Access of Orbit Online personnel to servers and services is restricted using a matrix-based system where employees are divided into roles. Where any new assignment is accompanied by a thorough briefing, including updates at a later date. The briefing includes details on how security sensitive situations are to be handled, which precautions must be taken to avoid potential security issues, how to recognise potential weaknesses in security before they are exploited, and how to act in case of a security breach.
Orbit Online constantly assesses employee access to its services and determines whether any rights should be revoked, based on whether a person still requires access to a given service. The customer also needs to be aware of the fact that GDPR prohibits any Orbit Online employee to relay any of the customers’ data to the customer without written consent.
Orbit Online secures all services it uses with two-factor authentication using varying mechanisms. Where possible, YubiKeys are associated with the logins, though many services only support TOTP, which is then used in its stead. Services that support SAML authentication are linked with the G-Suite accounts used by Orbit Online, allowing them to piggyback on Google’s well-tested and constantly monitored login service that supports 2FA.
Employee access security to Orbit solutions is currently being hardened with 2FA as well.
We have integrated YubiKeys into the terminal login procedure to Orbit servers. This means that employees must have a physical token to access any server. Currently, some employees still use file-based, passphrase-protected, authentication certificates.
At Orbit Online, all workstations containing sensitive data use encrypted disks, nullifying the possibility of data leaks in the event of physical theft.