Data Privacy
Thingsee IoT transmits, stores and manages the data specified in the Thingsee Message APIs. This data is originated from the devices based on the use case configuration and identified only by the device serial number. Thingsee IoT Cloud doesn’t map the devices to a client asset ids or users. The design principle is that it is customer cloud responsibility to create the identitiy layer for the devices and the data.
Single tenant
Thingsee IoT Cloud is hosted as a single-tenant deployment per each of the customer. This allows well-isolated hosting and flexiblitity in hosting locations. Thingsee IoT Cloud can be hosted in any of the AWS regions, so that the region can be chosen based on the customer preferences or location.
Customer controlled data pipeline
Thingsee IoT Cloud integrates to customer cloud by using the APIs and authentication methods defined by the customer cloud. Some of these integrations are described in data integration sections on these support pages.
AWS IoT Competency
Thingsee IoT Cloud has achieved AWS IoT Competency. This ensures that we are following all the best practices from AWS, and that all the ticks that we need to check for large scale commercial setups are met.
- https://aws.amazon.com/compliance/programs/
- https://aws.amazon.com/security/
Secured IoT WAN connections
Thingsee connects to cloud using managed and secured cellular connections. All the connections are done using enterprise SIM management and connectivity. That’s for the gateways that have cellular connectivity option. For the gateways that are connected over LAN, we secure the communication using standard AWS IoT certificates. We expect that the LAN network is otherwise managed and secured by some local IT or other guys/gals who knows networking.
Secured IoT mesh connections
We use Wirepas mesh connectivity, and utilize their security mechanism. What we do is burn, lock, hide, encrypt, and certify our Wirepas-mesh connectivity parameters during our manufacturing processes so that there is no way to get unauthorized access to the mesh network. The only way to get sensors connected is to have them manufactured using our tools, our factories, and a pile of different keys and parameters that manufacturing services knows – and dedicated only to your set of devices.
Secured IoT gateway
ThingseeGATEWAYs are closed. The only external access is through AWS IoT Core (and you can’t get to that unless you have the right certificates). There are no external services running, no SSH service, no nothing to try to connect to. ThingseeGATEWAYs are simple MCU powered devices running NuttX open source RTOS with only those services that are critical for the device operations. The USB connection is only for charging.
Manufacturing services
Handling and managing manufacturing services (incl. security) is one part of our daily work. It is so critical for our products, so that we have developed our own toolset just to make it right. You can read our blog post about Haltian Engineering Almighty Tool.