Hardware/sensors setup:
- EU made network components
- Data centers in EU
- VPN
- Karelics controls the data
Data security:
- Every cloud and every robot have own certificate
- All messages sent from the cloud to the robot are signed. When robot gets a message it is checking the signature. Robot won’t execute a command from unknown source.
- All messages sent from the robot to the cloud are signed. When cloud gets a message it is checking the signature.
- All messages sent from the robot to the cloud or from the robot to the cloud are encrypted.
- All binaries transfer traffic is encrypted
- On top of above mentioned encryption we have VPN network which traffic is encrypted too
- Each robot has own VPN subnet and has no access ot another robot, only to limited amount of necessary cloud resources
- Endpoints for robot-2-cloud communication are available only via VPN and not available in the public space
- All photos are going through anonymisation. Original photo without anonymisation is not stored in the cloud
- Karelics cloud uses SSO with 2factor authentication (Google, Azure, Karelics)
- Karelics has roles based permission system in the cloud. Even Karelics employees don’t have access to the data in the cloud unless access is granted by the customer
- Only very limited amount of Karelics employees have access to the cloud storage and database for maintenance reasons
- Internet traffic from on robots is going through Karelics configuration, we exclude unwanted access
