Contents x
    Security Features
        Contents

        Security Features

            Article Summary

            Enterprise Security Features

            The Rayven platform is built from the ground up, with security as a top priority. Our proprietary security architecture ensures data remains secure across the complete IoT environment.

            How Rayven protects data

            • Solutions are hosted in a secure, private cloud.
            • Data in transit is encrypted:
              • Device-to-cloud encryption (device-dependent),
              • Device authentication via device keys (device-dependent), 
              • 256-bit SSL encryption between end-user devices (PCs, tablets, mobile phones) and the cloud. 
            • User access requires re-validation:
              • User permissions and role assessments checked against user data provided via API,
              • Dynamically updated real-time user access validation via API (push or pull).
            • Compulsory password requirements:
              • Minimum 8 characters,
              • At least 1 upper case character,
              • At least 1 lower case character,
              • At least 1 number,
              • At least 1 special character.
            • User data encrypted at rest:
              • Triple DES,
              • Password encryption via one-way SHA256 hash. 
            • Multiple methods of API authentication:
              • Username/password,
              • Multifactor,
              • Tokens.
            • Single Sign-On configurable as necessary.
            • Security event monitoring and incident handling:
              • Dedicated event monitoring at user and device levels,
              • Custom workflows in Rayven Flow Builder for handling incidents. 
            • Data confidentiality, integrity, and availability:
              • SHA-256 with RSA Encryption for data in transit from device to cloud, 
              • Optional 256-bit AES encryption for data at rest,
              • SHA-256 with RSA Encryption using use from cloud to screen. 
            • Security health checks on devices performed through configuration management:
              • Device security checks via automated polling and/or pull requests (device dependent),
              • Rayven Defender will automatically monitor data flow and check for anomalies indicating device tampering or error. 

            Security features supported by Rayven:

            • TLS Handshake Protocol: Enabling client and server to authenticate to each other and select an encryption algorithm before sending data.
            • TLS Record Protocol: Provides data encapsulation and encryption services. Works on top of the standard TCP protocol to ensure created connections are secure and reliable. 
            • SSL: Encrypts data sent between user-operated devices and the platform.
            • Certificate-based Device Authentication: Private and public key pairs allow additional authentication at the physical layer. The private key is stored securely in the device and is not discoverable outside of it.
            • Security (Bearer) Tokens:  Authenticate devices and services without sending keys on the network. 
            • Device Authentication: Enables the client and server to authenticate each other by the device ID.
            • Database Encryption: Encrypts structured database contents at rest. Available for private cloud customers only.
            • SFTP: Provides a secure connection to transfer files and traverse the file system on both local and remote systems.
            • Username and Password: Enables the client and server to authenticate via Username and Password
            • VPN: Provides security at the whole-of-server level for devices and/or users to connect to the platform. Only available for private cloud customers.

            Rayven's basic device authentication model

            Microsoft Azure Security

            In addition to the above, Rayven also leverages Microsoft Azure Security: 

            • Azure Security Center 
              • Identifies known security risks and provides recommendations.
              • Can provide various thread management tools, JIT VM access, alerts, and application limitations. 
            • Azure Policy 
              • Enables you to implement security-focused policies. 
              • Limits the creation of VMs with a public IP, restricts subscription permission management, and automatically deploys various agents. 
            • Role-Based Access Control (RBAC)
              • Creates and assigns specialized roles for Azure resources.
              • Enables you to utilize pre-defined roles.
            • Resource Locks 
              • Place locks on resources to prevent changes.
              • Combine with RBAC to set further access limits. 
            • Dashboards 
              • Create custom dashboards with views for different Azure services.
              • Create alerts for general Azure Service health issues.
              • Create alerts for different VM metrics, availability, and health.
              • Monitor and send alerts for unplanned network or infrastructure changes. 
            What's Next