Cybersecurity

Cypress IOT is a cloud-hosted solution that incorporates robust cybersecurity measures to ensure data security, integrity, and user privacy. Below is an overview of the platform's key security features, processes, and standards.

Data Encryption and Communication Security

All communications to and from the Cypress IOT management platform are encrypted using industry-standard protocols, including TLS/SSL. For added security, tunneling options via carriers are available. Direct device access is either encrypted or disabled, ensuring secure and controlled interactions with devices. To further enhance security, devices do not store encryption keys. Instead, these keys are securely stored in a dedicated key vault and rotated every six months to mitigate risks associated with compromised keys.

Firmware Security

Cypress IOT ensures firmware integrity by signing all firmware images with a private key during their creation. Devices validate these images using a secure public key embedded in their systems, which prevents unauthorized or malicious firmware installations. To maintain high quality, Cypress Solutions has an integrated Product Quality Engineering (PQE) team that rigorously tests all new firmware releases. Before deployment, these updates undergo thorough evaluation on internal servers, ensuring that only stable and secure versions reach production environments.

Authentication and Access Control

To safeguard user access, Cypress IOT employs Multi-Factor Authentication (MFA) for both administrators and users. This additional layer of security significantly reduces the risk of unauthorized access. Access to the platform is encrypted and secured over HTTPS connections, while IPSEC tunnels or IP whitelisting provide further protections for data transmissions. Both Cypress IOT and Cypress VUE maintain detailed audit logs, ensuring that all access activities are transparent and traceable. Sensitive information resides exclusively within databases that are isolated from the internet, accessible only via authenticated credentials and within server boundaries.

Intrusion Detection and Prevention

The platform leverages robust security infrastructure for intrusion detection and prevention. To protect against threats, the solution employs Next-Generation Firewalls capable of application-level inspection and full-stack visibility, safeguarding EC2 instances from potential attacks. Advanced endpoint detection and response solutions provide additional protection by monitoring system-level activities and responding rapidly to any detected malware or intrusions.

Data Integrity and Recovery

To ensure data integrity, all database data at rest are encrypted using the AES-256 encryption standard. This encryption extends to backups, snapshots, and automated processes, providing comprehensive protection. The platform has established a Recovery Time Objective (RTO) of four hours and a Recovery Point Objective (RPO) of 24 hours, ensuring minimal disruption in case of an incident. Backup storage is encrypted to guarantee data resilience against breaches or physical damage.

Operational Security

Cypress Solutions maintains a proactive approach to operational security. Operating systems are updated and scanned on a monthly basis to address emerging vulnerabilities. Security assessments adhere to OWASP guidelines, ensuring that all potential risks are identified and mitigated effectively.

Compliance and Assurance

Cypress IOT aligns with globally recognized compliance standards, including SOC 1/ISAE 3402, SOC 2, SOC 3, FISMA, DIACAP, FedRAMP, PCI DSS Level 1, ISO 9001, ISO 27001, ISO 27017, and ISO 27018. Cypress Solutions further enhances platform security by incorporating code peer reviews and Continuous Integration (CI) practices, ensuring robust testing throughout the software lifecycle.

De-Provisioning and Account Security

When user or admin accounts are de-provisioned, all associated access is promptly removed to ensure no residual permissions remain. Similarly, company profiles, including attached devices and historical data, are securely deleted. Any network-level whitelisting linked to these profiles is also revoked, ensuring a clean and secure deactivation process.

Customer Notifications and Release Notes

For significant updates, Cypress Solutions ensures customers are notified in advance and provided with comprehensive release notes. If updates introduce major changes to the web UI or application features, training is offered to ensure users can fully leverage the new functionalities.

Scalability and Performance

Cypress IOT supports an unlimited number of concurrent users, with performance limited only by available bandwidth. For seamless integration with enterprise systems, the platform supports identity federation solutions, enabling integration with customer Active Directories.

Commitment to Security Policy

Cypress Solutions reviews its security policies annually, ensuring alignment with the latest cybersecurity standards and best practices. While customers may request security-related information, decisions on sharing this information are made with privacy considerations in mind. With a robust infrastructure and a stringent internal security protocols, Cypress IOT delivers a secure, reliable, and scalable device management platform.