Secure remote maintenance
Due to the complexity of today’s IT-systems most companies are dependent from external experts. They use remote support in order to help quickly and uncomplicated. For this purpose the experts gain access to company internal data to resolve problems. Mostly they are given the rights of an administrator or super user. If they have access to sensitive data due to these rights, caution is required.
The rules applied to the processing of data and data protection are also valid here. The customer has to make sure that the remote maintenance company has taken technical and organizational measures to comply with the rules.
It should be noted that a strong authentication of the remote accessing person or systems has to take place, that the access time for the task is limited and that the rights are limited to the necessary minimum. During access the provider has to be monitored. This can be done by recording of log files, the implementation of the four-eye principle and a session recording of screen inputs. It is important to document when and what has been done by the specialist.
The employees must not be monitored by the specialist. The one who is seeking assistance has to provide access to his system and so he is informed that someone else sees his screen. And the expert must be informed that everything what he does is recorded and logged.
To provide this, a secure connection and a coordinated software solution are needed.
VISULOX supports you in this case. It provides a two factor authentication without hardware token. All actions of users with privileged rights –such as administrators and super users- who access remotely to the system are recorded per session recording. These videos are archived on a separate system to protect them against a possible manipulation. The rights for accessing can be assigned specially for that particular case and certain actions (such as copying of data) can be prevented. The module “Dual Control” enables the implementation of the four-eye principle, without obligating the parties to be on the same location, but ensuring that both parties are present during the process.
With VISULOX not only the regulations of the Data Protection are complied with, but also the guidelines of information security are fulfilled.
Inform now! Contact