Security | Kaiterra

Device Security

Kaiterra prioritizes the security of the physical devices to safeguard against tampering and unauthorized access.

01 Durable Design Devices are engineered with durability in mind, ensuring resilience against physical tampering or damage.

02 Separate Cloud Backups Device data is maintained within two separate cloud backups that are regularly tested.

03 Firmware Updates Regular firmware updates are provided to address security vulnerabilities and enhance device performance.

04 Penetration Testing Kaiterra devices are regularly subjected to 3rd party penetration tests.

Secure Communications

At Kaiterra, we prioritize the security of data during transit, ensuring that your information remains confidential and protected.

01 Outbound Connections Only Kaiterra devices, once configured, do not accept incoming network connections. All communication occurs via outbound connections, enhancing security by minimizing potential attack vectors.

02 API Communication Device requests to Kaiterra’s API for configuration and firmware updates occur over TLS 1.2, maintaining a secure channel for over-the-air (OTA) updates. Requests are signed by Kaiterra and verified by the device.

03 TLS Encryption Once connected to the internet, Kaiterra devices encrypt all data in transit using TLS connections, ensuring end-to-end security. Customers have the option to send data to their own MQTT broker, either on-prem or internet-connected, optionally protected with mutual TLS authentication.

Cloud Security

Kaiterra implements robust measures to ensure the integrity and confidentiality of data stored in the cloud, safeguarding against cyber threats and unauthorized access.

01 Cloud Managed Our cloud infrastructure is fully managed by Kaiterra, ensuring that security patches and updates are promptly applied to protect against emerging threats and vulnerabilities.

02 Regular Penetration Testing Our cloud infrastructure undergoes regular penetration testing conducted by independent security experts to identify and address potential security weaknesses, ensuring continuous protection against evolving threats.

03 Role-Based Access Control Access to cloud resources is strictly controlled through role-based access control mechanisms, ensuring that users only have access to the data and capabilities necessary for their roles within the organization.

04 Encryption at Rest Data stored in our cloud servers is encrypted at rest using industry-standard encryption algorithms, providing an additional layer of security against unauthorized access.

05 Enhanced Audit Logs Comprehensive audit logs are maintained for all user activities within our cloud platform, providing detailed records of access attempts, configuration changes, and other security-related events for accountability and forensic analysis.

Account Security

Security measures are implemented at every level to protect user accounts and ensure seamless and secure access to the Kaiterra Web App.

01 Single Sign-On (SSO) Kaiterra supports SSO, allowing customers to authenticate with their existing systems without the need for Kaiterra-specific credentials.

02 Two-Factor Authentication (2FA) For added security, customers have the option to enable 2FA, providing an additional layer of protection.

03 User Access Administration Control access to your portfolio on a building or campus basis. Users can be assigned different roles such as administrator, installer, or viewer to allow for granular permission control.

04 Password Complexity Industry-standard password complexity requirements are enforced to enhance the strength of user passwords.

05 Scrypt with Unique Salts Following the latest industry-standard practice, credentials are hashed using scrypt with unique salts before storage.

06 Triggered Password Resetting SSO identity provider administrators are able to trigger a password reset, ensuring continuous security.

API Authentication

Kaiterra’s API is designed with robust authentication mechanisms to ensure secure access and data consumption.

01 API Keys or Token Authentication Access to Kaiterra’s API requires API keys or token authentication, providing a secure means to consume air quality data.

02 HTTPS Requirement All API requests must be made over HTTPS, adding an extra layer of encryption to safeguard data during transmission.