RealVNC stands head and shoulders above multiple remote-access solutions on the market, making it one of the leading connectivity offerings you can partner with through QBS. This based in part on the fundamental security principles embedded in RealVNC software and services.
- RealVNC does not record user sessions.
- Session data cannot be decrypted now or in future.
- Every connection is made as if in a hostile environment.
- Remote computer owners decide on enabling the connection.
- Meets and assists with a broad range of important standards and regulations, including ISO/IEC 27001:2013 and the UK National Cyber Security Centre’s Cyber Essentials scheme.
- Support from a round-the-clock security operations centre (SOC).
COMPLY BEYOND GDPR WITH HIPAA AND PCI-DSS
RealVNC adheres to and is committed to remaining adherent to the increasingly stringent compliance requirements that characterise modern business operations, including for GDPR and for card payments as required by the Payments Card Industry and healthcare information as per the US Healthcare Insurance Portability and Accountability Act (HIPAA).
Communications over RealVNC Connect benefit from:
- Full end-to-end AES-GCM 128 or 256-bit encryption.
- Perfect Forward Secrecy in the protocol – so the session cannot be decrypted mid-session by a ‘man in the middle’ attack. In addition, session data cannot be saved or decrypted down the track.
- Web API calls comply with Transport Layer Security (TLS )1.2 at minimum, ensuring data is unreadable in transit.
HERE’S WHAT CUSTOMERS SAY
(Source: RealVNC – click here to read more)
(Source: RealVNC – click here to read more)
WHATEVER YOUR NETWORK REQUIREMENT
Not only does RealVNC cloud connectivity deliver easy access to machines through NAT and firewalls with an outbound connection to RealVNC cloud services via RealVNC Viewer and RealVNC Server, avoiding the use of inbound TCP or UDP packets that require open ports, it can be deployed completely behind an organisation’s firewall.
That means, if desired, it can be restricted to own-network or offline use, dispensing with the need for internet connection, and enabling organisations with highly specific compliance and security requirements to be catered for.
In fact, RealVNC connectivity means organisations can feel more confident even in a hostile environment. Risky environments were front-and-centre of the RealVNC approach right from the initial design.
And when using the RealVNC cloud-based brokering service, full end-to-end encryption means connection to the intended device, whether identities are checked automatically or manually, must pass industry-standard Rivest-Shamir-Adleman (RSA ) algorithmic key based fingerprint verification.
Two-factor authentication is enabled by default, with single sign-on (SSO) and timed one-time password enablement also on offer for even greater security. All remote sessions must be authenticated using local system or domain credentials by default, independently from RealVNC account authentication.
Only permitted users can discover and try access to RealVNC Connect enabled devices. This makes RealVNC stand out versus competitor products that allow remote discovery by anyone.
AND THERE’S SO MUCH MORE:
- Centralised management enabled with existing tooling such as group policy.
- Brute force attack protection built in, right up to the final device level authentication layer.
- Granular gatekeeping, enabling you to slice and dice which users and groups have specific permissions.
- RealVNC Connect can be configured to prompt an end user to approve or reject the connection, for instance if the end user has private or confidential documents open on their computer.
- Blank-screen Privacy Mode to further secure session information and data, including blanking of connected monitors or locking down the mouse and keyboard.
- Choose from a range of deployment options, such as MSI packages for Windows, group policy management, and deployment via script.
- ‘Secure by design’ security development lifecycle engineering means security is always addressed in product, even alerting engineers of the latest vulnerabilities in third-party libraries.
- Code signing to ensure binaries haven’t been modified in transit or at rest.
- Session logging and auditing that tracks and monitors remote access to ensure policies meet practice, with all events saved to local system logs or the cloud audit tool on the portal or via API.
- Regular independent whitebox security audits from consultancies such as Cure53.
- Independent pentesting with reports available to peruse.
ENSURE ACCESS WITH CONFIDENCE
At RealVNC, security is at the forefront of everything the company does, from the products it develops to how it operates as a business, making it one of the world’s most secure remote access solutions, recognising organisations’ increased need for confidentiality, integrity, and availability of data.
TALK TO US ABOUT REALVNC TODAY
Email QBS at:[email protected]
Telephone QBS on:+44(0) 20 8733 7100