FAQ
• What elements do the solution consist of?
The Solution consist of 2 elements: the Cloud Unit and the IoT sensors.
The Cloud Unit (CU)is the environment that gathers the metrics collected by the sensor and display them in graphics the the user interface (Portal).
CU can be consumed as a cloud services or hosted in private cloud/datacentre.
The IoT sensors are small devices deployed at the user locations to emulate user requests (browsing, accessing applications, etc.) and collect the application response.
• What assessments made to ensure data integrity and safety?
IoT don’t hold data captured but have credentials/tokens to authenticate into the cloud unit (DB, orchestration, etc.) these are stored securely in an encrypted partition.
Cloud Unit can be hosted in public cloud dedicated private tenancy or in the customer facilities (detancetre or on-prem).
CU disks are encrypted and data transfer is protected with TLS.
• How can I be sure the device is not spying on me?
The sensor are only testing response to the designated targets (applications and infrastructure) and report the metrics back to the cloud unit.
Targets can be web applications, servers, DNS, network devices or the wireless signal.
No other activity is performed by the sensor.
• What safety is in place in the cloud – Data at rest
Native cloud encryption –
AWS: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html
Azure: https://docs.microsoft.com/en-us/azure/security/fundamentals/azure-disk-encryption-vms-vmss
GCP: https://cloud.google.com/security/encryption/default-encryption
• IOT takeover – what is in place to stop ?
IoT devices have no physical ports visible/enabled other than the power socket.
Connection inbound access is prevented by firewall rules (deny any). Only outbound communication is allowed, specifically the emulation of user traffic for application testing and connection back to the cloud unit.
This approach results in hardened devices with a very reduced attack surface, and prevent the hijack for use in malicious purposes such as DDoS.
• Where is data stored?
Data is store in the Cloud Unit. CNA with CU as could service (SaaS) is currently hosted in AWS London region.
The Cloud Unit can be hosted in any location in most clouds, or on private hosted environments.
