The eSkill Talent Assessment PlatformTM’s network architecture ensures that sensitive data is protected through best business practice security policies and procedures.
Hardened router configurations. Router configurations correctly route packets to their proper destinations and restrict traffic. Access Control Lists (ACLs) on the front-end routers stop common attacks.
Network segmentation. Our segmented network architecture prevents direct public contact or connection to the eSkill Talent Assessment PlatformTM’s private network segment.
Front-end load balancers. Access to eSkill Talent Assessment PlatformTM services is managed with redundant load balancers. These provide a variety of functions, including TLS session termination, load balancing, network address translation (NAT), and port address translation (PAT).
Distributed denial-of-service (DDoS) protection. A service protects the availability of eSkill Talent Assessment PlatformTM services, even when they are under a distributed denial-of-service (DDoS) attack.
Activity log aggregation. Log activities from network devices and systems are aggregated through an activity log collection system. Logs are fed to a SIEM, where alarms are generated for those events that warrant immediate attention.
Proactive monitoring. Security and Risk Management continuously monitor industry communities for news of security alerts, as well as vendor and partner security changes that may affect Information Services and eSkill Talent Assessment PlatformTM’s product line. Information Services has 24/7 automated monitoring with backup personnel.
Active vulnerability assessment. Security scans of applications and infrastructure are routinely performed by approved third-party assessment vendors, security engineers, and through the use of internal scanning appliances (see table of audits and scans above). These scans check for vulnerabilities in both our external (public facing) web applications and our internal (private) networks. Discovered vulnerabilities are managed through eSkill’s vulnerability and patch management program and the risk is treated per eSkill’s risk management program. vulnerability and patch management program and the risk is treated per eSkill’s risk management program.
VPN. eSkill personnel use a best-in-class VPN when connecting and processing from outside the trusted network. The VPN secure tunnel offers Internal Operations personnel highly secure remote connectivity to perform after-hours maintenance or trouble-shooting. Multifactor authentication is required for all employees who have direct access to the eSkill Talent Assessment PlatformTM’s production systems.
Digital certificates and TLS. We use web server digital certificates to verify the authenticity of all client sites and digital certificates to encrypt all web traffic between clients and servers.