In the Anavio app, cybersecurity measures center around the principles of Defense-in-Depth, Security by Design, and Zero Trust. These security approaches are vital components of our commitment to ensuring the utmost protection for our users' data and systems.
Defense-in-Depth
Given the fact that we deploy on Google Cloud, we are taking advantage of the measures applied by default, such as:
Network Security
Our platform by default incorporates firewalls, network segmentation, and traffic isolation to prevent unauthorized access and minimize the impact of potential breaches. Google's global network is designed to withstand and mitigate Distributed Denial of Service (DDoS) attacks.
Identity and Access Management (IAM)
Access to our Google environments is highly limited and controlled by using specific Google IAM features such as multi-factor authentication (MFA), role-based access controls (RBAC), and granular permission management.
Encryption
Encryption is a fundamental aspect of the Anavio app. We enforce encryption at rest for data stored in Google Cloud services, as well as encryption in transit for data transmission. In our platform, all databases, both platform and edge, are encrypted by default, and all data in transit occurs under TLS 1.3
Vulnerability Management
We leverage Google Cloud vulnerability management practices to identify and remediate vulnerabilities promptly. This includes proactive scanning, patch management, and regular security updates. Google also provides vulnerability reports and maintains strong relationships with security researchers to address potential issues.
Threat Detection and Monitoring
We leverage advanced threat detection capabilities to monitor for suspicious activities and potential security breaches. It employs machine learning and analytics to analyze network traffic, user behaviors, and system logs to detect anomalies and potential threats.
Compliance and Auditing
We take advantage of the fact that Google Cloud adheres to industry-standard security certifications and compliance frameworks, such as ISO 27001, SOC 2, and PCI DSS. It undergoes regular independent audits to ensure the effectiveness of security controls and maintains transparency by providing customers with access to audit reports and compliance documentation.
Security by Design
Security by Design is ingrained in our development practices from the ground up. Our teams follow industry-leading security frameworks and best practices, ensuring that security considerations are at the forefront of our design and development processes.
Key elements
- Adherence to secure coding practices, minimizing vulnerabilities and reducing the risk of exploitable weaknesses.
- Rigorous security testing throughout the development lifecycle, including vulnerability assessments and penetration testing.
- Regular security audits and reviews to identify and address any potential gaps or risks.
- Integration of security controls and mechanisms into the core architecture of our IoT platform, providing a strong foundation for safeguarding data and system integrity.
Zero Trust
Our IoT platform is built upon the Zero Trust principle, which means that we assume no implicit trust for any user, device, or network. This approach focuses on strict access controls, continuous authentication, and thorough verification. We currently implement three out of the five key principles of Zero Trust and we are working on achieving the remaining two:
Identity-centric security
Under Anavio app authenticating and authorizing users based on their identities rather than relying solely on network location. User identities are verified through multi-factor authentication (MFA). By tying access permissions to individual user identities, organizations can ensure that only authorized individuals can access specific resources.
Least privilege access
The concept of least privilege access means granting users the minimum level of access necessary to perform their tasks and access the required resources. Instead of granting broad, blanket access to our platform, Zero Trust enforces granular access controls using scope level access. This approach helps reduce the potential attack surface and minimizes the impact of a compromised account or device.
Micro-segmentation
This is achieved implicitly by using Google Cloud as our deployment platform.
Continuous monitoring and analytics
All kinds of activity under the Anavio app is recorded at a very granular level. Applying analytics on our platform logs is currently being developed.
Risk-based authentication
Risk-based authentication adjusts the level of authentication required based on risk factors associated with a specific access request. For example, if a user is attempting to access a sensitive resource from an unfamiliar location or using an unrecognized device, the system may prompt for additional authentication factors. Risk-based authentication helps organizations balance security and usability by applying appropriate levels of authentication based on the risk profile associated with each access attempt. This feature is currently under development.