Archive for the ‘Hosting and security’ Category:

ISAE 3000 – Data privacy and data protection!

Data protection and privacy has always been a top priority for the ASIMUT team and we are very focused on protecting our track record in this area.

May 2018 the new EU General Data Protection Regulation enters into effect. This means that institutions within the EU must be able to document that any services they use are operating in accordance with GDPR. In order to facilitate this, ASIMUT is working with BDO to provide an externally audited ISAE-3000 statement of compliance and Bird & Bird as a legal consultant.

We invited our chief auditor Lene Y. Poulsen from BDO to join one of our sessions. She explained what the new regulations mean for us and our clients, told about our compliance work and answered all questions.

 

 

All servers patched against meltdown and spectre

We have been monitoring the situation carefully since news first broke about the Spectre and Meltdown vulnerabilities, that affect the vast majority of modern computer systems and could potentially lead to breach of information security. We have been on standby to install patches as soon as they became available for our architecture, and all ASIMUT servers are now patched (Saturday January 6). While the vulnerability is present on the ASIMUT servers (now patched), we are not aware that there is any known technique for exploiting it to compromise the kind of servers we operate, without internal infrastructure access. We thus have no reason to suspect that the vulnerabilities have led to information security breach on any ASIMUT servers. We apologise for the unannounced brief (1-2 minutes) service interruptions that customers may have experienced due to emergency patching and restarting servers.

ASIMUT and the Heartbleed-bug

The Heartbleed bug that affected more than half a million widely trusted websites and web-applications including major banks also initially affected ASIMUT servers. We decided not to suspend services and instead deploy the official patch as soon as it was available for the infrastructure we use. All ASIMUT servers were patched within 24 hours after the first public announcement of the bug.

The heartbleed bug is a flaw in the commonly used OpenSSL server software that allows a hacker to disclose small random fragments of the servers memory, potentially revealing user’s passwords. The timespan between the publication of the bug and the patching of our servers was relatively short and we have no indications of unauthorized or unusual access to any ASIMUT servers. However we cannot guarantee that passwords of ASIMUT users were not compromised. We therefore recommend that all ASIMUT users change their passwords to be on the safe side.

More information here:
http://en.wikipedia.org/wiki/Heartbleed