A data chain can present vulnerabilities at any level. At Superwyze, we ensure the highest level of cybersecurity from our sensors to our servers:
- The sensors transmit a physical quantity, their identity, and the time of measurement. This data is fully encrypted with 256-bit encryption before being sent to a gateway (the highest level of encryption available in IoT). Considering the ultra-low signal power, laboratory tests have shown that the sensor message is not only impossible to interpret but also blends into the ambient radio noise, making it practically inaudible.
- The receiving gateways do not contain any decryption keys whatsoever. Furthermore, in the event of intentional or unintentional disconnection, the range of the sensors is such that we ensure at minimum another gateway receives and routes the signal (at least 4 in applications involving object localization). Finally, any disconnection of a gateway is automatically reported to us remotely.
- The encrypted data is transferred to a “trusted third-party” server that contains half of the decryption key. The decryption server is located in Europe and only processes messages from our gateways. It may occasionally be temporarily interrupted in case of a denial-of-service attack (i.e., excessive external requests), but the encrypted messages are instantly queued and never lost.
- The data is then duplicated on two OVH servers located in France, at separate distant locations. At this stage, the data cannot be associated with any client site or physical object. In other words, they have no meaning or value.
- As for the application, like the data, it is protected by OVH on servers certified ISO/IEC 27001, 27017 and 27018. These servers are compatible with health data and are not subject to any legal obligations in the United States.
- At the end of the chain, the application is made available by our servers on your terminals via a secure page. The usernames and passwords are secured by this page and a reputable authentication system, capable of employing multi-factor double validation (ex : SMS on mobile)
In addition to the extreme resilience of our system, it has the advantage of being completely isolated from our customers’ systems. In other words, an attack at a client’s site has absolutely no impact on our data chain, except for access to the user web page in case of internet service interruption. Furthermore, we can offer temporary remote access via cellular network, accessible from any device, which allows for cutting the final link with the client’s infrastructure in case of necessity until their internet services are restored.
