Troverlo Customers rely on our Troverlo Platform to provide real-time asset tracking capabilities through Wi-Fi asset tag observations posted by our Troverlo Tag Readers, Mobile App, as well as our Global Observation Network (GON) partners. The dependable, low latency and efficient delivery of the observations from the tags associated with customer assets through our reliable service delivery to customer’s systems and users is essential. Troverlo Platform is a secure platform that our customers can rely on to fulfill their asset-tracking needs.
The Troverlo Platform is a multi-tenant platform where all data is separated and protected on a per-tenant basis. All partners and customers are tenants within our platform and access to data is strictly controlled both for the human users/employees of the customers and partners as well as the machine interfaces in use by those same customers and partners. The Troverlo Platform is fully hosted in a cloud environment and can operate in any of the major cloud provider’s environments: Microsoft Azure, Amazon Web Services, and Google Cloud Platform. Our platform can also operate in a hybrid cloud environment should the need arise in the future. We are currently utilizing the Azure environment for our production platform deployment.
Operational Security
Incident Management
All systems and devices that are part of the Troverlo Platform are secured. Systems on the network are at risk from threats and vulnerabilities and if compromised could have adverse effects on the customers, organization, reputation, and employees. It’s Troverlo’s responsibility to ensure that systems are secure at all levels. Information on all devices is treated as sensitive and protected from unauthorized use. Information stored or transmitted is secured from being modified or replaced by an unauthorized user. The lifecycle as defined by NIST SP 800–61 is used as part of the incident response process.
Troverlo Platform systems monitor threats in real-time. If a threat were to occur and become an incident that breached a security policy then the issue is raised either by automated systems or by our DevOps teams. The issue will be properly prioritized and triaged based on its classification. An IRT (Incident Response Team) is responsible for handling incidents, analyzing, reporting, and eradicating security breaches.
Response is an important step to ensuring full containment of an incident is secured. If not handled properly the threat or attack could spread to multiple systems causing unnecessary damage. The IRT team response is governed by the established incident response process that contains the following elements:
-
Incident containment and stakeholders notification
-
Eradication and recovery are necessary to eliminate the offending components from the network
-
During the recovery process, all infected systems are identified and remediated (NIST SP 800–61) allowing operations to return to normal so that recovery time is quick for high-value systems.
-
-
A post-incident review ensures that the organization understands the failures and lessons learned from the incident
-
This helps us improve policies, control processes, and technology that have been affected during the incident
-
The following are a few questions to consider when performing a post-incident review:
-
Was all documentation from the incident produced?
-
During the incident, was the following answered: Who What? Where? When? And How?
-
Can the lessons learned meeting be performed within a few weeks?
-
Was the incident properly handled by the assigned teams?
-
Are there any areas that can be improved or handled better?
-
-
Furthermore, the incident response is tested via mock and penetration testing allowing us to simulate a real breach and how the IRT responds to an attack or incident.
Change Management
A formal Change Management Policy has been defined by Troverlo to ensure that all application changes have been authorized prior to implementation into the production service platform. Source code changes are initiated by developers who would like to make an enhancement to the Troverlo Platform. All changes are stored in a version control system and are required to go through automated Quality Assurance (QA) testing procedures to verify that security requirements are met. Successful completion of QA procedures leads to the implementation of the change. All QA-approved changes are automatically implemented in the staging environment while DevOps teams control deployment to the production environment. Our software development lifecycle (SDLC) requires adherence to secure coding guidelines, as well as screening of code changes for potential security issues via our QA and review processes. All changes released into production are logged and archived, and alerts are sent to Troverlo management automatically for all deployments. Changes to Troverlo Platform are restricted to authorized personnel only. The Troverlo Security team is responsible for maintaining infrastructure security and ensuring that servers, firewalls, and other security-related configurations are kept up to date with industry standards. Any security devices that need updates or modifications follow Configuration Management Control processes. A Change Request (CR) is opened and assigned to the proper person by the Change Advisory Board (CAB) to ensure:
-
Necessary resources are allocated
-
Roles and responsibilities are defined
-
A planned timeline for deployment exists
-
Sandbox environment implementation practiced
-
Announcement of implementation date and planned outages occurs
-
Deployment of changes is executed
-
Completion announcement is sent
-
Follow-up and lessons-learned review is performed
Monitoring
Troverlo uses a combination of automated monitoring tools, information gathering from internal network traffic agents, employee actions on systems, and outside knowledge of vulnerabilities to constantly monitor and identify potential security threats. At our cloud ingress/egress points traffic is inspected for suspicious behavior, e.g. presence of botnet connections. This analysis is performed using a combination of open-source and commercial tools for traffic capture and parsing. Our correlation system supports this analysis and escalates to our DevOps Teams for immediate treatment or automatically corrects the issues by segregating the compromised components and switching to healthy components.
Network analysis tools include flow, packet, and system logs used by our DevOps security teams to identify unusual behaviors, e.g. attempted access to customer data. Our services, network, and customer devices are constantly monitored ensuring fast detection, automated correction or quick escalation, logging, auditing, and tracking. Customers and partners are provided with appropriately filtered access to this information and are always in-the-know when service is impacted, and issues resolved.
Information Security
Employee Policies & Access
Upon hire, every Troverlo employee and 3rd party contractor is required to complete a background check, sign a security policy acknowledgment and non-disclosure agreement, and receive security training. Only individuals who have completed these procedures are granted physical and logical access to the corporate and production environments, as required by their job responsibilities. All employees are required to complete annual security training and receive regular security awareness training via informational emails, talks and presentations, and resources available on our intranet. Our Troverlo Platform network and resources are physically separated from Troverlo’s internal corporate resources. Only the employees working in the Troverlo Platform environment have tiered privileged access to those resources. All employees joining the Troverlo team receive additional operational and security training specific to this service and join our DevOps team.
Employee access to Troverlo Platform resources is maintained by a central directory and authenticated using a combination of strong passwords, passphrase-protected SSH keys, multi-factor authentication, and OTP tokens. Troverlo is moving towards a Zero-Trust security model where access to each and every component is authorized and authenticated every time a component is accessed. The development engineering resources are separated from production resources within our cloud environment requiring rigorous authentication using the same security methods used for our production systems. Firewall configuration is tightly controlled and limited to a small number of administrators. Our internal policies require employees accessing our production environment to adhere to best practices for the creation and storage of SSH private keys. Access to all resources, including data centers, server configuration utilities, production servers, and source code development utilities are granted through explicit approval by appropriate management. A record of the access request, justification, and approval are recorded by management, and access is granted by appropriate individuals.
Troverlo Platform employs technical access controls and internal policies to prohibit employees from arbitrarily accessing customer files and to restrict access to metadata and other information about customer accounts. In order to protect end-user privacy and security, only a small number of engineers responsible for developing core services have access to the environment where customer files are stored. All employee access is promptly removed when an employee leaves the company or Troverlo DevOps teams.
Customer and Partner Access
Troverlo Platform services are managed and accessed by the customers and partners through RESTful [3] and MQTT APIs as well as our web-based Customer and Partner Portal [4] and Android App. Our Portal [4] is owned and managed by Troverlo and hosted in Microsoft Azure Troverlo Platform Cloud Account. Troverlo takes advantage of all Microsoft Azure security features described in [1]. This portal is the only management access that any 3rd party has to Troverlo Platform, its offerings, and Wi-Fi tags and readers. All individual user accounts are held under the user’s enterprise tenant. As such, each tenant organization is first onboarded by Troverlo and required to accept and comply with a service agreement prior to any individual from that organization requesting and obtaining their user account. The tenant account is administered by a registered custodian from the customer or partner organization. Every user is required to accept [2] during initial account creation and required to comply while using the customer and partner portal and throughout the life of the user account.
Troverlo Platform utilizes a flexible privilege model for the Customer and Partner Portal [4] access. All individual user accounts belong to their company/organization and can only access information available to that organization. Users may have Administrator, Manager, or Viewer access. The Viewer access allows users to view the relevant management information related to the assets, tags, subscriptions, and services. The Manager and Administrator access allows for device and service activation in addition to Viewing access. Access is designated and managed by the tenant Administrator for each tenant user account.
Data Privacy
As Troverlo Platform is an extension of our customer infrastructure, partners and customers can rest assured that we are responsible custodians of their data. Troverlo Platform adheres to the privacy policy published in [2].
Troverlo Platform Security
Troverlo Platform has been developed in a secure cloud environment with security in mind from the onset. Troverlo Platform in Azure is backed by Azure security tools and processes. We utilize Microsoft Defender for Cloud [5], previously known as Azure Security Center, to continuously scan and defend against any security issues. Our operational processes constantly address any findings from [5] scans. Our Customer and Partner Portal [4] is hosted using Azure App Services whose security capabilities are identified in [7] and fully utilized by our platform.
Secure Facilities
Troverlo Platform is fully hosted in secure and certified cloud environments. The physical facilities meet strict security standards and guidelines. The current cloud platform we use is the Azure platform. Its physical security credentials are described in [5].
Observations Posting and Retrieval
All assets tracked are tagged with Troverlo Asset Tags. All asset tracking observations are made by qualified Troverlo Tag Readers, Mobile App, and GON Partner systems by detecting Troverlo Asset Tags attached to an asset. Tag Readers, Mobile App, and GON Partner systems post observations to our Troverlo Platform through RESTful [3] and MQTT interfaces. Each observation posted is strictly identified, authenticated, and authorized.
Identity, Authentication, Authorization
Troverlo issues credentials to Tag Readers, Mobile App, and GON Partners in order to post observations. API keys are associated with tenants in our Troverlo Platform and therefore every observation is always identifiable. When an observation is posted, all API [4] calls are authenticated and authorized by our multi-tenant platform. Troverlo Customer and Partner Portal [4] API utilizes Transport Layer Security (TLS) for authentication. All clients posting observations are authorized through the use of OAuth 2.0 authorization protocol with Role Based Access Controls (RBAC) associated with credentials and tenant account credentials are associated with. Anonymous observations are not supported. Our platform does not store any Personally Identifiable Information (PII).
Encryption
Troverlo Client Observations Restful API [3] and Troverlo Customer and Partner Portal [4] utilize TLS1.2 encryption for observation posting and access to all tenant data.
High Availability and Geo-Redundancy
Third-Party Suppliers
Troverlo may engage with third-party suppliers to provide or maintain portions of our service platform. Prior to contracting with these suppliers, Troverlo conducts an assessment of their security, reliability, and privacy practices to ensure they meet Troverlo Platform standards. Troverlo then continues to monitor these third-parties throughout contract terms and continuously assesses the risk associated with a given third-party.
Regulatory Considerations
Law Enforcement Requests
The customer, as the data owner, is primarily responsible for responding to law enforcement requests that may come from any country where the customer does business. Like other technology, communication, and service delivery entities, Troverlo may receive direct queries from governments and courts around the world about the use of our platform and services. We take measures to protect customers’ privacy and limit excessive requests while also meeting our legal obligations. Respect for the privacy and security of customer and partner data while transiting our network or the data that we collect is our priority as we comply with these legal requests. When we receive a request, our legal teams review it to ensure its legitimacy and adherence to our policies. The request must be made in writing in order for us to comply, signed by an authorized official of the requesting agency, and issued under an appropriate law. We notify customers and partners about requests for their data unless specifically prohibited by law or court order.
US Exports Laws
All Customers and Partners and their personnel are automatically screened against US Exports databases maintained by the US Department of Commerce prior to allowing access. This is done at tenant onboarding time and at each user account creation. Any matches are reported and processed by Troverlo Exports Compliance group. False positives are eliminated while any actual violations are then worked with the customers or partners in question resulting in clearance or denial/suspension of access and service delivery. Troverlo customers and partners are also responsible for their own US Exports Law screening resulting in a multi-layered approach to handling these regulations.
Independent Third-Party Certifications
We are currently evaluating third-party certification options for our entire offering. Parts of our infrastructure and services are already independently certified, e.g. Microsoft Azure [1].
Conclusion
The protection of your data while transiting our Platform as well as management information while it resides within our Platform is a primary design consideration for all of Troverlo Platform infrastructure, products, and operations. When we utilize third-party providers, we only choose providers with an established security culture, products, services, and infrastructure to complement our own, e.g. Microsoft Azure. Security is an integral part of our service and platform and includes operational and information security. Our TLS/SSL encryption, use of established secure services and technologies such as Microsoft Azure, and unmatched investment in security commitment, processes, people, and culture frees you to focus on your applications. We make sure you maintain control over your data and how it is processed, including the assurance that your data is not used for any purpose other than published in our [2].
Useful References
[1] Azure Security Documentation
[2] Troverlo Platform Terms Of Use
[3] Troverlo Observations RESTful Application Programming Interface (API)
[4] Troverlo Customer and Partner Portal
[5] Azure Physical Security Documentation