It is generally recommened by security professionals that security audits be performed on a routine basis. Our recommendation is to run these audits quarterly, or after any code/configuration changes such as deploying a new application/api version.
During an external audit Edoceo will review the Internet facing side of the operation. That is external IPs from offices, co-location and in some-cases homes. These systems are put through a series of tests (over 23,000) to ensure that they are not exposing more services than necessary.
The audit report from this system produces signifigant information and collect such information as services and versions visible. Well know site directories, server configuration exposure and web-application vulnerabilities.
Customers who desire a more indepth review of their security both as a configuration and as policy/procedure can opt-in to an internal audit. During this process we check for numerous "best-practice" recommendations and review the existing controls in place. Some items that are reviewed include, but are not limited to:
Security must be the the primary concern of any financial institution. Encryption or decryption of data is a quick small step to secure you data against theft. These systems are inexpensive, compared to losing customer data, and efficient and can often be implemented in place. Edoceo specializes in providing the highest levels of encryption for data storage or active systems with proven technology that doubles or quadruples the minimum levels required by the FDIC.