Securing the Internet of Things
Smarter products come with enterprise-grade protection
Smart products and devices securely communicate with EVRYTHNG via our Public Key Infrastructure (PKI) based on Transport Layer Security (TLS) certificates. In addition, token-based authentication with cryptographically strong API keys controls access to any device, application or user. For authorized access from trusted services like Facebook and Google, we use OAUTH 2.0 and for secure access to the EVRYTHNG dashboard, Two-Factor Authentication (2FA).
To protect the integrity of data in transit and at rest, EVRYTHNG uses end-to-end encryption, with multi-layered protection and monitoring. All end point communications are via TLS and for all data stored in the cloud, encryption-at-rest mechanisms are used in combination with strong logical and physical security controls to prevent unauthorized access.
ACCESS CONTROL AND AUTHORIZATION
With complex IoT ecosystems where many entities interact with the same smart product, data access needs to be transparent, multi-tiered and dynamically assigned. The EVRYTHNG Access Control Manager uses a fine-grained permission model enforced via secure API tokens. All requests are logged and granted, based on whether the application or user has the relevant rights to create, read, update or delete the data requested.