When it comes to security, we have it covered.
We understand that connected devices have lots of potential interaction surface areas and interaction patterns. We consider these closely in delivering our robust framework for securing digital access to these devices.
Yurika’s IoT Platform manages security based on a core set of principles aligned to our layered framework of security requirements.
The physical protection of devices. Production devices can be protected against physical access to data and intellectual property by physically barring access and removing all means of unwanted connection.
Secure operating system
‘Hardening’ the operating system helps protect against security threats by using the latest software, removing all unnecessary access rights and functions, and limiting visibility of the system.
Security is designed in from the outset and not added on as an afterthought. Our documentation of security design ensures subsequent issues can be more readily addressed.
Our database contains all device interaction and related data. The implementation of our platform solution ensures that this data is secure and safe all the time.
‘Credentials’ are evidence of the identities of people or other entities. They can take many forms and are used to control access to data or enable secure communications. Compromised credentials are the easiest way to gain unauthorised access to data or services. Passwords, encryption keys, digital certificates and other credential data is handled securely and updated periodically.
Event logging is vital for aiding fault and security management, and must be reliable, accessible, and confidential.
Our platform uses strong encryption algorithms. Any data attributable to an individual is encrypted to ensure privacy and comply with data protection regulations. All management data is encrypted to protect the integrity and availability of the service.
Network connections are vital. To protect points of access, limitations are in place to minimise access routes to the device. We also ensure devices only make connections required to function; and that sensitive data (e.g. keys, personal data, passwords) exchanged over those connections are kept secured and secret.
We offer Role Based Access Control for platform users
To access the platform, users will be onboarded and collaboratively categorised:
- Customer administrator
- Application developer
- Dashboard viewers
Proposed changes made to dashboards and devices will be developed and tested in the Research and Development environment where customers can be assigned Application Developer Role. This allows customers to safely test new configurations before they are released in a controlled manner by Yurika and its platform partner into the Production environment.
The Production environment will only allow the dashboard viewer role. This is to ensure that no adverse changes are made to dashboards and functions that impacts other users.
Roles are not mutually exclusive, and users may be assigned both developer and user roles.
Supporting secure device access
Device credentials are used to connect secure devices and applications to the Yurika IoT platform. There are 3 supported methods:
- Access Tokens: general purpose credentials that are suitable for wide range of devices that authentication may be used in non-encrypted or one-way SSL mode.
- Basic MQTT Credentials: based on MQTT Client Id, username and password that may be used in not encrypted or one-way SSL mode.
- X.509 Certificates: PKI and TLS standard. X.509 Certificate based authentication that is used in two-way SSL mode.
- The device credentials need to be provisioned to corresponding device entity on the platform via Device management. It can be done:
- Automatically, when a device is created in the platform, it can have its credentials automatically generated.
- Manually, defining the device credentials in the device definition (See Ref. 4, Appendix 5 -Yurika IoT Platform User Guide for more details).