You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/arduino-cloud/02.features/00.security-considerations/security-considerations.md
+11-6Lines changed: 11 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -10,12 +10,17 @@ author: 'Federico De Meo'
10
10
## Arduino Approach to Security
11
11
12
12
In order to provide secure digital services to customers, we at Arduino are committed to regularly monitor and update our services, applications, and infrastructure.
13
-
14
13
In general, the approach to Security is aligned with Cybersecurity standards such as ISO27001.
15
-
16
-
To ensure the highest level of confidentiality, integrity and availability, Arduino operates under a **shared security responsibility model**. The shared security responsibility model identifies the distinct security responsibilities of the customer and Arduino. In this model:
17
-
***Arduino** is responsible for the security of the cloud infrastructure services provided to customers and the confidentiality of sensitive data.
18
-
***Customers** are responsible for the security of their account, personal access credentials, and for the information they decide to store in the cloud.
14
+
To ensure the highest level of confidentiality, integrity and availability, Arduino operates under a shared security responsibility model. The shared security responsibility model identifies the distinct security responsibilities of the customer and Arduino. In this model:
15
+
***Arduino** is responsible for the security of the cloud infrastructure services provided to customers and the confidentiality of sensitive data. We provide such security via a number of best practices that all employee in Arduino follow and that are described in the following sections of this document; for example, but not limited to the following:
16
+
* We limit as much as possible the level of access that Arduino employees have on customers data.
17
+
* Security and privacy training are conducted regularly to ensure the highest possible level of awareness to Arduino employees.
18
+
* Regular penetration and vulnerability security tests are performed to our infrastructure and services to assess that security practices in place are working as intended.
19
+
***Customers** are responsible for the security of their account, personal access credentials, and for the information they decide to store in the cloud. Arduino recommends to pay particular attention to the following best practices:
20
+
***Strong authentication:** taking advantage of strong authentication can significantly help to improve the security of your Arduino account. Options offered by Arduino Cloud are:
21
+
***Two-step verification:** a second step to verify your identity during login adds an extra layer of protection to your account. Once enabled, you will be asked to provide your regular password and a digit code when logging in. It will be your responsibility to make sure that all relevant data to enter your account when two-step verification is enabled are properly backed up.
22
+
***Social login:** managing multiple accounts with multiple passwords might become problematic, which is why you can choose to login to your Arduino account using a social login that you already own. Via social login you can authenticate to your Arduino account by using your favorite social account without sharing any sensitive login information with Arduino.
23
+
***Confidentiality:** customers should make sure to not incidentally disclose personal information as part of the content they upload (for example when sharing a project or a sketch). While Arduino can protect confidentiality of information that is recognized as such, it can’t protect against information accidentally disclosed by customers inside customer-created content.
19
24
20
25
21
26
## Security and Data Protection Strategy
@@ -37,7 +42,7 @@ Arduino data protection strategy starts by identifying sensitive data that requi
37
42
Security measures are applied to ensure confidentiality and integrity of data:
38
43
***Protection at rest**:
39
44
* PII are stored in databases and the whole database is encrypted using the industry standard AES-256 encryption algorithm.
40
-
* Users’ credentials are hashed using PBKDF2.
45
+
* Users’ credentials are hashed using state of the art hashing algorithms.
41
46
***Protection in transit**:
42
47
* Any Browser-based or API-based communication uses HTTPS protocol secured with TLS.
43
48
* IoT devices are sending data to our cloud using MQTT protocol secured with TLS.
0 commit comments