Introduction

The following security statement, around data security, is our way of transparently explaining how we securely collect, store, manage and present your data so that we may earn and retain your digital trust. The safety and security of your data is our top priority. As an established leader and provider of industrial software, we recognize that your industrial data demands a more stringent cybersecurity posture and a higher set of operating standards compared to other information domains.

Data Security

Data at Rest

All sensitive customer data is encrypted, logically segregated and segmented in a multi-tenant architecture. These measures offer the best assurances that customer data is safe from unauthorized access and limit the risk of data being compromised in any meaningful manner while protecting the privacy, control and autonomy of each customers’ data independently from any other.

Data in Motion

We continue to work with respected third-party professional application security monitoring and assessment experts on a regular and periodic basis in an effort to proactively identify any potential vulnerabilities so that we can quickly address those concerns and stay current with the ever changing cybersecurity landscape.

Application Security

Protecting and defending your data across people, process and technology. Identity and Access Management (IAM)

Authentication

By default, customers sign-up, register and authenticate their account directly through our application API or web portal based on the OpenID Connect (OIDC) authentication layer on top of the OAuth 2.0 authorization framework.

For enterprise customers, Single-Sign-On (SSO) and federated identity access integrations are available with a customer’s existing IAM implementation.

We enforce a level of password complexity during sign-up and registration to promote secure credentials. We verify account ownership during registration and for password resets to ensure the request is from an authentic source.

Authorization

Customers have complete and granular control over who they chose to allow to have visibility and access to various elements of their data in the ZAHARA Insight service. At any time, customers can add, modify and remove users from their account as well as immediately revoke any access by any user at their discretion by contacting support@zaharacompanies.com.

Account Management

Customers have complete and granular control over who they chose to allow to have visibility and access to various elements of their data in the ZAHARA Insight service. At any time, customers can add, modify and remove users from their account as well as immediately revoke any access by any user at their discretion by contacting support@zaharacompanies.com. Customers can control and manage saved content including dashboards, keywords, data point (tag) metadata, ad-hoc charts and visualizations by contacting support@zaharacompanies.com.

API Access

ZAHARA Insight offers a set of REST based APIs that are secured using SSL/TLS encryption, that require proper and valid parametrization to limit scope and that require a level of authorization beyond the default standard user permissions.

External Security Audits

We continue to work with respected third-party professional application security monitoring and assessment experts on a regular and periodic basis in an effort to proactively identify any potential vulnerabilities so that we can quickly address those concerns and stay current with the ever changing cybersecurity landscape.

Continuous Monitoring and Security Assessments

We have in place various proactive monitoring and active security policies and procedures to identify abnormal behavior, catch anomalous activity, detect and isolate suspicious activity against or within our online solution. Examples include limitations on authentication requests, location based risk evaluations, size and growth of user activity, failed authentications, API rate requests and more.

Availability

ZAHARA Insight is designed to be a highly secure, scalable, robust and resilient managed service deployed across data centers in multiple locations.

Insight benefits from a highly committed team of people who continue to release non-disruptive updates on a frequent and consistent basis to maintain and elevate both the security and functionality of the offering.

Ensuring continued availability of our offering is outlined in our service level agreement (SLA) which can be referenced via our legal resources.

We believe in being as transparent as possible around the availability of our service and therefore encourage you to subscribe to our service dashboard to be proactively notified about any planned maintenance periods or unexpected disruptions.

For a complete list of our existing terms and conditions governing our cloud service, please visit our legal page.

To stay current on all recent activity surround our service, subscribe to our blog.

Policy On Customer Data Access for Support

As Insight is a cloud hosted service, collaboration with technical support to troubleshoot and diagnose issues are now easier, more direct and faster than ever. Having said that, we’ve ensured that the entire interaction with our support personnel, including scope, duration and permissions are wholly under your control and are highly secure to respect your data privacy rights outlined in the Insight set of terms and conditions and data privacy policy.

Protect Your Critical Data


We’re committed to earning your trust and helping you bring your bold ideas to life.