The recent stories about how easily the NSA itself was tripped up share a common theme. The maintainers of the secure documents trusted their techies too much. They had to trust the techies because the systems that they counted on to secure their data were too complex for them.
Telegenisys has never worked for the NSA, but our clients have trusted us with their sensitive data for two decades and we’ve worked every day to ensure that their trust in us is well placed. The big secret to how we do this is that we do not enforce our rules and our tools on our clients. Instead we work within the client’s rules. We make sure that the additional steps we take beyond the client’s normal security measures are transparent to their operations. Yes we put additional hoops to jump through, but we jump through those hoops ourselves, we don’t force our clients to do so.
The additional measures we take include physical security that is both guarded and remote monitored. Client data is never sent in a non-secure format over wireless links. Our wired networks are carefully segregated with rules based routing that only includes what is needed for the client’s own tasks. The access we do allow is logged and audited. The access to the client systems is usually an encrypted socket connection inside a VPN, so that a single vulnerability does not expose the client data. The workspace is in a guarded room that is devoid of pens, paper, personal effects, cellphones and other unneeded electronic devices. And lastly we do not retain copies of data that we don’t need. What we do not have we can not divulge.
Our clients don’t have to worry about these details on a day to day basis. For them it is a contract or a HIPAA compliance document security that they’ve filed away. But we take security very seriously. That’s why we’re not in the news. We work quietly and diligently and we work very hard at keeping quiet.