Following last week’s reports on NordVPN, the company has announced plans to step up its security. The first move is a long-term strategic partnership with VerSprite – a cybersecurity consultancy firm. VerSprite will be working closely with NordVPN performing threat and vulnerability management, penetration testing, compliance management, and assessment services.
The firm will even help the company come up with an advisory committee that will oversee NordVPN’s security practices.
“We are planning to use not only our own knowledge, but to also take advice from the best cybersecurity experts and implement the best cybersecurity practices there are,” says Laura Tyrell, Head of Public Relations at NordVPN. “And this is the first of many steps we are going to take in order to bring the security of our service to a whole new level.”
Secondly, NordVPN is also launching a bug bounty program in the next few weeks. The company says it will offer bug hunters “a well-earned payout.”
In addition to that, the company also plans to undertake a full-scale third-party independent security audit next year. The review will cover the company’s VPN software, backend architecture, backend source code, internal procedures, as well as infrastructure hardware.
Another step that the company is taking towards better security is to build its network of collocated servers. Even though these will still be in a data center, the company will have full control of the servers. Following the recent incidents, the company is finishing up with its infrastructure review, as well.
The last measure is the company switching to its current servers to RAM servers. With RAM servers, the company will create a centrally controlled network with no local storage of data whatsoever.