Cloud hosted SaaS solution that provides DDoS and PDoS mitigation through double abstraction of source and consumer. Brokered interactions between data and controls using FinTech-level security. Use oursolution Iotic Secure to deploy IoT devices securely in your business, reduce the risk of network incursions, and identify, mitigate, and isolate threats.
- Digital Twin of source and consumer
- Brokered interaction between data and controls
- Interoperability across Data Estate
- Technology Agnositic
- Scalable horizontal architecture
- Future flexible - additive adaptive architecture
- Enhance productivity - single intergration and mutltiple reuse
- Flexible - use what you have. Technology agnositic
- Secure - FinTech level security.
£1295 per licence per month
Standard service offering requires users to have
1. Basic knowledge of the Python Language
2. Comfortable using the command line interface in Linux, Mac or Windows
3. Some familiarity with network configurations
|System requirements||User requires command line access in Linux, Mac or Windows|
|Email or online ticketing support||Yes, at extra cost|
|Support response times||Response times are linked to Service Level Agreements and Support Contracts ranging from 24 hrs to 30 minutes dependent on level of service and support required.|
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||None or don’t know|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Standard Support - UK business hours Monday to Friday
Response time 1hr
Enhanced Support can be provided based on requirement cost based on requirement.
Technical Account Mangers are available at cost
|Support available to third parties||Yes|
Onboarding and offboarding
Onsite onboarding workshop available (standard 3hrs for 6 users)
Extensive user documentation and examples (available through GitHub and open community developer portal (https://developer.iotic-labs.com)
Online training is not currently provided directly - courses are available from (ISC)2
( https://enroll.isc2.org/product?catalog=IOT-SEC-IOT-NET ) - CPEs available
|End-of-contract data extraction||Very little data is stored within the environment however users can at any stage follow and write stream into a database/store of their chosing.|
Service is provided as SaaS. At end of contract service access is withdrawn.
Usage and monitoring and reporting can be provided at additional cost.
Using the service
|Web browser interface||Yes|
|Using the web interface||
Once set up Users can access their private Iotic space to access connected devices, manage interactions between data and controls.
Only approved users, with agent credentials can make changes and add additional IoT devices.
Network gateway configuration is not possible through the web interface.
|Web interface accessibility standard||None or don’t know|
|How the web interface is accessible||All visual interface actions and behaviours are possible in code using accessible code libraries and standard code interfaces.|
|Web interface accessibility testing||
Web interface was tested against RNIB guidelines.
Code interface alternative tested using voice only command interface.
|What users can and can't do using the API||
API is intergration process.
Service is not set up or amended via API
API drives interaction only.
|API automation tools||Other|
|API documentation formats||
|Command line interface||Yes|
|Command line interface compatibility||
|Using the command line interface||
All interactions and behaviours are possible through command line interface
User profiles and user management are not possible through command line.
|Independence of resources||
Horizontally scalable architecture and discrete user instances enable load balancing and extensible usage.
Usage and access throttling controlled by system administrators where necessary.
|Infrastructure or application metrics||Yes|
|Reporting types||Reports on request|
|Supplier type||Not a reseller|
|Staff security clearance||Staff screening not performed|
|Government security clearance||Up to Baseline Personnel Security Standard (BPSS)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||In-house|
|Protecting data at rest||Other|
|Other data at rest protection approach||
Data at rest are not encrypted (deliberately) as:
Each component that accesses the data only has minimal privileges on that data (e.g. can't do a database dump)
Each component has its own userid and password (stored in the Ansible Vault)
Database servers are only accessible via the AWS VPC (needing another public-private key-pair)
Backups are encrypted and sent to another physical location (Frankfurt) and stored on Amazon S3
|Data sanitisation process||No|
|Equipment disposal approach||In-house destruction process|
Backup and recovery
|Backup and recovery||Yes|
|Backup controls||User can control back up of locally hosted applications|
|Datacentre setup||Multiple datacentres|
|Scheduling backups||Supplier controls the whole backup schedule|
|Backup recovery||Users contact the support team|
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
|Guaranteed availability||Standard provision of service is based on 3rd Party hosted service from Amazon Web Services (https://aws.amazon.com/agreement/)|
|Approach to resilience||Available on request.|
Where dedicated service has been selected Technical Account Manager will match customer requirement.
Dashboard can be made available on request.
Identity and authentication
|Access restrictions in management interfaces and support channels||
We use public-private key-pairs. Each Iotic-labs developer requires 3 pairs to gain access to the servers, the VPC and the password vaults
All system passwords follow standard format and pass the Unix systems "Cracklib" password checker.
All system passwords are encrypted using AES256 and stored in Ansible vaults, accessed using a 100-character password. The password is encrypted using GPG (only accessible using the developers' public-private key-pair). The Ansible control host, where the vaults are kept, is turned off normally.
User passwords are hashed using https://github.com/roots/wp-password-bcrypt. Password change/length/etc policies on space website(s) are in the Clients' control
|Access restriction testing frequency||At least once a year|
|Management access authentication||Other|
|Devices users manage the service through||
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||No|
|Security governance approach||
We link security activities to your organisation’s goals and priorities
We have identified the individuals, at all levels, who are responsible for making security decisions and empower them to do so
ensure accountability for decisions
ensure that feedback is provided to decision-makers on the impact of their choices
Security is a priority sits alongside other business priorities, such as health and safety, or financial governance.
|Information security policies and processes||
Internal review and management from Board, Senior Management Team and individuals.
A small team organisation reporting is direct from individual to SMT to CEO and board.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
Change control process
Identify, Track, Define Accountability, Update Library (including GitHub public and private document development), Release to staging test, review, Release to production.
Audit against project manger requirements.
|Vulnerability management type||Undisclosed|
|Vulnerability management approach||Available on request|
|Protective monitoring type||Undisclosed|
|Protective monitoring approach||Available on Request|
|Incident management type||Undisclosed|
|Incident management approach||Available on Request subject to service requirements and usage.|
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Separation between users
|Virtualisation technology used to keep applications and users sharing the same infrastructure apart||No|
|Price||£1295 per licence per month|
|Discount for educational organisations||No|
|Free trial available||Yes|
|Description of free trial||
Just Start 3 Month Free Trial
500 private feeds or controls
60 shares per feed per hour
2,000 public feeds or controls
*subject to fair usage policy
|Link to free trial||https://developer.iotic-labs.com/|
|Pricing document||View uploaded document|
|Terms and conditions document||View uploaded document|