Security

All systems at Cape are built with security in mind.

The Cape Sensor itself is conceptually similar to a smartphone and is no different to another user on your network, with the same rights and restrictions as they would have. Both the custom hardware and software are built using existing, proven technologies that conform to industry standards.

The Cape Sensor and your network

  • SSL / 256 bit AES encrypted communication with our servers
  • Always kept up-to-date with a robust over the air (OTA) software update system
  • OTA updates secured by token and time based access and verified before install
  • Sensor network stacks are run in complete isolation from each other
  • Sensors do not expose any services to the network
  • Sensor does not require access to any of your network’s control functions or systems; it acts like a regular user and collects data that would be available to anyone normally
  • Sensor network egress can be limited to explicit services for testing without reducing functionality

Unlike other solutions, the Cape Sensor is purpose-built to accurately and securely collect performance metrics from your network.

Cloud-based management and data storage

  • All client/server communications secured with 256 bit AES encrypted SSL
  • Redundant, global, highly available infrastructure
  • Frequent, secure backups made of configurations and databases
  • Built using industry standard services from Amazon Web Services (AWS) and Google Cloud Platform (GCP), taking full advantage of both providers’ tools, network layout, and security recommendations
  • Utilises VPC (virtual private cloud) to minimize attack targets and to provide resource isolation
  • Administrative access to infrastructure is restricted and verified by public keys
  • End user authentication provided by Auth0 (find their security policy here: https://auth0.com/security)
  • Payment gateway and services provided by Recurly and Stripe (find their policies here: https://recurly.com/security/ and here: https://stripe.com/docs/security/stripe)
  • Server images and packages kept up to date with latest patches and releases.
  • DDoS attacks automatically mitigated and protected for by our cloud providers to the best of their ability
  • Customer data is logically separated in our databases and requires authentication checks for every application-level access made to it, effectively isolating it per customer

Our cloud-based infrastructure is designed according to best principles and is largely built directly on Amazon’s AWS platform. Amazon AWS is ISO 27001 and SOC 1 Type II certified. Google’s Cloud Platform is similarly certified for ISO 27001, 27017, and 27018, as well as being SOC 2 Type II certified. You can read more about their policies here: https://cloud.google.com/security/ and here: https://aws.amazon.com/security/