Data lock down

Kane’s IT team discusses data security issues, and highlights the stringent steps taken by Kane LPI Solutions to ensure data safety

1. Data security is clearly a key component in all aspects of the service offering of Kane LPI Solutions. From a general perspective, where are the main potential data security breach points in the process?

Terms such as DDOS (denial of service attacks), malware, hacking, phishing and spam are now part of everyday business jargon and serious security breaches are increasingly making headlines. Only a robust IT security strategy designed from the ground up to provide a resilient, comprehensive and multi-layered system protection can guarantee adequate cover.

The use of proven and robust firewall technology, expert advice from security consultants and compliance with best-in-class standards ensure that Kane LPI Solutions is capable of maintaining the safety of client data at all times. Threats are constantly evolving and we pride ourselves in regularly testing, reviewing and tuning our policies to meet these new risks. These policies cover breach points such as eavesdropping of emails and files containing sensitive information, cyber attacks on the web portal and unauthorized access to any of the applications used in delivering the service.

2. One critical security area is that of data transfer. What are the primary issues to consider when transferring data?

Data transfers such as FTP and email communication pose a higher risk to sensitive corporate data due to the fact that more often than not customer data is transmitted in bulk. As such, Kane LPI Solutions applies high levels of security standards to all file transfers.

An often overlooked aspect is that threats may originate both internal and external to the organization. Data in transit is exposed to a variety of threats including unauthorized access, unauthorized modification and communication failure. Malicious attackers may attempt to spoof, use brute-force or exploit vulnerabilities such as exposed ports and services in an FTP server to gain unlawful access to the files or modify their content.

Another potential issue is a breakdown in communication channels, such as data circuits or network switches, which prevent the timely delivery of interface files and management reports. Such failures may be either accidental or malicious in nature. Data sent by email is another source of potential risk.

3. What processes does Kane have in place to ensure that at all stages in the transfer process data security is maintained?

Kane LPI Solutions’ FTP servers are not publicly accessible and clustered firewalls control the source of each inbound and outbound transmission. Only approved internet addresses are granted access to the file transfer site. SFTP and FTPs security protocols with 2 factor authentication using complex passwords are enforced over file communication and file transfer reports are automatically generated and reviewed by the Admin team. FTP server logins are unique to each user and system service and any instance of a user lockout is thoroughly investigated to ensure it is genuine.

Kane LPI Solutions offers various email encryption and secure ad-hoc file delivery tools such as secure portal and Transport Layer Security (TLS) to meet the specific needs of each client. Hosting provider security policies and SLAs are periodically reviewed and strengthened as required. Background and character checks are carried out on staff at data centers and internal IT officials.