30 November 2018

Security as a Service


TOPdesk makes every effort to guarantee the security of their customers’ data. We closely follow the developments in hosting and application security, and continuously work on making our products safer. To cover the broad range of security needs, TOPdesk relies on internal expertise as well as services of specialized partners. 

When implementing security measures, we strive to keep the impact for customers as little as possible. However, we cannot avoid that customers do experience some impact of these changes nevertheless. In the course of introducing the gateway service Passlayer, for example, support for URL authentication for HTTP requests is removed and customers might need to adjust existing requests. In a case like this, TOPdesk will of course inform you and assist you where needed.

So much for the possible work that can arise out of security changes. How will you benefit from the different security efforts TOPdesk makes? 

Security measures so far

Recent examples to stay on par with common security practices include:

  • Product features for personal data protection to facilitate GDPR compliance
  • Up-to-date internal procedures compliant to GDPR and awareness trainings for TOPdesk employees
  • Up-to-date documentation on security, privacy and disclosure responsibility
  • Vulnerability fixes as part of continuous product releases
  • Additional security measures via services offered by Cloudflare:
    • DNSSEC
    • Web Application Firewall (WAP)
    • DDoS attack mitigation

These measures complement the following list of already taken steps:

  • Penetration and vulnerability testing, continuously performed by an independent external party
  • Active intrusion detection by a specialized security company
  • ISAE 3000 compliance auditing on a yearly basis
  • Following best practices, like regular updates of allowed HTTPS ciphers
  • Staying up to date with OWASP recommendations
  • Security trainings for development and support teams at TOPdesk
  • Assisting customers who want to perform own penetration tests

Future plans of the TOPdesk security guards

For the future, TOPdesk has another bunch of security improvements in store:

  • Push secure TLS by dropping support for outdated TLS v1.0 and TLS v1.1
  • Support of dedicated https certificates for each customer
  • Improve authentication with Passlayer https://blog.topdesk.com/updates/meet-the-passlayer
  • Allow for better spam protection thanks to better DKIM support

Some of these changes will be rolled out without customers even noticing. In case the changes need any action on the part of the customer too, TOPdesk will let you know. 

For you to be prepared as good as possible, subscribe to the following channels: