Back to resources

March 20, 2020

Blog postAbout PrimeKey

PrimeKey on working securely from home

IT security

At PrimeKey, we have offices in four continents and time zones and our professional services team travels often to customer sites. Therefore, we already have all infrastructure in place to assure our distributed team can work in an efficient way and that everyone, no matter where they are, feels included in the team.

The PrimeKey management team assumed severe disruptions before these became self evident, so we decided to adjust our working practice, taking into consideration safety of our people, assuring infrastructure capacity, looking at how our supply chain may get affected and how we can act as responsible corporate citizens. We would like to share some experiences regarding how we at PrimeKey have set up processes to facilitate collaboration between multiple sites and “working remotely”.

Business continuity planning

Apart from the conveniences and inconveniences of remote working, there are important aspects that have to do with business continuity planning – while we prepared for various cases of disruptions, a global pandemic was not on our top 10 list. Two decisions that we made many years ago seem to pay off very well today – first, we set to assure maximum possible availability of support services to our customers, and second, we wanted to avoid relying on external services when possible.

Platforms based on open standards

Additionally, we are proud to be a multi-culture organization, both literally and in terms of platforms – we have many colleagues using Linux and Mac platforms, hence whenever possible we look for open-standards based solutions. Some of the tools we use are perhaps not the most well-known, but they are good and secure, and we think it is fair to give credit where credits are due. Broadly speaking, at PrimeKey we looked at assuring three main areas of IT infrastructure services:

  • Communication tools, such as telephony, email and instant messaging.
  • Collaboration tools, such as all kinds of documentation (various projects, activities, groups), file sharing, as well as facilitation of online meetings.
  • Production tools, in our case, this has mostly to do with software and hardware development and product support.

For the purposes of this blog, we will share experience on communication and collaboration. Production (back-end) may be too specific to what we do, but the infrastructure and basic principles would apply in many other organizations. It goes without saying, we wanted to make sure secure access to all these services. Therefore, we have the policy of certificate-based authentication for email clients, and everything that is on the intranet must be accessed trough a VPN (also certificate based, two-way authentication). Virtually all modern email clients and servers support IMAP authentication over TLS protocol, so this is easy to enforce. For the VPN, there are many commercial VPN client providers but there are a number of free and open source that are quite good. We use OpenVPN clients such as Viscosity and Tunnelblick, that are supported on all major platforms. In our internal documentation, the instructions how to configure and use are just a few lines per platform, so anyone with basic computer skills is able to do this on her own. For the instant messaging and for the above mentioned BCP decision, we wanted to host ourselves, and we opted to use Mattermost. They have a nice client software, or you can use it directly from a web browser. It is possible to create multiple public channels, private channels as well as instant messaging. Once your organization has a VPN infrastructure in place, adding Mattermost is easy and your communication is secure. The main collaboration tool at PrimeKey is Confluence by Atlassian. We have many different “spaces” and it is possible to categorize different types of content. In the present situation, where most all our colleagues are working remotely, it is worth mentioning that we use Jitsi, a multi-platform open source video conferencing tool. It is WebRTC compatible, meaning there is no need for heavy client software. Again, once you have VPN infrastructure, access to both tools is over a secure channel.

EJBCA to manage certificates securely

Finally, we do as we preach, so we use our EJBCA to issue certificates to users. In fact, we use EJBCA on our PKI Appliance, since it also delivers HSM management, backups and upgrades. Another quick alternative would be to use EJBCA in AWS or in Azure. Either way, it allows full control over who gets certificates and, if needed, to revoke certificates.  

About PrimeKey

Working at PrimeKey

Magnus Andrén

Author

Magnus Andrén, VP Engineering

Contact Magnus:

magnus.andren@primekey.com

+46 737 45 01 54      

 

Related blog and news

iStock-1058408164-scaled
2022-05-27
Blog post
IoT & IIoT security
Manufacturing

Securing the IoT at Scale: How PKI Can Help

Building design concept. Engineering of autonomous system of smart building. Drafting of communications of house. Project development of apartment house. Architectural drawing, blueprint of facade.
2022-05-13
Blog post
IoT & IIoT security
Manufacturing

How Product and Manufacturing Leaders Rate IoT Device Security in 2022

This website uses cookies

Cookies consist of small text files. They contain data that is stored on your device. To enable us to place certain types of cookies we need to obtain your consent. At PrimeKey AB, corp. ID no. 556628-3064, we use the following kinds of cookies. To read more about which cookies we use and storage times, click here to access our cookies policy.

Manage your cookie-settings

Necessary cookies

Necessary cookies are cookies that must be placed for basic functions to work on the website. Basic functions are, for example, cookies which are needed so that you can use menus on the website and navigate on the site.

Functional cookies

Functional cookies need to be placed on the website in order for it to perform as you would expect. For example, so that it recognizes which language you prefer, whether or not you are logged in, to keep the website secure, remember login details or to be able to sort products on the website according to your preferences.

Cookies for statistics

For us to measure your interactions with the website, we place cookies in order to keep statistics. These cookies anonymize personal data.

Cookies for ad-tracking

To enable us to offer better service and experience, we place cookies so that we can provide relevant advertising. Another aim of this processing is to enable us to promote products or services, provide customized offers or provide recommendations based on what you have purchased in the past.
Confirm choices Accept all