Security

Tricloud Nexus is designed with a strong emphasis on security, leveraging Microsoft Azure technologies to ensure robust protection across all components. Cloud infrastructure integrates Azure IoT and Azure security fundamentals, providing secure communication and role-based authorization through Microsoft Entra. At the edge, Azure IoT Edge runtime security enhances device and network protection.

Security features - Highlights

IIoT security is a large topic, below is a short list of the most important key technologies supported by Tricloud Nexus:

  • Virtual networking with private endpoints between cloud and edge 

  • Device attestation with either Certificates – X509 / TPM / Symmetric keys 

  • Secure communication between edge and cloud (TLS) 

  • Option for layered edge topology, supporting DMZ and OT zones using gateways 

  • Support for Microsoft IoT defender to mitigate current security risks 

 

More information below for Cloud, Edge and our development processes...

Cloud

The platform is built on Microsoft Azure technologies, including Azure IoT and Azure security fundamentals. Azure IoT enables seamless integration and management of IoT devices, providing robust capabilities for connecting, monitoring, and controlling devices across a wide network. Security is a top priority, with the platform leveraging Azure security fundamentals to ensure data protection and compliance. Azure security fundamentals encompass a range of security practices, including identity and access management, encryption, threat detection, and response. 

 

The platform integrates with virtual networks and supports private communication, ensuring secure data transfer within isolated network environments. Role-based authorization is implemented using Microsoft Entra, formerly known as Azure Active Directory (Azure AD), providing granular access control based on user roles. Authentication is seamlessly integrated with customers' Microsoft Entra for user authentication, ensuring a streamlined and secure access experience. 

 

 

 

Edge

The edge computing component of the platform is based on Azure IoT Edge. Azure IoT Edge runtime extends cloud capabilities to the edge, allowing for local data processing and analysis, reducing latency, and improving responsiveness. Security is paramount, and the Azure IoT Edge runtime ensures that all edge devices are secure and compliant with industry standards. 

 Security at the Edge can be further enhanced by configuring a layered network topology to enhance the security and reliability of edge deployments, and communication between Edge and Cloud can leverage additional encryption layers like VPN. The platform's edge architecture supports a multi-layered security

Software development

The development process follows well-known code review practices, ensuring that all code is getting proper attention in regard to quality and security. DevOps principles are employed to streamline and automate development, integration, testing, and deployment processes, promoting continuous delivery.  

To ensure a high quality code base, static code analysis is performed. The static code analysis scans for the most common OWASP issues that can be detected statically. This ensures that the codebase is regularly scanned for vulnerabilities, helping to identify and mitigate potential security issues early in the development cycle.  

Additionally, third-party software and libraries are analyzed for vulnerabilities in third-party components, providing insights and recommendations for remediation. This comprehensive approach to development and security ensures that the platform remains robust, secure, and reliable.