- After a recent incident, NordVPN has unveiled a set of concrete cybersecurity measures for the future.
- By working with an independent cybersecurity consulting firm, this VPN agreed to be continuously tested for vulnerabilities.
- Among other features, there's a bug bounty program, upcoming infrastructure security audits, diskless servers, and more.
The previous week was a highly intense one for NordVPN and its users. The news of a data-center hack appeared not too long ago, informing us of a hacking attempt related to a single NordVPN’s server, located in Finland. What’s important to be mentioned is that no customer data was affected or accessed in this incident. NordVPN, as a service, was not hacked, its code and VPN tunnel were not hacked or breached, and the NordVPN applications remain as trustworthy as ever. However, this development left a very negative impression on those using (or planning to use) NordVPN. With this said, the VPN service has now revealed a set of measures to improve its security.
As NordVPN’s press release reveals, the company has entered a long-term strategic partnership with VerSprite – a renowned cybersecurity consulting firm. By working with their new partner, NordVPN will be able to conduct threat and vulnerability management, penetration testing, compliance management, and assessment services. Besides, VerSprite will be in charge of assisting NordVPN in forming an independent cybersecurity advisory committee, which will consist of cybersecurity experts whose role is to oversee NordVPN’s security practices.
Now, let’s return to the set of measures that NordVPN promises to implement. Some of these aren’t entirely new when it comes to this VPN, but they will receive a more careful treatment from now on.
- Partnership with consulting firm VerSprite. As already mentioned, the role of this consulting firm will be to test NordVPN’s network for any weaknesses. This means that penetration testers will have become a vital part of this VPN’s security efforts. VerSprite will work with NordVPN’s in-house team to challenge the infrastructure and further improve the security of this VPN service. Interestingly enough, NordVPN has recently completed an in-depth penetration testing security audit, and this will become a permanent measure from now on.
- Bug bounty program. NordVPN will reward cybersecurity experts who find and report bugs to the team. As this VPN promises, bounty hunters will get a well-earned payout and this should help to make NordVPN’s infrastructure as secure as possible.
- Infrastructure security audit. Sometime in 2020, you can expect to hear from this VPN’s team about an all-new infrastructure security audit. After selecting an independent vendor, this third-party will check the infrastructure hardware, VPN software, backend architecture, backend source code, and internal procedures. Of course, this wouldn’t be the first time that NordVPN is put through an independent audit of its services.
- Vendor security assessment & higher security standard. The recent data-center hack was caused by a vulnerability left by a third-party server provider. To eliminate this from happening again, NordVPN will build a network of collocated servers. This means that this VPN’s server network will be wholly owned by this company.
- Introduction of diskless servers. Finally, NordVPN has announced that it plans to upgrade its infrastructure to RAM servers. These are designed not to store anything locally, not even an operating system. This means that even if someone seizes these servers, they will find only an empty piece of hardware. It's interesting to mention that there’s one other VPN that already offers this feature, so make sure to read about ExpressVPN’s TrustedServer technology if you need more info on how this works.
In conclusion, there’s a reason why NordVPN was once chosen as the ‘the best VPN’ in the market. Despite the recent incident, this remains a reliable option for those looking to protect their online privacy. And finally, this set of measures should put your mind at ease, and make NordVPN as secure as it can be. Of course, we’ll be following NordVPN in the future and reporting on its progress, so make sure to follow our website.
So, what you think about NordVPN’s plans? Are you a subscriber, or do you plan on subscribing to this VPN service? Tell us in the comments section below. And also, don’t forget that you can follow us on Facebook and Twitter. Thanks!