Privacy and Security Built in from the Ground Up
Because our platform makes extensive use of image sensors, both privacy of the images they provide and the security of the platform from edge to cloud is paramount to the system design. The data pipeline and related security measures are summarised here.
Security Overview
Data Residency
By default we host in the Azure Data Centre, hosted in UK (Azure UK South Data Centre). Other locations are available
Encryption
Data is encrypted in transit and at rest (device, cloud & mobile), aligned with industry standard end to end security protocols (RSA 2048, TLS 1.2)
Data Isolation and Auditing
- Data is isolated via strict access control, making data only accessible by the intended user
- Access to data is traceable and is logged for 30 days
Access Control
User access control managed via internal access management procedures. System access control managed by internal system identity & access management service (e.g. SSO)
Security by Design
- Gateway software has been engineered to prevent off-site camera viewing
- Inter-process communication secured by Mutual TLS (future)
- Cross network communications secured using signed short life tokens
- All security specifications are applied consistently across all parts of the application stack (device, cloud & mobile)
- MFA enforced for all SeeChange access. MFA optional for customer
- End to end design is independently reviewed (by NCC)
Standards and Specification
By default we host in the Azure Data Centre, hosted in UK (Azure UK South Data Centre). Other locations are available
Response
- Automated alerting around security events
- Capability to integrate with Security Operations Centre