Sécurité

Mise en route

👋🏻À propos de Hiboo

Premiers pas

FAQ

Concepts clés

‣

Votre parc matériel

‣

Vos zones

‣

Vos rapports

‣

Vos alertes

‣

Org Admin

Guides des intégrations

Intro à intégrations

Ajouter une source

Gérer les intégrations

Catalogue des sources

Hiboo hardware

Avancés

Partage

APIs

Extra

Les nouveautés sur Hiboo app

Sécurité ⚖️Légal

Beta

👋🏻

Soyez les bienvenus sur notre centre d’assistance. Vous constaterez que la peinture est encore un peu fraîche. Nous avons traduit une bonne partie des articles, mais nous avons encore du travail à faire. Ne vous étonnez donc pas de tomber sur des passages encore en anglais. Merci pour votre patience !

Sécurité

👋

We care about security. If you have any questions, or encounter any issues, please contact us.

Product Security

Product security is of paramount importance at Hiboo. We use a software development lifecycle in line with general Agile principles. When security effort is applied throughout the Agile release cycle, security oriented software defects are able to be discovered and addressed more rapidly than in longer release cycle development methodologies. Software patches are released on an on-going basis as part of our continuous integration and continuous deployment process.

Thanks to our continuous integration, we are able to respond rapidly to both functional and security issues. Change management policies and procedures determine when and how changes occur. We are able to achieve extremely short mean time to resolution for security vulnerabilities and functional issues.

Physical Security

Cloud

Our infrastructure is hosted in Cloud Service Provider (CSP) environments. Physical and environmental security related controls including buildings, locks or keys used on doors, are managed by these CSP’s.

Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff. Authorized staff must pass two-factor authentication a minimum of two times to access data center floors.

AWS Shared Responsibility Model

We are using Heroku, a Salesforce Company, to host our servers. Heroku uses itself Amazon Web Services (AWS). This allows Hiboo to benefits from the experience of those successful companies in security best practices.

For more information, please check Heroku Security Policy.

IoT, Hardware and Network

Security and IoT are compatible and they are our priority. We work with hand-picked partners to provide telematics devices when equipment are not natively connected.

Some of our partners works with Sigfox network. Thanks to Sigfox dedication to security, our users benefit of data protection in motion via measures built in the protocol (authentication, integrity, encryption, anti-replay, anti-jamming) data protection at rest via cryptographic storage of data and credentials in devices, base stations, and Sigfox Core Network.

For more information, please check Sigfox Security Policy.

Data Protection

Authentication and Access Management

All requests to the Hiboo Servers must be authenticated and data access is restricted.

We work in close relationship with manufacturers and data providers to ensure that security best practices are enforced and that our data exchanges are secured.

Protection of Customer Data

Data submitted to our service by authorized users is considered confidential. This data is protected in transit across public networks. Customer Data is not authorized to exit the Hiboo environment, except in limited circumstances such as in support of a customer request.

All data transmitted between Hiboo and Hiboo users is protected using Transport Layer Security (TLS) and HyperText Transfer Protocol Secure (HTTPS).

Customer Data currently resides in the European Union and primarily in Ireland and Germany.

Hiboo monitors critical infrastructure for security related events by using both open source and commercial technologies.

Backup

Here is the policy regarding data encryption and backup:

All production plans (Standard, Premium, Private and Shield) are encrypted at rest with AES-256, block-level storage encryption. Keys are managed by Amazon, and individual volume keys are stable for the lifetime of the volume. You can find more detail about EBS encryption here. All backup files that are taken using Heroku PGBackups are stored in an encrypted S3 bucket in the US region. Data — and any changes made to the database — are continuously and automatically backed up over the last 4 days and a weekly backup kept for a month

Heroku Postgres Production Tier Technical Characterization

The information in this document is subject to change as Heroku adapts the service to better handle customer database workloads. Heroku Postgres plans offer different performance characteristics based on their CPU, RAM, and I/O architectures. This article provides a technical description of the implementation of these production plans, along with important performance characteristics for each plan.

devcenter.heroku.com

Heroku Postgres Production Tier Technical Characterization

OWASP Top 10

📁OWASP Top 10 (1)

Report an issue

Disclosure

If you believe you’ve discovered a bug in Hiboo's security, please get in touch at security@hiboo.io and we will get back to you within 24 hours, and usually earlier.

← Previous

Release notes

Legal

Sur cette page

Sécurité
Product Security
Physical Security
Cloud
IoT, Hardware and Network
Data Protection
Authentication and Access Management
Protection of Customer Data
Backup
OWASP Top 10
Report an issue
Disclosure