key)
Intellectual security can be a cloud-stored secret that is changed regularly or a password known only by the employee. It ensures that even if someone steals the devices, they will still not be able to access the systems without knowing the password.
Geospatial security ensures that one can only access the server from a predefined IP. Geospatial security is easy to implement with an IP whitelist for the access protocol used to communicate with the server.
Device security makes sure that a user can only access the server if you have the encrypted machine and mobile with MFA.
These three security measures combined scope down the accessibility to:
- Coming from inside the corporate internal network
- Using an employee’s registered machine
- Using an employee’s phone
- Knowing the employee’s password and username
- Not get caught while accessing the data.
Essentially, we know that only the correct people can access the data.
We design our systems such that only selected employees can access any sensitive data. Anyone with access to the data must prove that they know the password, have access to multiple authorized devices and are at an approved location. Combining all three validation methods is one of the most proven methods to keep data safe. We take data integrity very seriously and do everything in our power to safeguard your data.
If you want to know more about how Skyqraft is the best powerline inspection platform in the world, explore the website and reach out at email@example.com