Naeva Tec achieves ENS High Level certification
Naeva Tec has achieved ENS (National Security Scheme) certification at the high level. This certification qualifies us as a technology provider that meets the most demanding standards in terms of computer security for the development of applications, and specifically as a provider of Telefónica and the MenTeS mobile messaging management system.
he achievement of this certification has been a very demanding work to adapt all our infrastructure of operations to the requirements of ENS. It has been a very productive job in which as a company we have trained and learned the practical elements involved in securing the entire infrastructure of our development and support team.
In this process, we have started by designing a container-based service architecture on AWS. In this service architecture we have deployed all development support and production support services for our clients. Logically, this service architecture has started from a careful design of the networking, ensuring that unwanted access to the backoffice services and especially the data services is not possible. For this we have implemented several levels of firewalls, as well as properly configured the security groups.
An important element has been the implementation of a single authentication system that through SSO, either using oAuth or SAML, allows all company employees to authenticate in a unique way in all our support systems. There has been a special challenge here, since our services that support development and helpdesk were not prepared natively for this integration and unique authentication, so we have had to either adapt them or use web access intelligently , perform a web-level authentication integration. The result is a single authentication for all our users and duly protected with 2FA on a mandatory basis, which allows access to all of our services without any complications.
Logically, access to the instances where the production services are hosted are also protected so that only authorized and duly provisioned users can access these machines. In this case we have also implemented authentication with 2FA, and with bastion instances that are accessed through a DMZ.
An important element for ENS is business continuity, and in this regard we have developed a simple but very powerful and effective secured backup system, which allows us to have the snapshots that we decide on of all our services, and taking advantage of AWS services to recover any of these snapshots in minutes. In the future we want to improve this backup system to make backups of a certain age are automatically stored in Glacier and thus optimize costs.