<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=3529442&amp;fmt=gif">
Skip to content
All posts

How Log4j Improved Ayfie's Security

The Log4j vulnerability discovered in December of 2021 shook the whole IT world , labelled as one of the most severe security vulnerabilities ever uncovered. Given its widespread usage in a wide range of products and services, Ayfie’s including, IT specialists across the globe scrambled in a collective effort to minimize its potential impact and secure their assets. For Ayfie, this led to permanent better security for all customers.

20220331_Ayfie_Team_027-1

Computer security has always been important, but in this day and age it has become essential. Any organization should have a keen eye on their digital assets, to keep them secure and protected. This to ensure our valuable data and information are kept safe from prying eyes, viruses, and malware. Attacks on digital infrastructure is growing more commonplace by the day, and the toolkits available to the attackers are constantly evolving and becoming more sophisticated. 

When the Log4j incident happened, one of our customers approached us and asked directly about whether our products were affected by this vulnerability. In addition, the customer also asked us in broader terms about the security of our products and the components we use, such as SOLR and others. 

At Ayfie, security is very important to us, especially given the nature of our products, where we index data from a wide range of different data sources. When we index data, one of the most important prerequisites for us is that we can respect the security set on the data we index. When data is stored in the index, the security settings for each object is stored, and later when an end user performs a search, the users’ credentials and access permissions are used to perform the search – ensuring that the user only gets access to data the user has permissions to. 

We wrote a report to our customer outlining the state of the product in its current state, and which steps we as a company are taking to ensure continued security with our product portfolio. This report gave the customer peace of mind, and it was also a great learning experience for Ayfie; like many software development companies, the way we shipped the installation and upgrade kits were time consuming and somewhat cumbersome. We realized that we had to do some major changes in both the way we worked, but also in how we packaged our products.

As a result, we decided to evolve using micro services and containers. This means that instead of having one large monolithic platform, we split the application into micro services running in separate containers. Essentially: smaller, more manageable programs running side by side.

This enabled us to be more agile in the way we deliver new features, but more importantly, to better routines for security updates and patches. With an increased rate in the updating of the third-party applications, libraries and SDKs used in our products, as well as better routines for testing, quality and assurance, and software auditing, we have improved our services and our security.

The changes we have made to the way we work and deliver our products has helped both Ayfie as a company and all our customers: everyone reap the benefits. The built-in ability to auto upgrade results in a faster release cycle, access to new features and security updates. In other words: it is a win win situation, for both Ayfie and our customers.

 

Request Security Report