Protecting Your Data
We understand the value you place on your data and systems. We’ve used rigorous technologies and practices to ensure that we keep your data secure and have obtained full SOC-2 certification. Please read on for details of our implementation in regards to reliability, security, and access.
RELIABILITY
Reliability is designed and built into our system from the foundation up. Our distributed, cloud based architecture is designed to provide the level of reliability required to support critical 24x7 operations.
Based on and operates on a world class Platform as a Service (PaaS) system that provides fully secured and redundant cloud infrastructure.
Active monitoring of all services, databases and web applications to ensure early notification of any issues so that they can be resolved before affecting system performance.
Scalable deployment capabilities that allow additional resources to be added and new execution systems to be deployed as needed to meet demand.
SECURITY
Infrastructure Security
We hosted our system on a leading cloud infrastructure provider that provide world class platform security.
We set and continually monitor all networks and perimeters to repel any intrusion attempts.
Customer Data Protection
Depending on a customers chosen deployment option we provide either logical tenant separation or actual physical tenant separation.
All data in-transit is encrypted (TLS 1.2, TLS 1.3).
All data at rest is encrypted (AES-256).
Organizational Security
Quarterly Security Education & Awareness Training.
All developers are required to complete annual secure coding practices training.
We provide 24/7 Monitoring and Incident Response to all system security issues.
Annual audit of all vendors as part of our Risk Management program.
We review and reassess annually our Risk Assessment to ensure no new issues have been identified and existing ones are managed correctly.
Application Protection
We utilize Web Application Firewalls (WAF) to control all access to our applications.
We use sophisticated automated tools to perform regularly scheduled vulnerability scanning and penetration tests.
We contract with a 3rd party to perform an annual security assessment and penetration test.
Authentication
Our authentication system is based in a globally known and used secure access platform. For users of our normal subscriptions. Multi-Factor authentication (MFA) can be turned on for any account.
For customers that select to deploy in their own dedicated instance using an Enterprise license, an even wider set of authentication options can be provided including Single sign-on (SSO) using a variety of systems including your own, Google and Windows Active Directory..
CONTROL
When we connect to your industrial data sources we understand that the information contained in that data can often include key company secrets. In the system, that data remains in your control and under your full ownership. You have full access to all of the data in the system and at any time, if you decide to leave, we can provide you a full export and at the same time remove all of the data from our repository.
pulseCHECKER provides a great deal of flexibility in user access. The system supports over 65 specific privileges. Roles can then be created that are collections of privileges and can be assigned to Users or Groups. The system ships with a default set of Roles to make initial set up easy.
END-TO-END SECURITY
The pulseCHECKER platform is secure from the edge to the application layer through the cloud. The security is composed of LoRaWAN Network Security at the edge, TLS to the cloud and SAML at the application layer.
On the edge: LoRaWAN Stack
The LoRaWAN stack is built on top of LoRa modulation (PHY) and adds a full security layer with device identity, authentication, and authorization. The stack uses symmetric AES128 keys as described in IEEE 802.15.4/2006 Annex B. MAC for encryption. These keys are used for layer related frames encryption using a Network Session Key (NWKSKey) while the applications frames are encrypted using an Application Session Key (AppSKey). Similar to routers, the gateways used in a LoRaWAN can forward from and to the cloud using DTLS, TLS, or VPN without decrypting or knowing any of the keys.
In the cloud: LoRaWAN Network Server (LNS)
Within the LNS lies the registry of devices and gateways that transmits data to the cloud. Each device is identified with a couple of unique identifiers called the DevEUI and AppEUI. The AppSKey and NwkSKey are negotiated1 along with the regional regulation settings when the device joins the network. The last stage of the LNS is to forward all traffic to the Cloud using HTTPS (TLS/SSL).
In the application: pulseCHECKER Cloud
pulseCHECKER supports different device connectivity protocols without compromising security. All communications such as database connections and service-to-service communications within the platform are encrypted. In addition, data is encrypted within the database, and we enforce rigorous access control list (ACL) for staff personnel and customer data. Our customer applications and backend system utilizes the standard OpenID Connect (OIDC) and SAML 2.0 protocols to initiate and authenticate any requests to our APIs. These protocols are the modern security standard for user-to-service and service-to-service communications.