If our customers’ security requirements doesn’t dictate the use of a specific remote connection method we have created a secure remote access infrastructure that manage access to customer systems.
Remote DBAs must often quickly move from one customer network to another. If such quick-shifting access is not designed deliberately, such as lazily connecting to multiple customers simultaneously from a laptop – there is a danger that the remote DBA might unwittingly allow traffic from one customer network to become visible on another customer network, or worse, bridge the two networks together.
Our RAI isolates remote network access between customers ensuring traffic from one customer is never visible on another customers network, while allowing our DBAs to safely shift from customer to customer as required. All DBAs must authenticate individually to the RAI, and must be specifically authorized to access a customer system. We can report on Blue Gecko access levels at any time to assist with regulatory requirements such as PCI, SOX, and HIPPA.
Blue Gecko RAI relies on an encrypted, IPsec VPN tunnel for all remote connections whenever possible.
Customer passwords also receive very special attention: Often shared passwords (such as the Oracle password) must be shared with Blue Gecko administrators. We encrypt all shared passwords in a secured database, and Only Blue Gecko administrators who are specifically authorized to view a specific shared password are granted permission to see and use the password. Access to Pepper is strictly maintained, regularly audited, and customers may receive a report at any time that shows who has access to their passwords.