As industrial companies rely more and more on asset tracking information to manage operations, protecting their data becomes more important than ever. Unfortunately, computer hackers are a highly sophisticated group, often possessing skills and technologies that outstrip the capabilities of businesses focused on trying to serve their customers. Moreover, data thieves can be relentless in their efforts to infiltrate company networks and steal information that can compromise an entire business and its customers.
That’s why it’s so important to partner with an asset tracking provider that employs the latest in data security tools and technologies. If you’re considering investing in an asset tracking system to optimize asset utilization, the following FAQs cover important information you need to know regarding asset tracking and data security.
What is the best approach for asset tracking providers to protect their clients’ data?
Because data security is so critical, industry experts recommend a multi-layered approach that provides data security at four points of contact, or layers.
- Endpoint layer. This involves securing the asset tracking device that relays the data to the tag reader and, ultimately, to the Internet.
- Network layer. This protects the data as it is being transmitted to the asset tracking software platform.
- Data application layer. This is what most people think of when they think about data security – detecting and protecting against outside intrusion into the system.
The final security layer consists of ongoing, high-level threat analysis and management. This involves collecting and analyzing data from the other three layers on a regular basis to identify, isolate and manage any threats to the system.
What specific technologies are used to protect each layer?
The technologies employed at the layer level are many and varied.
- Device layer. To protect the hardware (i.e., the asset tracking device) that transmits data to the Internet, manufacturers typically build in user verification security measures. The most secure devices include a subscriber identification module (SIM), which uses an integrated circuit to securely store the subscriber’s identity number, which authenticates the reader, smart phone or other mobile device of the person scanning the data.
- Connectivity layer. To secure the connections and the data from asset trackers to the software platform, asset manufacturers can employ virtual private networks (VPNs), commercial connectivity service (CCS) and custom private Access Point Names (APNs).
VPNs encrypt data, so you can send and receive data across public networks as if you were connected to a private network. A CCS connects your wide area network to a large cellular network, so you only have one remote location to secure. APNs act as a gateway between your mobile network and the Internet to ensure the connection between the asset tracker and scanning device is approved.
- Data/application layer. To protect this layer, asset tracking providers typically employ a variety of security tools and technologies, including onsite and cloud-based firewalls, encryption, DDoS (distributed denial of service) mitigation, and cloud web security. DDoS mitigation tools are designed to actively resist and mitigate outside attacks intended to disrupt or shut down system performance. Cloud web security works by rerouting data to the cloud rather than directly to the platform server. This enables the cloud to filter and block unwanted attempts to use the system.
- Threat analysis layer. Identifying and managing threats starts with understanding how, when, where and by whom your asset tracking devices are being used. Specifically, it involves analyzing data traffic from each device, connection or application for anomalies in order to identify and respond to potential threats.
As the asset tracking industry continues to evolve toward Internet of Things (IoT) solutions, what techniques are used to protected IoT devices?
As mentioned above, it starts with embedding endpoint, network, data/application, and threat management security measures to protect the physical and media layers of the network. The same needs to be done with “edge” devices – the PCs, laptops, tablets and smart phones people use to access the data and interact with the system. Other recommended strategies include:
- Building security measure into the network that specifically address the challenges of protecting applications
- Incorporating a cloud strategy and security posture
- Maintaining security integrity throughout the life cycle of each asset tracking device
- Matching the right security technology to each potential threat and how it might evolve over time
At Tenna, we take data security – yours and ours – very seriously. Through our relationship with AT&T, we are able to take advantage of many of their security services, including their SIMs, APNS and more, to make our hardware devices and our software platform as safe and secure as possible. To further enhance the security of our product, we:
- Host all customer data on Amazon Web Services (Elasticsearch and Postgres).
- Use HTTPS-level browser protection and hashed passwords for all users. This limits access to the system through a dedicated web portal that does not allow any other type of network access.
- Do not allow SSH, FTP or other types of access to our web servers.
- Protect our back-end database with secure passwords and very limited access.
- Use randomized database, usernames and passwords and change them every two months.
- Perform daily back-ups of all data.
- Run all code from a git repository, regularly restarting the servers as they scale and are removed. Each startup pulls code from git and starts with a clean system image.
- Use Heroku, which implements the latest Linux system patches and libraries.
- Limit the possibility of rogue software by only installing what we need on host machines.
- Use secure JWT tokens, signed with a 256-bit key, for interactions with Tenna APIs.
- Limit access to our production site administrative functions to two people.
- Use signed images on our remote devices; software upgrades can only take place with valid signatures.
- Do not allow VPN access to the Tenna local LAN, which prevents remote access to employee workstations.
- Employ virus scanning on all laptops used at Tenna.
- Lock down all access to Tenna through our firewall.
For asset tracking as secure as you can get, call Tenna at 833-50-TENNA, or book a demo today.
About Greg Arlen