Security

How we secure Nexus.

We hold administrative access to our clients' systems. Here is how we protect it.

YubiKey

On every internal account

Managed devices

Company laptops only

Least privilege

Nothing standing, nothing permanent

Verified support

Both sides confirm a code

How we protect access to your systems

Why our security is part of yours

Four layers, and one is never enough

Ready to reclaim your team's time back for good?

Reaching a client environment means clearing identity, device, credential, and process. Defeating any one of them on its own gets an attacker nowhere.

Identity

YubiKey on every account

MFA universal

No opt-outs

Phishing-resistant

No shared logins

Identity

YubiKey on every account

MFA universal

No opt-outs

Phishing-resistant

No shared logins

Device & location

Nexus-issued laptops

No personal machines

Sign-in bound to the device

Known locations only

Unfamiliar origins blocked

Device & location

Nexus-issued laptops

No personal machines

Sign-in bound to the device

Known locations only

Unfamiliar origins blocked

Credentials

Vaulted, never shared

Separate per client

Least privilege

Just-in-time elevation

Credentials

Vaulted, never shared

Separate per client

Least privilege

Just-in-time elevation

Process

Client code

Technician code

Sessions logged

Connections approved first

Access reviewed regularly

Process

Client code

Technician code

Sessions logged

Connections approved first

Access reviewed regularly

Questions about how we operate?

If you are evaluating us, or a client or insurer has sent you a security questionnaire, ask us directly. We will tell you exactly what we do and what we do not do, without dressing it up.

Questions about how we operate?

If you are evaluating us, or a client or insurer has sent you a security questionnaire, ask us directly. We will tell you exactly what we do and what we do not do, without dressing it up.

Common questions

1.

Access to your systems

1.

Access to your systems

Who at Nexus can access our systems, and how much access do they hold?

Every technician has their own individual login. There are no shared accounts and no house password that everyone knows, so every action traces back to a person.



Access is scoped to the work rather than handed out broadly, and administrative rights are not held permanently. A technician elevates to the access a task needs, and that elevation expires. Standing admin rights sitting idle in an account are one of the largest risks in this industry, because they are just as available to an attacker who takes that account over as they are to the person who owns it. We also review who has access to what on a regular cycle, so nothing is granted once and forgotten. It is the same discipline we bring to managing your environment.

Who at Nexus can access our systems, and how much access do they hold?

Every technician has their own individual login. There are no shared accounts and no house password that everyone knows, so every action traces back to a person.



Access is scoped to the work rather than handed out broadly, and administrative rights are not held permanently. A technician elevates to the access a task needs, and that elevation expires. Standing admin rights sitting idle in an account are one of the largest risks in this industry, because they are just as available to an attacker who takes that account over as they are to the person who owns it. We also review who has access to what on a regular cycle, so nothing is granted once and forgotten. It is the same discipline we bring to managing your environment.

How do your technicians connect to our machines?
How do your technicians connect to our machines?
How often are credentials rotated, and what happens when an employee leaves?
How often are credentials rotated, and what happens when an employee leaves?
Where do our credentials and documentation live?
Where do our credentials and documentation live?

2.

How we hold ourselves to it

2.

How we hold ourselves to it

Do you run the same security you sell to clients?
Do you run the same security you sell to clients?
Do you carry cyber liability insurance?
Do you carry cyber liability insurance?
Are you SOC 2 or ISO 27001 certified?
Are you SOC 2 or ISO 27001 certified?
Can you complete our security questionnaire?
Can you complete our security questionnaire?

3.

If something goes wrong

3.

If something goes wrong

What happens if Nexus itself is breached?
What happens if Nexus itself is breached?
Someone called claiming to be from Nexus. How do I know it is really you?
Someone called claiming to be from Nexus. How do I know it is really you?
How do you keep a problem at one client from reaching another?
How do you keep a problem at one client from reaching another?

Need something we have not answered?

Send us the question, or the questionnaire. You will get a straight answer, including where the answer is no.

Need something we have not answered?

Send us the question, or the questionnaire. You will get a straight answer, including where the answer is no.

Get started today

Small enough to know your setup. Big enough to run it right.

A small team that gets to know your environment, so you're not re-explaining it to a stranger every time something breaks.

45+ years engineering experience

NJ, PA & NY coverage

24/7 monitoring

Vendor agnostic

Get started today

Small enough to know your setup. Big enough to run it right.

A small team that gets to know your environment, so you're not re-explaining it to a stranger every time something breaks.

45+ years engineering experience

NJ, PA & NY coverage

24/7 monitoring

Vendor agnostic

Get started today

Small enough to know your setup. Big enough to run it right.

A small team that gets to know your environment, so you're not re-explaining it to a stranger every time something breaks.

45+ years engineering experience

NJ, PA & NY coverage

24/7 monitoring

Vendor agnostic

Create a free website with Framer, the website builder loved by startups, designers and agencies.