Security

ControlCom Connect keeps your IoT solutions protected by using the highest level of security. Our platform uses industry-standard encryption mechanisms to fully encrypt all data during transit and while at rest. This article provides a detailed overview of how ControlCom Connect provides a secure environment for your devices and applications.

Transport Security

ControlCom Connect provides secure communication through industry-standard transport layer security protocols:

HTTPS

All web traffic and API requests to ControlCom Connect are secured using HTTPS with TLS 1.2+. This ensures that all data transmitted between your applications and our platform is encrypted and protected from eavesdropping and man-in-the-middle attacks.

Key features:

  • TLS 1.2+ encryption for all web traffic
  • Strong cipher suites with forward secrecy
  • Regular security assessments and certificate management
  • HTTP Strict Transport Security (HSTS) implementation

MQTTS

For device communication, ControlCom Connect supports MQTT over TLS (MQTTS), providing secure, encrypted connections for all device data. This ensures that sensitive telemetry data and device commands are protected during transmission.

Key features:

  • TLS-secured MQTT connections
  • Support for QoS levels 0, 1, and 2
  • Last Will and Testament (LWT) support for connection monitoring
  • Configurable keep-alive intervals

API Security Tokens

API access is controlled by JSON Web Tokens (JWT) authentication mechanism. Users create remote API access tokens through the account dashboard. The types of resources available to the token can be individually controlled depending on the needs of the specific API client.

For example, an application that only needs access to view data can generate a token that just grants access to data. This token will not be able to view, edit, or manage any information about workflows or devices. API access tokens can be revoked at any time.

ControlCom Connect does not store the tokens once they are generated; it is up to the user to securely save this information. You cannot recover a token if it is lost. The scope of each token is securely encrypted directly into the token, which is decrypted by ControlCom Connect server-side. This allows our platform to use the token to grant access to resources without having to store any information about the token directly. The benefit of this approach is that access tokens can never be obtained from any data stored on our servers.

Device Secrets and Keys

Mutual TLS Authentication (mTLS)

Devices that communicate using MQTT can leverage Mutual TLS (mTLS) for enhanced security. With mTLS, both the server and the client authenticate each other, ensuring that devices connecting to your ControlCom Connect account are legitimate and authorized.

Each device is provisioned with:

  • A unique client certificate
  • A private key
  • The ControlCom Connect CA certificate

This approach provides significantly stronger security than simple username/password authentication, as it requires possession of cryptographic keys that cannot be easily compromised.

Infrastructure Security

ControlCom Connect is built on Amazon Web Services (AWS), leveraging extensive security infrastructure and compliance certifications. Our platform benefits from AWS's secure data centers, network architecture, and managed services.

Key infrastructure security features include:

  • Network isolation using VPCs, security groups, and NACLs
  • Regular security patching and updates
  • Continuous monitoring and threat detection
  • Data encryption at rest
  • Automated backup and disaster recovery procedures

Multi-Factor Authentication

ControlCom Connect supports multi-factor authentication (MFA) for all user accounts, adding an additional layer of security beyond passwords. When enabled, users must provide a second verification factor from an authentication app when logging in.

Benefits of enabling MFA:

  • Protection against password theft or compromise
  • Reduced risk of unauthorized account access
  • Compliance with security best practices and regulations
  • Audit logging of authentication attempts

Additional Platform Security Features

Audit Logging

All significant actions within the platform are logged with detailed information including the user, timestamp, IP address, and affected resources. These audit logs provide accountability and can be used for security monitoring and compliance purposes.

Regular Security Assessments

ControlCom Connect undergoes regular security assessments, including penetration testing and vulnerability scanning, to identify and address potential security issues before they can be exploited.

Security Best Practices

To maximize the security of your ControlCom Connect implementation, we recommend following these best practices:

  1. Enable MFA for all user accounts
  2. Regularly rotate API tokens and device credentials
  3. Monitor audit logs for suspicious activity
  4. Keep device firmware updated with the latest security patches
  5. Use mTLS for all device connections where possible
  6. Implement network-level security for device connectivity
  7. Regularly review user access and remove accounts that are no longer needed

By following these guidelines and leveraging ControlCom Connect's built-in security features, you can ensure that your IoT solution remains secure and protected against potential threats.

Was this page helpful?