Frequently Asked Questions - Security Edition

FAQ

Question: How is data secured in Remote Desktop Manager?

Answer: You can set a Security Provider to encrypt data at rest (i.e., information stored in the database). As a result, in order to compromise the data, an attacker would need to breach both the database and the Security Provider.

RDM has three encryption options available, including:

• Shared Passphrase: Encrypts data using a password stored on each Remote Desktop Manager instance.
• Certificate: Encrypts data using the private key of a certificate installed on each workstation.
• Keyfile: Encrypts data using a key stored in a file installed on each workstation.

For more information, including advice on ensuring the secure deployment of Remote Desktop Manager on workstations, as well as an overview of our Security Model please contact our support team at service@devolutions.net.

Question: How is data secured in Devolutions Server?

Answer: Devolutions Server leverages security hardening, a process that involves configuring various security settings and implementing best practices that protect the system from cyber threats and ensure the integrity, availability, and confidentiality of the system. For instructions and recommendations on security hardening in Devolutions Server click here.

Question: Where can I get more information on Devolutions’ security measures and compliance?

Answer: At Devolutions, we take security as seriously as our users do. We will not release a new product or introduce updates or changes to existing products unless these releases meet — and in many cases exceed — stringent industry security standards.

We have a designated page on our website that provides more information on our:

• Data Protection and Compliance (including HIPAA, GDPR, and FIPS 140-2 Annex A)
• Security and Compliance (including SOC3/SOC2 Type-II, ISO 27001:2013, and PCI DSS)
• Associations and Memberships (including MITRE CNA and IN-SEC-M)
• Cloud Hosting Security (including Microsoft Azure Cloud and Zero-Knowledge Encryption)
• Secure Development & Vulnerability Management (including Github, Open Source, Penetration Testing & Application Security, and Responsible Disclosure & Security Advisories)

For more information, and to access various certifications and auditor reports, click here.

Question: What permission settings in Remote Desktop Manager are best for our organization?

Answer: Generally, with respect to permission settings we recommend a simplified security approach for small and mid-sized businesses (SMBs), and an advanced security approach for larger enterprises. Please note that both approaches are only available when using an advanced data source: Devolutions Hub Business, Devolutions Server, Microsoft Azure SQL, or Microsoft SQL Server.

Essentially, the fundamental difference between the simplified security approach and the advanced security approach is the size of your organization:

• While the following scenario is relevant for small to medium enterprises, it is not recommended for a larger business. For a scenario using the simplified security approach click here.
• The following scenario is designed for large enterprises. For a scenario using the advanced security approach click here.

Question: How do I remove multi-factor authentication (MFA) from my Devolutions Account?

Answer: Please email our Support Team at service@devolutions.net and we will promptly take care of your request!

Question: I want to discover and potentially block internet endpoints that are accessed by Remote Desktop Manager/Devolutions Server/Devolutions Hub Business. Where can I find this information?

Answer: Please click the links below for a list of internet endpoints that are accessed by each product during normal operations:

• Remote Desktop Manager
• Devolutions Server
• Devolutions Hub Business

Please note: You can block access to specific endpoints (e.g., user images, gravatars, etc.). However, if your objective is to establish the strongest possible security profile, we recommend blocking all internet access and adding authorized addresses to your allowlist as needed.

Question: How do I configure single sign-on (SSO) in Devolutions Hub Business?

Answer: Please click here for the configuration steps and screenshots.

Also, if you decide to require all your users to use SSO, then please keep in mind that users will not have access to Devolutions Hub Business if your SSO provider goes down, or in the event of misconfiguration. Therefore, we strongly recommend that you inform all users before activating SSO.

Additional Information

We hope that this security-related FAQ gives you the information and advice you need. But what if you require additional support or guidance? No problem! You have several options:

• Email our Support Team at service@devolutions.net.
• Launch a live chat, call us, or have us call you (this is available during business hours — click here for details).
• Post your question in the Devolutions Forum. For the quickest possible response, please navigate to the specific product related to your inquiry.
• Browse the searchable Devolutions Knowledge Base.