Security

Ensuring the security of your remote service offering is paramount to successful end-user adoption. This is why security is designed into every aspect of the NextNine platform. The strongest testament to NextNine’s approach to security is the thousands of “Virtual Support Engineers” software instances that are installed worldwide at some of the world’s most secure locations, including financial institutions and power plants.


NextNine Service Automation (NSA) integrates security best practices into every layer – from encrypting communication, managing data at rest to ensuring enterprise-grade policy management and auditing.


NSA security is built on the following 5 pillars:

  • Secure Communications
  • End-Customer Policy Control
  • Service Provider Access Control
  • Audit and Traceability
  • Compliance with security standards put forth by the National Institute of Standards and Technology

 

Secure Communication

  • All communication is encrypted using the latest security standards (SSL, TSL) used for secure online transactions.
  • Two-way communication is achieved using an outbound only connection (i.e. always initiated by the Virtual Support Engineer) which does not require the end-customer to accept inbound connections.
  • The Virtual Support Engineer can only send information to its designated Service Center. The VSE and the Service Center authenticate each other using standards-based certificates.

 

End-Customer Policy Control

  • The end-customer can choose to administer the VSE using its intuitive user interface, and specify the IPs and devices the VSE is allowed to monitor.
  • The end-customer can choose to manually approve remote activities conducted by the service provider (E.g. Remote desktop sharing).


Service Provider Access Control

  • The Service Center includes a granular policy manager that limits each user to the customer sites and activities that are relevant for their role.
  • The Service Center can integrate with enterprise password management directories (LDAP) to ensure user authentication guidelines adhere to the enterprise policy.

 

Audit and Traceability

  • The NextNine platform audits all user activity at both the end-customer site and the service provider.
  • All data that is sent back to the service provider is logged and audited. Even remote access sessions can be recorded and played back for auditing or for training purposes.
  • The advanced auditing capabilities help organizations comply with regulations such as SOX and HIPAA

 

Security Certification 

  • Nextnine uses cryptographic modules that are FIPS 140-2 validated.
  • FIPS which stand for Federal Information Processing Standards is a US government computer security standard and was put in place by the National Institute of Standards and Technology (NIST).  
        
NextNine is a global provider of support automation solutions. Its Virtual Support Engineer™ allows technology vendors to proactively monitor and service their products at the customer site and automate the discovery, diagnosis and resolution of problems before the customer is disrupted. Global leaders utilize NextNine’s platform to cost-effectively increase customer satisfaction, reduce support costs, secure service revenues and maximize system uptime.