Access of Orbit Online Personnel

How security sensitive situations are to be handled

5 min read · Tagged
  • technology
  • security
Anders Ingemann, Operations Manager & Developer
Published March 16, 2021

Personnel access roles

Access of Orbit Online personnel to servers and services is restricted using a matrix-based system where employees are divided into roles. Where any new assignment is accompanied by a thorough briefing, including updates at a later date. The briefing includes details on how security sensitive situations are to be handled, which precautions must be taken to avoid potential security issues, how to recognise potential weaknesses in security before they are exploited, and how to act in case of a security breach.

Orbit Online constantly assesses employee access to its services and determines whether any rights should be revoked, based on whether a person still requires access to a given service. The customer also needs to be aware of the fact that GDPR prohibits any Orbit Online employee to relay any of the customers’ data to the customer without written consent.

Two-factor authentication

Orbit Online secures all services it uses with two-factor authentication using varying mechanisms. Where possible, YubiKeys are associated with the logins, though many services only support TOTP, which is then used in its stead. Services that support SAML authentication are linked with the G-Suite accounts used by Orbit Online, allowing them to piggyback on Google’s well-tested and constantly monitored login service that supports 2FA.

Employee access security to Orbit solutions is currently being hardened with 2FA as well.

We have integrated YubiKeys into the terminal login procedure to Orbit servers. This means that employees must have a physical token to access any server. Currently, some employees still use file-based, passphrase-protected, authentication certificates.

Handling of customer data

At Orbit Online, all workstations containing sensitive data use encrypted disks, nullifying the possibility of data leaks in the event of physical theft.

Read more about Orbit Security Mechanisms & Procedures

Data encryption policy

User access to Orbit

Manage permissions in Orbit

Integration of external services

Handling Security Exploits & Incidents

Isolation of components

The integrity of the Orbit codebase

Orbit Online A/S
Åbogade 25A
8200 Århus N
+45 7734 4539

CVR: 30 80 09 82