There are several updates coming to your MLG/Medallia program. Beginning in 2025, Medallia will require enhanced security protections to be implemented on all MLG/Medallia client programs, specifically the use of PGP for all export/import processes and the use of key-based authentication for SFTP accounts. Previously, these were optional and highly recommended.
Background
Use of PGP file encryption and key-based authentication have been Medallia’s recommendation since 2008 and many Medallia clients, including a large number of MLG credit unions already successfully use this technology.
Medallia constantly evaluates its policies in light of a changing security landscape and industry best practices. We strongly believe that this is the right move to protect our clients’ businesses most fully.
Impact
All MLG clients will need to update the following before October 31st, 2025:
- Encrypt files sent to Medallia with Medallia’s public PGP key.
- If you do not already encrypt files that are sent to Medallia, your credit union must encrypt them using Medallia’s public PGP key – see additional file attached to this email.
- Complete this form to notify MLG when your files will be encrypted.
- Provide your credit union’s public PGP key to MLG to encrypt export files that you receive from Medallia via SFTP.
- We understand that you may have automation set to pick up and process these export files and do not want to disrupt these processes. Complete this form to send your credit union’s public PGP key and let the MLG team know when you would like the file encryption to begin.
- Access to your Medallia SFTP site will must be authorized using key-based authentication (SSH).
- Use this form to send your credit union’s SSH public key to MLG.
- MLG will work with Medallia to add your key to the approved list for your SFTP site.
- Once added, MLG will confirm with your team. You will need to adjust your process to receive & deliver files via SFTP to authenticate using your SSH public key.
Critical items such as data security during transmission and at rest, invitation and export data file formats will all remain the same. Additionally, this will not affect user logins or reporting within your Medallia Report Site.
Timing
Your Medallia system is ready for you to make these updates at any time. As always, MLG will provide support to you and your team should any questions or issues arise as you make these updates.
Medallia will no longer pick up or send unencrypted files or allow password-based authentication to their SFTP sites after January 3, 2025. All MLG clients must adopt these new standards by that date.
I have attached a Frequently Asked Questions document for your review. Please feel free to share any additional questions you may have via email at support@memberloyaltygroup.com.
Additional MLG/Medallia Enhancement Coming Soon
Later this year, MLG will introduce comprehensive admin capabilities in Medallia for all credit unions. This upgrade will provide your team with complete visibility and control over users management, including roles and restrictions.
Stay tuned for more information on this exciting enhancement.
Comments
0 comments
Article is closed for comments.