.png?width=220&height=44&name=Nuc-logo-sketched-1%20(1).png "Nuc-logo-sketched-1 (1)"){kind=logo}
One of our core values at Nucleus is continuous improvement and our commitment to this value drives us to improve all areas of our business. Nucleus implemented three important security-related service enhancements: a user support PIN, Granular Delegated Admin Privileges (GDAP) and Just-in-Time Access. Here’s a breakdown of each of these changes.
Support PIN
A Support PIN is a passcode or password that allows us to confirm the identity of a user calling in for a password reset. Nucleus will have access to user’s PINs and will verbally ask for it in order to verify one’s identity. Implementing support PINs will enhance the security in the identity verification process. While we have offered this feature for a while, many clients have not yet taken advantage of it and we recommend its widespread adoption.
Granular Delegated Admin Privileges (GDAP)
Nucleus is taking steps to protect client data and data access by implementing Granular Delegated Administrative Privileges (GDAP) into all of our client’s environments. GDAP is a new feature from Microsoft that allows us to apply the Principal of Least Privilege. Principal of Least Privilege states that a technician should only be given those privileges needed for them to complete the tasks they are required to. GDAP will also allow us to have greater reporting as to who is accessing which systems and when, as well as allow us to disable a Support Specialist’s account in one location and have that block their access to all systems at once.
Just-in-Time Access
With this process, Nucleus will also be moving to a Just-In-Time access process. Support Specialists will not have access to our client systems at all times. Depending on what tasks they have to process, they will be required to enter an additional MFA request, as well as have an approver at Nucleus grant them access. This further reduces risk of a Support Specialist’s account being compromised as their access would have to have the required access to perform an action, be authenticated through number matching MFA, and for high level administrative access, be granted authority from a manager.
We’re committed to providing our clients with an epic experience and improving security in all of our departments. If you have any questions about our IT help desk, internal security tools and practices, or, if you would like to have a discussion about your security, reach out to us.
