Skip to main content

Security

Introduction

In the current digital era, the security of sensitive data and systems is crucial for businesses in all industries. Our product integrates advanced security measures to safeguard the integrity, confidentiality, and availability of our clients' data. Leveraging Microsoft Azure's cloud security—backed by a $1 billion annual investment—ensures top-tier cybersecurity.

Key Security Features

Azure Entra ID

Azure Entra ID, formerly named Azure Active Directory, plays a pivotal role in our comprehensive security and compliance framework. It provides a robust platform for managing user identities, access permissions, and security policies across cloud environments, significantly reducing security risks and ensuring adherence to regulatory compliance standards. With features like secure sign-on, multi-factor authentication (MFA), conditional access policies, and integrated threat detection, Azure Entra ID fortifies our system against unauthorized access and enhances our overall security posture.

Multi-Factor Authentication (MFA)

Through Azure Entra ID, our product supports Multi-Factor Authentication (MFA), requiring two or more verification methods for accessing resources. MFA significantly lowers the risk of unauthorized access by combining knowledge-based (password) and possession-based (phone or hardware token) verification methods, even if login credentials are compromised.

Integration with Customer's Azure Entra ID or Active Directory

Understanding the need for seamless integration with existing IT infrastructures, our product is designed to connect with customer's Azure Entra ID service. This allows centralized customer control over user access and permissions. And if customers do not have Azure setup and are using on-premises Active Directory, there are several options for integrating on-premises Active Directory with Azure to extend on-premises identity governance and protection mechanisms to our cloud-based solution.

While the integration with a customer's Azure Entra ID is supported out of the box, this is an optional capability and is not required.

Best Practices for Deployment and User Access Control

  1. Regularly Update Security Settings: Stay current with the latest security updates and governance policies.
  2. Implement Strong Access Policies: Use Azure Entra ID's conditional access policies to set restrictions based on user location, device state, and risk level.
  3. Audit and Monitor Access Logs: Frequently review access logs and reports from Azure Entra ID to identify and address suspicious activities promptly.
  4. Leverage MFA: Activate MFA for all users to drastically reduce the likelihood of unauthorized access.
  5. Customize Access Control: Utilize your Azure Entra ID to fine-tune access controls and permissions in line with your organizational policies and requirements.

Connecting to On-premises Data

For on-premises data connections, like the PI System, Irys adheres to industry-leading practices to secure data transmission:

  1. Outbound-Only Connection - By establishing an outbound connection to the Irys Hub via a websocket over SSL/TLS, the need for opening inbound ports on the firewall is eliminated, significantly reducing potential attack vectors.
  2. OAuth Authentication - Utilizes OAuth 2.0 for client-client credential flow, ensuring that only authorized devices can communicate with Irys Hub. This authentication mechanism is an industry-standard protocol, offering robust security features for the protection of sensitive operational data.
  3. Data Encryption - All data transmitted between the PI System and Irys Hub is encrypted, ensuring that sensitive information remains confidential and secure from unauthorized access.