Learn how to improve safety in the office or classroom with digital signage. Download our free eBooks for work and for education.

Information Security Notice

4 min read

September, 2021

Data protection

Introduction

The Airtame Cloud platform is only accessible using HTTPS on TLS 1.2. Likewise, Airtame’s infrastructure uses encryption methodologies whenever our infrastructure components need to communicate with each other via public networks. Internal infrastructure traffic will always be routed through an internal and secure channel and firewalls are deployed between the sites to filter traffic accordingly.
User passwords are salted and hashed using bcrypt. Likewise, customer information is stored in our production database, which is encrypted using AES-256.

Airtame Cloud

The Airtame Cloud solution is hosted on Amazon Web Services for a secure, reliable, and scalable solution, specifically in Frankfurt, Germany. AWS is a multi-certified datacenter provider, including ISO 27001:2013 and SOC 1, 2 and 3 reports. Further information about AWS security posture can be found on their website.

All communication between a user’s device, the cloud platform, and Airtame devices are encrypted, as a minimum, with TLS 1.2 (Transport Layer Security). Communication between the Airtame device and Airtame Cloud uses standard WebSocket communication established by the device.

Airtame Cloud Blueprint

If you want to know more about how to securely integrate your Airtames into your network, check out our most recommended setup.

Airtame devices

Note that the Airtame devices don’t route streams via the Internet and do not in any way capture or send streaming information, so you can be sure that the video feed of your screen never leaves your network. Likewise, the stream itself is encrypted by your own WiFi network, which means that an attacker would first need to hack into your network and also reverse engineer Airtame’s Streaming protocol before they could see anything.

Digital signage feature

For those users wanting to use the “Screens” feature where one can get an overview of their Airtames’ home screens, there are some additional facts to layout about what happens with the images captured of a device’s home screen:

  • Images are only sent to cloud accounts that have enabled one of the digital signage apps.
  • You can disable sharing images of a device’s home screen per device.
  • The images are stored in AWS.
  • Each image sent is stored for one minute and then deleted permanently.

More details about how Airtame protects your information, including our PIN code feature or how physical security was taken into consideration, can be found in the following article.

User management

The customer is responsible for user management within the Airtame platform. Access roles and rights within the application are predefined. Airtame cloud has 6 levels of user roles: Owner, Administrator, Content manager, Device and content manager, Moderator and User. There can only be one owner of an organization who holds exclusive rights to delete the organization account, once all other users have been deleted, as well as the ability to move account ownership. The administrator role gives full access to all functionality of Airtame Cloud, including being able to invite new users and edit user roles. An administrator can’t delete users, so the Cloud Owner is the only one who can delete other user’s accounts if they leave the company. In case something happens to the Cloud Owner, the customer can contact Airtame Support which can escalate this internally to manually change the Cloud Owner when needed.

You will always have the opportunity to enable SSO via OAuth 2.0 authorization protocol, currently available just through Google and Microsoft accounts. This way, you and your users won’t need to remember any extra password but use the same account you are already using within your organization.

Security awareness

Prior to employment, candidates will be assessed and checked on their background, considering the position they will hold and the applicable law and regulations. Employees will be made aware of security threats and best practices during onboarding as well as on an ongoing basis, including our internal monthly events. All employees are required to sign a Confidentiality Agreement included in their contract as a condition of employment.

Network and host protection

To ensure the protection of information within our network, a 2nd generation firewall is installed with Deep Packet Inspection (DPI). Likewise, Intrusion Detection Systems are running to detect any anomaly so the team can take action, together with the AWS Web Application Firewall that protects our platform.

On the other hand, Airtame uses industry standard endpoint protection which relies on signature and heuristic detection.

Logging

Several kinds of logs are used to troubleshoot and monitor Airtame Cloud platform and applications for abnormal functional patterns, suspicious behavior and other activities that might result in non-compliances with the current Information Security Policy and/or existing legislation.

Likewise, if you need to troubleshoot either your Airtame devices or your Airtame application, you can always access their logs following the guides available on our Support center.

Vulnerability management

This process is consistently implemented within all phases of development. To continuously assure a reliable and secure product for our customers and partners, Airtame has its both cloud platform and devices tested for security vulnerabilities internally. This is done through quality checks, peer reviews and ‘bug hunting’ sessions, where our team of developers and quality engineers try out the new features to discover if the application or the products are not responding as they should before each release.

Likewise, security scans are also performed through automated and manual source code analysis during each build in the CI/CD pipeline, which helps to detect potential security defects in code prior to production release. Our Cloud platform is also scanned daily for vulnerabilities.

Reports of our vulnerability management program cannot be shared due to confidential reasons. If you are interested in reporting a potential vulnerability, please visit our Vulnerability Disclosure Policy.