If you are hiring someone to do a job for you, one of the most important things is making sure they can do the job you need done and to a good standard. If you are hiring a trade, maybe you check out their Instagram for their previous work they have completed. If you are looking for a lawyer, you look for the cases they have had success on (and probably look for a rate you can afford). If you are looking for an IT company, you probably look at all of these things.
When Layer 8 Networks speaks to new customers we can talk about the companies and people we have had the great fortune to work with and the projects completed over our many years of combined experience. But when we talk about managing a highly available, heavily regulated, and highly secure environment then we have a perfect reference.
We manage Australia’s largest Bitcoin ATM network.
The launch of this network was back in the first great rush for bitcoin, with the price rocketing to $27k per coin. We had always had an interest in the crypto space but had never made a significant investment. With our experience running and supporting secure IT infrastructure we thought a Bitcoin ATM would be a novel use case and give us exposure to the Crypto world.
So how do we do it?
At a high level we have to consider the following things to keep our systems available, and our investment secure.
Physical Security
We have machines in public facing areas, so we have to ensure machines are physically strong and able to protect the important bits inside, while allowing the people who need to access in, to service the machines. It took a while, but we have found some great partners in the specialist locksmith space and a guy who has 20 years’ experience installing bank ATM’s and vaults.
Secure Connectivity
We are able to manage our entire fleet from a single dashboard. We have a highly available server back end ‘in the cloud’ and each ATM connects back for logging, updates and to make trades via our crypto exchange.
Having devices at remote locations makes a site visit tricky and it was important to have simple management with alerts and telemetry to help us diagnose and resolve issues quickly and with minimal site visit requirements. Each of our machines runs on a Meraki MX firewall which protects the machine on the internet and provides secure communications back to our management server. The Meraki provides excellent visibility of what is happening at each site and is a great demonstration of SD-WAN for companies with multiple sites looking to save costs over (expensive) MPLS services using a mix of low-cost internet services.
Two Factor Auth – Everywhere
Two-factor authentication is a mechanism that requires you to enter an additional piece of information with your username and password to log in. Usually, it will be a very short code received by text message or an app on your device. Two-factor authentication makes it very hard for someone to gain access to your accounts.
As a standard we use two factor authentication with anything we do. Strong passwords are great, but with data breaches and password re-use issues then just a password is no longer good enough.
Strong passwords
OK passwords are not everything, but it is important to use strong complex passwords and as long as they are not compromised they shouldn’t be changed. This goes against advice from a few years back and even things like PCI standards mandate password rotation. This can actually make security worse.
Most people probably have 25-30 passwords they need to use regularly and if we could remember 25-30 passwords that would be great, but we can’t. Add to that they are changing constantly and then people tend to default to simpler passwords shared among many (if not all!) of their accounts. We chose to use a password manager, and this enables us to generate complex and unique passwords.
Talented people
Having a good group of people we work with is very important. We can bounce ideas off each other and get input to come up with the best solution. A second pair of eyes to review our work and find any gaps or mistakes. Someone to have a coffee with on a Monday morning after a big weekend.
At Layer 8 Networks we are lucky to have a great bunch of bright minds all working together and willing to help out. We don’t always see eye to eye, but together we come up with ways to do things with the best results. We also love working with customers on their challenges and together coming up with solutions to problems. That said – If you are looking for ideas or someone to have a coffee with on a Monday, then send us an email sales@layer8networks.com.au
Regulation
IT environments are becoming more regulated than ever. We have always had standards such as ITIL which govern the way IT people provide service to customers. Now there are other business regulations overlaid with IT delivery – PCI, GDPR, HIPAA, NDB….. Many of our customers operate with some of these frameworks and are heavily regulated by the government.
As a digital currency exchange, we are registered with Austrac and have to implement and maintain strict procedures around Know Your Customer and Anti-Money Laundering (AML/KYC). As part of this we also must adhere to strict privacy standards while identifying our users. We regularly work with Austrac to provide feedback on their guidelines and how we see the industry operating, which feeds back into their policy decisions.
Our ATM infrastructure provides a wide range of discussion points and references of our core capabilities – aside from being an interesting and topical business at the moment. The way we secure our environment is exactly the way we advise our clients and any external business to look after their IT environment.
So, if you have any gaps or even need a review of practices, feel free to reach out. We would be happy to show you behind the scenes of the Layer 8 Networks Bitcoin ATM fleet.