How is data security ensured?
Data security at TomorrowThings is ensured through a multi-layered approach that integrates robust technical, organizational, and legal measures, with a strong emphasis on compliance with industry standards and data protection regulations.
Our comprehensive security framework includes:
- Compliance with Data Protection Regulations: We are fully committed to adhering to stringent data protection regulations, most notably the General Data Protection Regulation (GDPR). This governs how we collect, process, and store personal data, ensuring your rights and privacy are protected.
- Secure Data Hosting: Your data is stored in highly secure, certified external data centers. These facilities are selected based on their adherence to international security standards (e.g., ISO 27001, if applicable, otherwise state general certifications) and robust physical and environmental controls. Our data centers are located within regions that support strict data residency requirements.
- Encrypted Data Transmission: All data exchanged between the Hilscher Compact Edge Gateways, the Things Cloud, and your user interfaces is protected using industry-standard encryption protocols, such as Transport Layer Security (TLS 1.2/1.3), to prevent unauthorized access during transit.
- Robust Access Controls: We implement strict authentication and authorization mechanisms, including multi-factor authentication where appropriate, to ensure that only authorized personnel and systems can access data, with access rights based on the principle of least privilege.
- Continuous Monitoring and Auditing: Our systems are continuously monitored for suspicious activities, security vulnerabilities, and performance anomalies. Regular security audits, penetration tests, and vulnerability assessments are conducted by independent third parties to identify and mitigate potential risks proactively.
- Secure Software Development Lifecycle (SSDLC): Security is integrated into every phase of our software development process, from design to deployment, through secure coding practices and peer reviews.
- Organizational Measures: Our internal policies and procedures mandate strict data handling protocols, employee training on data protection, and incident response plans to address any security events swiftly and effectively.
By combining these comprehensive measures and upholding strong compliance standards, we ensure that your operational data within Things OS is continuously protected against unauthorized access, loss, or manipulation.
Related Articles
Who owns the stored data?
The data generated and stored by your machines through the Things OS platform unequivocally remains your property. As your service provider, TomorrowThings acts solely as a data processor. This means we process and store your data exclusively for the ...
Where are the data hosted?
We use external services for web hosting. These services may have access to personal data processed in the context of using our online offering. Further information on the services used, the scope of data processing, and the technologies and ...
How secure is Things OS?
We take data security with the utmost seriousness and have implemented robust measures to protect your information across all layers of the Things OS platform. Our comprehensive security framework is designed to ensure the confidentiality, integrity, ...
Can I deploy and scale databases with Things OS?
Yes, absolutely! Things OS provides a robust and flexible platform for the seamless deployment and scaling of your database solutions. Our architecture is designed to meet the dynamic demands of modern applications, whether for IoT data streams, ...
What is a VPN?
A VPN, or Virtual Private Network, is a technology that establishes a secure and encrypted connection over a less secure network, such as the internet. It allows users to send and receive data across public networks as if their computing devices were ...