NordVPN, one of the biggest and most popular VPN services around, has recently published its plan to improve the security of its service.
Up until recently, the VPN was known for top security and its developers think that there is now room for improvement.
The goal to improve security came after a recent incident, where a third-party datacenter’s server got breached. The event came to light after a NordVPN marketing faux-pas on October 18th.
Soon enough, a significant breach was discovered, which came with a hefty dose of community backlash.
Now, they hope to patch up their reputation by announcing new security measures.
NordVPN’s new security plan
A recent blog post outlines the changes that will take place to the network to improve security (and repair their bruised reputation).
NordVPN is aware of how bad the recent incident looks. However, rather than shying away from it, they publicly stated that they are making changes for a better future.
In their blog post, they mention that some of the changes and improvements have always been there.
Such things will be improved and made stronger. Meanwhile, there will also be some completely new features, which aims to shore up the security of their service.
Changes NordVPN plan to bring
The first big thing that NordVPN plans on doing is entering new partnerships with some of the top cyber-security consulting companies.
They say this is something that needs improvement, and that they must work with the best to be the best.
Their choice, as revealed by the publication, is a partnership with VerSprite, which is a leading cybersecurity consulting company in the US. NordVPN had recently worked with them to audit their app.
Their main security effort will revolve around penetration testing, where the security firm will inspect the VPN’s infrastructure and try to locate and exploit weaknesses.
The second step in improving the security of the service will be bug bounty programs. NordVPN recognises that it is their responsibility to create a robust and functioning service.
However, no code is perfect, and if their efforts need to be tested – the service would gladly invite the tech-savvy part of the community to join in and help out.
Users can probe NordVPN’s apps and service and be rewarded financially should they disclose any weaknesses to NordVPN directly.
The bug bounty program is expected to arrive at some point in the next two weeks, according to the plan.
The service is already off to a good start, but all of this represents only a part of its efforts.
There’s even more
Another goal that NordVPN has set for itself includes infrastructure security audits. This is likely to only arrive in 2020, as there is a lot to do, and not much time left in 2019.
The service wants to inspect their infrastructure hardware, internal procedures, VPN software, backend source code, as well as backend architecture.
Now, considering that the recent incident revolved around a third-party server, NordVPN will also want to assess the security and quality of services it employs on its behalf.
Not only that, but they will increase the security standard for the datacenters they work with.
Since the service is increasing its security standards, it is only natural to do so for every company they work with.
However, this is not where the plans for the future end, either. NordVPN reveals that it also wishes to build a network of collocated servers, which would be located in data centres, but owned by NordVPN.
And, of course, there are the service’s final, long-term plans that revolve around upgrading the entire infrastructure. As some may know, NordVPN currently features over 5,100 servers around the world.
These servers will be upgraded to RAM only servers, which allow the creation of a controlled network where no data is stored locally. These will be discless servers that will receive everything they need to function from NordVPN’s central infrastructure.
Servers will be only an empty piece of hardware, with nothing to steal.
NordVPN has learned its error the hard way, but the message did get through – they need to step up their game.
While no single service out there is 100% safe, it’s crucial for NordVPN’s reputation that they are proactive in repairing the damage.
Like multiple providers that have walked this well-trodden path, they will recover.
We may see less sport team sponsorships, YouTuber sponsors and TV adverts while they focus their efforts elsewhere.