Security
Security
Protecting data and infrastructure: encryption, segmentation, signed OTA, on-prem deployments if required. Data belongs to the customer.
Network and access
- • Segmentation (separate VLAN), VPN/ZeroTrust, least privilege
- • RBAC, MFA for admins, click-to-reveal contacts
Encryption and signing
- • TLS 1.3 for external connections
- • AES-256 locally, HMAC-SHA256 for message signing
- • Integrity checks for updates
Devices and OTA
- • Device registration/certificates
- • Version control, signed OTA with rollback
Logs and audit
- • Connection history, admin activity log
- • Config logs, anomaly alerts
Deployment
- • On-prem server (data stays on site) or cloud/VPS, hybrid
- • Local cache if the link drops, backup power for gateways
Compliance and rights
- • ISO/IEC 27001, IEC 62443, NIST, GDPR if needed
- • Data and system belong to the customer; source transfer by agreement
Common threats and controls
- • Device spoofing → HMAC + unique tokens
- • Data interception → TLS/AES
- • Unauthorized access → RBAC/2FA
- • Network attacks → VLAN/firewall
- • Sabotage → logs + signing
CTA
Request the security policy
Policies, segmentation settings, cryptography, OTA, and audit.