Hari Iyer | SyncEzy
CEO
4 Min Read
Jun 26, 2023
Late Friday evening on 23rd June, as I was shutting down for the day, at 6.15 pm I received a concerned email from a customer in Singapore, Is SyncEzy protected against this Zero Day Exploit?
This by the way is a perfect subject to get any TECH CEO to open the email immediately. As I opened the email carefully checking the link and the sender details to see if I was not being phished at the same time. I saw the email was genuine from our customer and the attack being referred to was a serious exploit in the MOVEit Transfer, tracked as CVE-2023-34362.
This particular breach was a stark reminder that even established managed file transfer (MFT) platforms backed by Huge Publicly listed companies can fall prey to threat actors. With Progress Corporation, the parent company of MOVEit Transfer, scrambling to patch the issue and secure their software, it’s time to take a step back and understand how SyncEzy is redefining the standards for data transfer security.
Fortunately due to some wise decisions on our part we were not impacted and are likely to be insulated from these kinds of threats.
Auth 2.0 Industry Standard
In this digital era, it’s crucial to use tried-and-true measures to secure data. SyncEzy leverages the Auth 2.0 industry standard for authorization, a robust protocol that allows applications to obtain limited access to user accounts on HTTP services such as Microsoft, Office 365, Procore, simPRO, and Google. By using Auth 2.0, SyncEzy ensures that only authorized personnel have access to sensitive data, thereby significantly reducing potential security risk
Reduced Attack Surface
At SyncEzy, we’re committed to minimizing the attack surface. For most of our integrations, like all the Procore integrations. We only store metadata in our database, ensuring that any potential data breach does not result in the loss of sensitive information. This approach also provides an additional layer of protection against mass data downloads similar to those seen in the recent MOVEit breach. It reduces the attack surface and the value we hold.
No Local Data Storage
We further secure your data by not storing any of it locally with SyncEzy. Without local data, the possibility of data theft via local attacks is eliminated. This approach also negates the risks associated with physical storage loss or theft.
Restricted URL Access
Security doesn’t stop at storage. We’ve implemented a system where customer data can only be accessed from restricted URLs. This feature, in combination with our use of Auth 2.0, makes it exceptionally difficult for potential hackers to gain unauthorized access to sensitive information.
No Local Installation Required
One of the key differentiators between SyncEzy and other MFT solutions lies in our approach to application deployment. With SyncEzy, there’s no need for any local installation of our application. This aspect has a twofold advantage. First, it bypasses the need to expose network vulnerabilities or to open up network ports, which can often be a gateway for threat actors. This drastically reduces the risk of an attacker exploiting a zero-day vulnerability, as was the case in the recent MOVEit Transfer attack. Second, it ensures that our solution is always up to date, with the latest security patches and performance enhancements, since everything is handled at the server level.
Soc2 Type 2 Certification
To ensure we maintain the highest standards of security, SyncEzy has secured a Soc2 Type 2 certification. This certification is not easily obtained; it involves extensive audits and proves our commitment to managing customer data securely. It confirms that SyncEzy has the necessary measures in place to protect your data against unauthorized access and system failures.
In conclusion, while the MOVEit Transfer breach is an unfortunate incident, it serves as a timely reminder of the need for robust security in data transfer solutions. Despite its stature as an award-winning and publicly traded company on the stock exchange, Progress Corporation’s recent cyber-attack underlines the reality that even the most robust and reputed organizations are not impervious to the sophisticated threats in today’s digital landscape.
At SyncEzy, we are committed to continually evolving our security measures to safeguard your data effectively and efficiently. Our use of the Auth 2.0 industry standard, restricted URL access, a no-local-storage policy, and our SOC2 Type 2 certification all combine to ensure your data is in safe hands.
In a world where data is becoming increasingly valuable, make sure your Data Transfer and Sync solution is secure. Choose SyncEzy for data transfers you can trust.
Author
Hari Iyer | SyncEzy
CEO
Hari Iyer is the Founder and CEO of SyncEzy, a pioneering company at the forefront of data integration and automation solutions. With a deep understanding of the power oHari’s relentless pursuit of excellence and his commitment to delivering tangible results have earned SyncEzy a loyal global clientele. He is not only a successful entrepreneur but also an active contributor to the technology community, sharing his insights through thought leadership articles, speaking engagements, and mentorship programs. Hari’s ability to navigate the complexities of remote work serves as an inspiration for leaders, highlighting the importance of flexibility, work-life balance, and a results-oriented approach in today’s evolving work landscape.
If technology and a passion for solving complex business challenges, Hari has emerged as a visionary leader in the industry. Under his guidance, SyncEzy has gained widespread recognition for its deep integration solutions that seamlessly connect software applications, eliminate data silos, and enhance operational efficiency.
When not working Hari is trying to be a better father, and reading Tech news, playing FPS games and not exercising as he should.
Related Posts
Categories
Information Security & Portal Access Using 2FA at SyncEzy
In a world where our computers are constantly generating huge amounts of new information, the issue of data security is becoming a very important one. Businesses today are asking themselves whether they can trust the safety of their sensitive information as it travels between so many interconnected devices. As a result of this, data security… Continue reading Information Security & Portal Access Using 2FA at SyncEzy
Hari Iyer | SyncEzy
CEO
SyncEzy Security, SOC-2 and GDPR Information
SOC 2 Certification SyncEzy is certified for SOC 2. General Data Protection Regulation (GDPR) What is the GDPR? The GDPR is a comprehensive data protection law that came into effect on May 25, 2018. It replaced existing EU law to strengthen the protection of “personal data” and the rights of the individual. It’s a single… Continue reading SyncEzy Security, SOC-2 and GDPR Information
Hari Iyer | SyncEzy
CEO
SyncEzy offers 24 x 5 Support
As a company we have always put Support before Sales, This has been our philosophy from day one that if you take care of existing customers the business will take care of itself. Based on this philosophy, we always invested more in our support organization, in the ratio between our sales and support staff. The last thing we… Continue reading SyncEzy offers 24 x 5 Support
Hari Iyer | SyncEzy
CEO
Why SOC2 Matters (Interview with Hayden Kerr)
The team at SyncEzy has been working through the compliance steps needed to progress towards SOC2 status and beyond. I caught up with Hayden Kerr from SyncEzy to hear (the simplified version) of their work and why it matters. Hayden: As we have customers who depend on the software and technology that we provide, they need… Continue reading Why SOC2 Matters (Interview with Hayden Kerr)
Hari Iyer | SyncEzy
CEO
