I have to provide information about Balena for a security audit, so I was reading your security page here.
" Support access
Device access is granted to a subset of balena employees to enable support and device troubleshooting. This access is controlled by the same SSH access mechanisms described above, and only SSH key access is permitted. Balena employees access devices only for user support and to maintain device state and uptime with permission from the customer.
If desired, this functionality can be disabled by removing the balena SSH public key from the device (or from the base image before flashing it onto the device). However, this will render the device inaccessible remotely for the purposes of support or repairs and updates to the base OS. Thus this should be done with extreme caution and only after careful consideration of the tradeoffs."
How is the private key stored? Is the private key on a different AWS account so that if the primary Balena AWS account has been compromised, the hostile agent would not be able to get access to it. Is there an access policy in place to limit access to a trusted subset of Balena employees?
How does one of your amazing engineers that are doing a support shift ssh into our devices after I enable support access?
I think this section is a bit out of date because it mentions nothing about the ability to “grant support access” for only a limited time window.
You all do a fantastic job on security and I really want to highlight that in my report.