IT Support For Clients with Government Contract
IT needs of clients with Government contract are very similar to Medical institutions, except they require a bit more physical security. Carefully following DFARS and NIST documentation, we have concluded that the data safety must meet the highest standards in the industry.
Main challenges you must meet in order to sign contract with some of government agencies are:
- System security &
- Physical security.
Below are just essential key points taken from template we use to manage IT support for clients with government contract. To speak in detail about government IT support services and every step in achieving DFARS please call our number or request a quote.
We Can Help Fulfil DFARS Regulation
When building an IT infrastructure for business, most of the data safety and security issues revolve around digital security. Questions of how the data is handled and by whom, and if the data flow is monitored or not are taken very seriously when it comes to businesses working with the government. With experience in many different industries, this one is certainly one of the most challenging.
Each user must follow a mold in order to minimize its presents in the network to the most essential, one that will allow them to do their daily work unhindered. So, limitations play a crucial part. By eliminating the possibilities where a single user could compromise data in any way, we can successfully tackle any unauthorized access.
Backbone of this infrastructure is constant monitoring and logging. If we collect just enough data, we can form patterns that will allow us to foresee an attack. We can then successfully close any holes before it happens.
Using built-in Active Directory tools, we managed to disallow access to the data outside the office, while after-hours access becomes impossible. This is a very simple and effective measure, where a user account gets into a locked state after a preconfigured time frame. If the facility or network gets compromised during the night, it will be impossible to use any of the employees accounts.
During the work hours implementing biometrics for workstation access and the building as well can further give us control over the outside influence. Every user will have unique identification that will allow us to pin point a culprit much easily. Other policies, included frequent user password/PIN code changes, implementations of Biometrics for email access, etc.
Access to the workstation will disallow employees to use any media (flash drive, DVD, etc.) that could create a possibility of theft. All of the workstations will be monitored with Advanced Anti-Virus software installed that implements daily scanning for malware. That way all of the servers and workstations will be safe for unauthorized access or data loss.
Camera Surveillance Systems
Camera systems and physical isolation of the servers play a vital role in achieving the highest security possible. By isolating a server into a room specially designed to disallow physical access to it, we have further minimized the possibility of server theft and unauthorized access. While the cameras will monitor the office 24x7.
Virtual Private Networks
Building a VPN that will allow users to connect to the internal network while outside of the office, certainly imposes new concerns. That is why all of the traffic between the network and Internet has to be encrypted with the highest levels of encryption available. To further limit the possibility of unauthorized access of user’s personal computer that has a VPN setup, we have enable 2 step verification process.
If a user wants to connect to the VPN he/she will have to type in a PIN code. 2-step verification works like this: user opens up a VPN connection app and types in its username and password. Now, here first step of authentication occurs, if username and password matches, user gets a phone call either to their land line or cell phone. When they answer the call, they will be required to type in their PIN. If the PIN is correct, VPN connection is established. If a user types in the PIN 3 times wrong, then access to the VPN will be disallowed for the next 30 minutes.
Regarding backups, we have implemented our standard 3 levels of backup. On-site backup where a physical drive is connected to the server, conducting daily backups and allowing us to do a quick restore if a total server failure occurs. Off-site backup that is being conducted once per month in case of a disasters like fire or flood occurs on site. And Cloud Backup that is storing data to the cloud daily with a Geo-Redundant option.