PureComms Security
- TLS 1.2 protocols, AES-256 encryption
- Always protected with over the air patches
- Validated by 3rd party audits
- Robust end-user security tools
- Redundant hosted software service
24/7 Security and Monitoring
AES-256, which has a key length of 256 bits, supports the largest bit size and is practically unbreakable by brute force based on current computing power, making it the strongest encryption standard.
These days we take it for granted that our smart-phone applications are updated, often automatically based on the rules we set. Those rules might be allowing updates to happen automatically when devices are connected to a Wi-Fi network for apps, and overnight when we are not using our mobile devices for OS updates. Over-the-Air (OTA) Updates does precisely that, with minimal impact.
As reports of security threats and data breaches rise, clients want added assurance that an organization can be trusted with their confidential information. As businesses strive to align with industry standards and best practices when it comes to security. Third party auditing ensures that security matches current best practices.
Our unit provides administrative tools to protect your organization’s data, including user management with email verification, authentication audit logs, and two factor authentication (via Google Apps). Moreover, we enforce robust user authentication, with data access requiring authentication via a third party.
Generator Data View
HP Generator Data View
Security In Depth
Hardened Cloud Infrastructure
Samsara’s cloud-hosted infrastructure is designed and managed in alignment with the best practices of multiple IT security standards. Samsara’s underlying infrastructure leverages Amazon AWS, which is ISO 27001 and SOC 1 Type II certified, and is rated as the leader in cloud security by research firm Forrester.
Network devices, including firewall and other boundary devices, are in place to monitor and control communications at the external boundary of the network and at key internal boundaries within the network. These boundary devices employ rule sets, access control lists (ACL), and configurations to enforce the flow of information to specific information system services.
ACLs, or traffic flow policies, are established on each managed interface, which manage and enforce the flow of traffic.
Samsara is built on a secure multi-tenant cloud architecture with logical data separation. Customer data is logically separated across distributed databases with required authentication checks for every application-layer and data-layer access made to any tenant’s data. The logical separation ensures that data is always associated with exactly one customer and required authentication checks at the application and data layers ensure that data is completely isolated by customer and accounts provisioned for that customer.
Samsara employs a Virtual Private Cloud to provide resource isolation and minimize attack surface area. Samsara services are protected by IP- and port-based firewalls. Administrative access to Samsara’s infrastructure is highly restricted and verified by public key (RSA). Distributed Denial of Service (DDoS) attacks are mitigated with elastic load balancing and highly available DNS services.
When a storage device containing customer data has reached the end of its useful life, procedures include a decommissioning process that is designed to prevent customer data from being exposed to unauthorized individuals. Techniques detailed in DoD 5220.22-M (“National Industrial Security Program Operating Manual “) or NIST 800-88 (“Guidelines for Media Sanitization”) are used to destroy data as part of the decommissioning process. All decommissioned magnetic storage devices are degaussed and physically destroyed in accordance with industry-standard practices.
Physical Device Protections
Samsara recognizes the importance of securing your data from the device to the dashboard. Our gateways are designed and tested to prevent unauthorized access and interference, including through the following safeguards:
Command Safe List
Samsara’s gateways allow only a pre-approved list of commands to be sent to the vehicle, blocking malicious or otherwise unwanted commands.
Hardware-Level Verification
Samsara gateways won’t operate if someone remotely tries to run malicious code on them, with built-in (asymmetric) cryptographic digital signatures using a public key for verification with on-device tamper protections.
Penetration Tests
Samsara includes its gateways as part of its annual penetration tests and triages, prioritizes, and remedies the results of those tests in a timely and appropriate manner.
No Default Passwords or Debug Modes
Samsara never ships vehicle gateways with standard passwords and disables all debug interfaces, preventing unauthorized access to or discovery of information about the state of the device through IoT search engines or similar methods.
Encryption
SOC 2 Reporting
24/7 x 365 Monitoring
Security Tools for Administrators
Security Disclosure Policy
Contact Us to Learn More About PureComms Security
Fill out the contact form below, and one of our experts will be in contact with you shortly to answer your questions about the PureComms Security system.