Introduction
Troverlo Customers rely on our Troverlo Platform to provide real-time asset tracking capabilities through Wi-Fi asset tag observations posted by our Troverlo Tag Readers, Mobile App, as well as our Global Observation Network (GON) partners. The dependable, low latency and efficient delivery of the observations from the tags associated with customer assets through our reliable service delivery to customers’ systems and users is essential. Troverlo Platform is a secure platform that our customers can rely on to fulfill their asset-tracking needs.
The Troverlo Platform is a multi-tenant platform where all data is separated and protected on a per tenant basis. All partners and customers are tenants within our platform and access to data is strictly controlled both for the human users/employees of the customers and partners as well as the machine interfaces in use by those same customers and partners. The Troverlo Platform is fully hosted in a cloud environment and can operate in any of the major cloud provider’s environments: Microsoft Azure, Amazon Web Services, and Google Cloud Platform. Our platform can also operate in a hybrid cloud environment should the need arise in the future. We are currently utilizing Azure environment for our production platform deployment.
Customer and Partner Access
Troverlo Platform services are managed and accessed by the customers and partners through RESTful [3] and MQTT APIs as well as our web-based Customer and Partner Portal [4] and Android App. Our Portal [4] is owned and managed by Troverlo and hosted in Microsoft Azure Troverlo Platform Cloud Account. Troverlo takes advantage of all Microsoft Azure security features described in [1]. This portal is the only management access that any 3rd party has to Troverlo Platform, its offerings, and Wi-Fi tags and readers. All individual user accounts are held under the user’s enterprise tenant. As such, each tenant organization is first onboarded by Troverlo and required to accept and comply with a service agreement prior to any individual from that organization requesting and obtaining their user account. The tenant account is administered by a registered custodian from the customer or partner organization. Every user is required to accept [2] during initial account creation and required to comply while using the customer and partner portal and throughout the life of the user account.
Troverlo Platform utilizes a flexible privilege model for the Customer and Partner Portal [4] access. All individual user accounts belong to their company/organization and can only access information available to that organization. Users may have Administrator, Manager, or Viewer access. The Viewer access allows users to view the relevant management information related to the assets, tags, subscriptions, and services. The Manager and Administrator access allows for device and service activation in addition to Viewing access. Access is designated and managed by the tenant Administrator for each tenant user account.
Data Privacy
As Troverlo Platform is an extension of our customer infrastructure, partners and customers can rest assured that we are responsible custodians of their data. Troverlo Platform adheres to the privacy policy published in [2].
Troverlo Platform Security
Troverlo Platform has been developed in a secure cloud environment with security in mind from the onset. Troverlo Platform in Azure is backed by Azure security tools and processes. We utilize Microsoft Defender for Cloud [5], previously known as Azure Security Center, to continuously scan and defend against any security issues. Our operational processes constantly address any findings from [5] scans. Our Customer and Partner Portal [4] is hosted using Azure App Services whose security capabilities are identified in [7] and fully utilized by our platform.
Secure Facilities
Troverlo Platform is fully hosted in secure and certified cloud environments. The physical facilities meet strict security standards and guidelines. The current cloud platform we use is the Azure platform. Its physical security credentials are described in [5].
Observations Posting and Retrieval
All assets tracked are tagged with Troverlo Asset Tags. All asset tracking observations are made by qualified Troverlo Tag Readers, Mobile App, and GON Partner systems by detecting Troverlo Asset Tags attached to an asset. Tag Readers, Mobile App, and GON Partner systems post observations to our Troverlo Platform through RESTful [3] and MQTT interfaces. Each observation posted is strictly identified, authenticated, and authorized.
Identity, Authentication, Authorization
Troverlo issues credentials to Tag Readers, Mobile App, Autonomo and GON Partners in order to post observations. API keys are associated with tenants in our Troverlo Platform and therefore every observation is always identifiable. When an observation is posted, all API [4] calls are authenticated and authorized by our multi-tenant platform. Troverlo Customer and Partner Portal [4] API utilizes Transport Layer Security (TLS) for authentication. All clients posting observations are authorized through the use of OAuth 2.0 authorization protocol with Role Based Access Controls (RBAC) associated with credentials and tenant account credentials are associated with. Anonymous observations are not supported. Our platform does not store any Personally Identifiable Information (PII).
Encryption
Troverlo Client Observations Restful API [3] and Troverlo Customer and Partner Portal [4] utilize TLS1.2 encryption for observation posting and access to all tenant data.
Third-Party Suppliers
Troverlo may engage with third-party suppliers to provide or maintain portions of our service platform. Prior to contracting with these suppliers, Troverlo conducts an assessment of their security, reliability, and privacy practices to ensure they meet Troverlo Platform standards. Troverlo then continues to monitor these third-parties throughout contract terms and continuously assesses the risk associated with a given third-party.
Independent Third-Party Certifications
We are currently evaluating third-party certification options for our entire offering. Parts of our infrastructure and services are already independently certified, e.g. Microsoft Azure [1].
Conclusion
The protection of your data while transiting our Platform as well as management information while it resides within our Platform is a primary design consideration for all of Troverlo Platform infrastructure, products, and operations. When we utilize third-party providers, we only choose providers with an established security culture, products, services, and infrastructure to complement our own, e.g. Microsoft Azure. Security is an integral part of our service and platform and includes operational and information security. Our TLS/SSL encryption, use of established secure services and technologies such as Microsoft Azure, and unmatched investment in security commitment, processes, people, and culture frees you to focus on your applications. We make sure you maintain control over your data and how it is processed, including the assurance that your data is not used for any purpose other than published in our [2].
Useful References
[1] Azure Security Documentation
[2] Troverlo Platform Terms Of Use
[3] Troverlo Observations RESTful Application Programming Interface (API)
[4] Troverlo Customer and Partner Portal
[5] Azure Physical Security Documentation