Overview
From time to time the question of whether our remote access is secure. In today's age, it should probably come up more often! This article goes through just some of the security measures in place to ensure our remote access stays secure.
Procedure
To answer the titular question, yes! RITE makes use of a remote access software called Connectwise Control (commonly known as ScreenConnect). This is an industry-leading remote access tool that has been successfully used in environments requiring security certifications (such as PCI, HIPAA, and CJIS).
To ensure access to all our remote connections RITE's implementation of Connectwise Control:
- Is self-hosted in our private cloud
- Is secured by 2-factor authentication
- Has all traffic secured by TLS 1.2 and AES 256
- Is tied into our global authentication provider
- Is configured with role-based security limited access to authorized RITE users
- Has OAuth sessions limited (based on time of day) to require remote access users to re-authenticate periodically
- Has tightly restricted access to the Connectwise Control host server
- Has auditing capabilities to track connections and connection attempts
References
- [ConnectWise Univeristy] Payment Card Industry Compliance (PCI)
- [ConnectWise Univeristy] Health Insurance Portability and Accountability Act (HIPAA)
- [ConnectWise Univeristy] Criminal Justice Information Services (CJIS) Security Policy