This is achieved by employing a holistic view on the ecosystems that Orbit is developed in, deployed to and used in.
Since a chain is only as strong as its weakest link, Orbit Online iteratively identifies areas that could benefit most from an improvement in procedures, software, or hardware.
Once an area has been identified, it is analysed for potential weaknesses. Thereafter, a plan is formed to migrate to a better security model, which is then rolled out in the organisation in a way that is least likely to disrupt the workflow of Orbit users.
- Customer login, registration, and deactivation workflows
- The permission system in Orbit
- Integration of external services owned by either the customer or a third party
- Personnel access to staging and production servers
- Personnel access to services used by Orbit Online or used in Orbit
- Confidentiality and integrity of data in transit and at rest
- Mitigating security exploits in Orbit and supporting services
- Isolation of Orbit components as well as services used by Orbit Online
- Handling of customer data
- The integrity of the Orbit codebase
A multitude of security procedures are employed for Orbit Online to ensure that the above-mentioned areas are adequately covered.
Visit the articles for more information about each area.