跡客信息安全白皮書
安全原則
安全目標
跡客科技作為工業互聯網解決方案提供商,為工業企業客戶提供端到云的軟硬件產品和云服務,基于工業物聯網、云計算、運籌優化和知識圖譜等技術,幫助工業企業實現生成過程管控和優化以及裝備產品智能化。為保障客戶的網絡和數據安全,跡客科技鄭重承諾:在所有的軟硬件產品和云服務中做到安全第一。為實現安全目標,跡客科技在所有的軟硬件產品和云服務的各層級都部署安全保護措施并實現安全審計能力,在選用第三方云服務時嚴格審查信息安全相關能力。
合規原則
跡客科技以《中華人民共和國網絡安全法》為指導,遵循信息安全和隱私保護相關法律法規,做到在中國境內合規運行。
安全責任
服務商責任
跡客科技為擁有知識產權的軟硬件產品和云服務擔負所有信息安全責任,包括:工業網關的硬件和固件安全;云服務和客戶端軟件的數據傳輸和存儲安全以及隱私保護。跡客云服務所依賴的第三方云平臺安全由第三方云服務商保證,客戶有權選擇跡客支持的第三方云服務商,第三方云服務商必須具備的能力為物聯網服務和云基礎設施。
客戶責任
客戶為自己開發的軟硬件集成產品擔負信息安全責任,保證自己選擇的第三方云服務商的安全審查。客戶需要遵循自己內部信息安全管理制度,正確設置用戶權限,防止用戶密碼泄露并及時注銷無效用戶。
數據安全
數據所有權
客戶對自己產生的數據擁有所有權利,跡客軟硬件產品和云服務為客戶提供數據采集、處理、存儲和查詢操作。出于信息安全管理和系統健康管理需要,跡客會使用自主研發的運維系統監控客戶的安全審計日志和系統運行日志,除此之外,跡客無權在客戶不知情的情況下使用任何客戶所產生的數據。
數據存儲區域
跡客云服務默認的數據存儲區域為:阿里云青島區域和杭州區域。客戶可以根據自身的業務需要來選擇非跡客默認的第三方云服務商和數據存儲區域。
操作審計日志
跡客云服務在管理控制臺提供操作審計日志查詢功能,跡客云服務根據操作安全等級來記錄操作審計日志,記錄規則為:所有涉及到用戶登入登出和密碼修改相關的操作都會記錄審計日志;主要業務對象的增刪改操作都會記錄審計日志;根據客戶的業務需要可選擇是否記錄數據查看的審計日志。客戶操作產生的審計日志默認為永久保存,可根據客戶的請求由跡客運維人員來刪除客戶操作所記錄的審計日志。跡客運維系統會自動偵測有異常可能性的安全審計日志并報警通知跡客運維人員來及時處理和應對。
租戶數據隔離
跡客云服務支持共享型和獨享型多租戶模式,共享型模式基于租戶編號來限制不同租戶的數據訪問,獨享型模式為租戶提供獨立的數據存儲空間來隔離不同租戶的數據。選擇共享型模式時,客戶只允許通過跡客云服務的客戶端或API來訪問自己的數據;選擇獨享型模式時,客戶可以自己控制第三方云服務商的物聯網服務和云基礎設施并保證信息安全,也可以授權跡客運維人員來維護第三方云服務商的物聯網服務和云基礎設施并保證信息安全。無論是共享型模式還是獨享型模式,跡客云服務都會接入跡客運維系統來監控安全審計日志和系統運行日志來保障信息安全管理和系統健康管理。
敏感數據加密
客戶敏感數據會根據需要來加密保存,用戶密碼始終使用哈希算法進行不可逆加密后才會保存到數據庫中,對于需解密的敏感數據,系統支持非對稱加密算法來加密后再保存到數據庫或對象存儲空間中。客戶需要使用非對稱加密算法來加密敏感數據時,可以選擇跡客通用的密鑰對來加密和解密數據,跡客也可以根據客戶業務需要提供技術支持,集成第三方云服務商的KMS服務來提供客戶自己的密鑰對,以滿足客戶對敏感數據加密的需求。
隱私數據保護
涉及到隱私的數據,跡客科技會嚴格遵守法律法規來保護。客戶的個人信息和商業伙伴信息保存在獨立的隱私數據表中,客戶在錄入隱私數據時可選擇是否加密保存,如需支持加密保存,跡客可根據客戶業務需要提供技術支持,集成第三方云服務商的KMS服務來提供客戶自己的密鑰對,以滿足客戶對隱私數據加密的需求。隱私數據的生命周期管理完全由客戶自己在跡客云服務中控制,跡客運維人員不允許在客戶不知情的情況下訪問任何保存在隱私數據表中未脫敏的隱私數據。跡客云服務在訪問隱私數據表時,會根據法律法規要求和客戶業務需要來匿名化隱私數據并記錄數據查看的審計日志。
數據備份和刪除
為防止數據意外丟失,跡客云服務會每天自動備份數據,并保存一周的數據備份文件,一周前的數據備份文件會自動清除。客戶可以通過跡客云服務的客戶端或API來刪除客戶自己產生的數據,系統會標識邏輯刪除和物理刪除,對于因為數據依賴關系而只能邏輯刪除的數據,可根據客戶的請求由跡客運維人員來完成物理刪除。完成物理刪除但依然保存在備份文件中的數據,其備份文件會在一周后自動清除。
終端安全
Web客戶端安全
跡客云服務的Web客戶端代碼會使用混淆器來混淆以避免黑客可以輕松的分析代碼并找尋漏洞,Web客戶端所依賴的開源JS庫只選用廣泛被使用的版本,每月發布Web客戶端新版本時會根據需要來升級所依賴的開源JS庫以免錯過安全補丁。客戶可根據業務需要來集成第三方的多因素認證服務,跡客的默認用戶登錄服務會產生不可猜測生成的登錄令牌,登錄令牌的有效期由跡客云服務控制,Web客戶端會保存該登錄令牌到瀏覽器的本地存儲用于在令牌有效期內合法訪問跡客云服務,Web客戶端提供退出功能來清除臨時保存在瀏覽器本地存儲中的信息并立刻失效登錄令牌。Web客戶端與跡客云服務的通訊全部采用HTTPS,與第三方地圖服務通訊采用HTTPS,與第三方物聯網服務通訊采用支持TLS的MQTT協議。跡客不提供SSL證書服務,跡客云服務默認使用跡客的域名來從第三方簽發SSL證書,如客戶需要為自己的域名簽發SSL證書,客戶需從第三方服務商購買SSL證書。
硬件和固件安全
跡客工業物聯網網關有WiFi和4G版本,分別安裝RTOS系統和Linux系統,在非安全場所部署時推薦使用4G版本以避免網絡入侵。固件代碼為C++編寫并混淆,不可反編譯,固件升級會嚴格校驗文件簽名。跡客為每個工業物聯網網關分配獨立的密鑰對,默認采用軟證書模式,客戶可根據業務需要選配HSM模組來保存私鑰證書。跡客不提供證書服務,需集成第三方云服務商的KMS服務。網關固件與跡客云服務和第三方云服務商提供的物聯網服務通訊時采用雙向證書認證和支持TLS的MQTT協議,固件會定期檢查網關的激活狀態,運維人員可遠程注銷非法的網關。網絡斷開時會緩存數據到網關本地存儲,數據存儲格式為編碼的數據。
云服務安全
物聯網服務
跡客科技不直接提供MQTT接入和時序數據存儲服務,跡客云服務需要集成第三方云服務商的物聯網服務來實現物聯網數據的接入和存儲,物聯網服務的安全責任由第三方云服務商承擔。跡客科技默認集成的物聯網服務由百度智能云提供。
云基礎設施
跡客云服務的所有服務器均采用Linux操作系統,部署在第三方云服務商的云基礎設施之上,云基礎設施的安全責任由第三方云服務商承擔。跡客默認部署的云基礎設施由阿里云提供,并由阿里云提供安全服務,包括:操作系統及軟件的定期漏洞掃描,基線檢查,網絡防火墻,Web應用防火墻,DDoS防護,攻擊分析等。
運營風險管理
內部安全管控
安全第一是跡客產品開發的基本原則,跡客產品團隊在開發過程中會執行威脅建模分析、安全代碼審查、安全測試和權限測試。跡客運維人員會定期學習信息安全知識,監控系統安全審計日志,并根據安全評級來及時應對安全事件報警。
業務連續性
跡客云服務采用原生云架構從技術上保證系統彈性可擴展和自恢復,依賴第三方云服務商的云基礎設施災備服務實現容災,跡客運維人員通過跡客運維系統實時監控系統健康狀況,從而保障系統的可用性滿足SLA。
JIKE Information Security Whitepaper
Security Principles
Security Goals
As an industrial internet solution provider, JIKE offer software and hardware products from edge to cloud. Based on emerging technologies, such as industrial IoT, cloud computing, operational research and knowledge graph, JIKE help industrial customers to optimize production management and digitalize industrial products. To safeguard customers' network and data security, JIKE claim to ensure security first in every software and hardware products. To achieve the security goals, JIKE have deployed security protection countermeasures into all the software and hardware products at all possible layers and implemented audit trail capabilities. Meanwhile, JIKE have strictly checked the information security capabilities of 3rd party cloud service provider.
Compliance Guidelines
JIKE follow the guidelines of China Cyber Security Law and related rules of information security and data privacy protection, guarantee compliance to operate within China.
Security Responsibilities
Responsibilities of Vendors
JIKE take full responsibilities of all the software and hardware products with own intellectual property, include hardware and firmware of industrial gateway, data transmission between cloud services and software clients, data storage encryption and data privacy protection. The dependent 3rd party cloud services will be taken care by 3rd party IaaS and PaaS providers. Customers have the rights to choose the 3rd party IaaS and PaaS providers which are in JIKE's support list.
Responsibilities of Customers
Customers are responsible for their own software and hardware products, and responsible for security check of chosen 3rd party IaaS and PaaS providers. Customers shall follow internal information security guidelines to ensure security management, such as user authorizations, user credentials, deactivate invalid users in time, etc.
Data Security
Rights of Data
Customers have all the rights of their own generated data. JIKE offer customers software and hardware products to collect, process, store and query data. For the sake of information security management and system health monitor, JIKE will use operation services to monitor security audit logs and system runtime logs. Besides the security audit logs and system runtime logs, JIKE has no rights to use any of the customer generated data without notification and agreement with customers.
Data Storage Regions
JIKE's default data storage regions are Aliyun Qingdao and Hangzhou data centers. Customers have the rights to choose data storage region of 3rd party IaaS providers.
Operation Audit Log
JIKE provide cloud management console to query system operation audit log. All the cloud services shall record operation audit log according to security levels, the rules are: all the user login, logout and password change related actions shall be recorded; modifications of important business objects shall be recorded; data read actions can be recorded per customers' request. The audit logs generated by customers' actions in JIKE cloud services shall be stored permanently by default, customers can request JIKE to delete their own audit logs. JIKE Cloud Operation System monitors all the audit logs in backend instantly and will notify JIKE cloud operation team for abnormal security audit logs to deal with potential attacks in time.
Separation of Tenant Data
JIKE multi-tenant cloud services support share model and dedicate model. The share model uses tenant unique ID to restrict cross tenant data access. The dedicate model offers dedicated data storage spaces to isolate data of tenants. When choosing the share model, customers shall use JIKE's software clients and APIs to access their data. When choosing the dedicate model, customers can manage the 3rd party IaaS and PaaS instances and ensure information security on their own or authorize JIKE to maintain the instances. For both share model and dedicate model, JIKE cloud services shall be connected to JIKE Cloud Operation System to monitor security audit logs and system runtime logs to ensure information security management and system health management.
Sensitive Data Encryption
Sensitive data can be encrypt based on customers' requests. Credentials shall be encrypted with one-way encryption hash algorithms before storing into database. For those sensitive data which are required to be decrypted, JIKE cloud services use asymmetric cryptographic algorithm to encrypt data before storing into databases or object storages. When using asymmetric cryptographic algorithm, customers can use JIKE's secret key by default. If customers want to use their own secret keys, JIKE can provide technical support to integrate KMS offered by 3rd party cloud providers.
Privacy Data Protection
JIKE strictly follow the laws to protect privacy data. Personal information and business partners data shall be stored in standalone tables. Customers can choose to encrypt privacy data, JIKE can provide technical support to integrate KMS offered by 3rd party cloud providers. Lifecycle management of privacy data are under customers' full control in all JIKE cloud services. Without customers' acknowledgement, anyone from JIKE are not allowed to access the privacy data which are not desensitized. Per customers' request to process the privacy data in backend, JIKE cloud services shall record the audit logs.
Data Backup and Deletion
To avoid big data loss by accident, JIKE cloud services shall backup data at daily basis and store the backup files for one week. The backup files shall be deleted automatically after one week. Customers can use JIKE software clients and APIs to delete their own data at any time. For the sake of data dependencies and avoid mistaken deletion, JIKE cloud services perform logical deletion by default. Customers can request JIKE to perform physical deletion. The physical deleted data will be stored in the backup files in up to one week and shall be cleaned while the backup files are deleted automatically.
Client Security
Web Client Security
The codes of JIKE web clients shall be obfuscated with code obfuscation tools to avoid code analysis by hackers. Only the widely used open source JavaScript libraries can be included into JIKE web clients. In the monthly releases, JIKE web clients will upgrade to the stable version of open source libraries to avoid missing of security patches. JIKE provide technical support to integrate with 3rd party multi-factor authentication services. By default, JIKE user authentication services generate unguessable logon token and control the expiration of the token. JIKE web clients store the logon token into user browser's local storage to entitle user accesses during the valid period of the token. Once user logout the web clients, the logon token with be invalidated immediately and cleared from user browser's local storage. The communication channels between JIKE web clients and cloud services are all HTTPS or TLS based MQTT. JIKE don't offer SSL certificate issue service, by default, JIKE cloud services will use the SSL certificate issued to JIKE domains by 3rd party vendors. If customers need to use their own certificates, they need to purchase SSL certificated from 3rd party vendors. JIKE provide technical support to deploy customers' certificate and configure customers' own domains.
Hardware and Firmware Security
JIKE industrial gateway support WiFi and 4G networks, RTOS embedded OS and Linux embedded OS. JIKE recommend using 4G network at unsafe place to avoid network intrusion. JIKE firmware code language is C++ and all the codes shall be obfuscated, not possible to be decompiled. JIKE firmware shall check signature before upgrading. JIKE assign key pair for each industrial gateway and store the keys into embedded OS file system by default. Customer can choose to plug HSM chip into the gateway to store private key. JIKE provide technical support to integrate with 3rd party KMS cloud services to install keys into JIKE industrial gateway. Communication between JIKE firmware and IoT cloud services shall be TLS based MQTT with two-way authentication. JIKE firmware shall check its activation status regularly. JIKE cloud operation team can deactivate the illegal gateways remotely. JIKE firmware offers the capability to cache the data upon its memory limit in case of network issue, all the local cached data shall be encoded.
Cloud Security
PaaS
JIKE products integrate with 3rd party IoT connectivity services and time series databases, customer can choose their preferred 3rd party PaaS vendors and perform security check with the vendors.
IaaS
JIKE cloud services can be deployed into Linux servers offered by 3rd party IaaS vendors, customers can choose their preferred 3rd party IaaS vendors and perform security check with the vendors. JIKE system operation team shall perform regular security scan to the servers and upgrade with patches regularly. The security services include OS security scan, libraries security scan, baseline scan, network firewall, web application firewall, DDoS protection, attack analysis.
Operation Risk Management
Security Governance
Security first is the principle of JIKE product development. During product development, JIKE product team shall perform threat modelling, security code review, security tests and authorization tests for monthly releases. JIKE cloud operation team shall take information security training, monitor security audit logs and deal with security incidents in time.
Business Continuity
JIKE cloud services adopt cloud native architecture to ensure system scalability and resilience. Disaster recovery for JIKE servers have been guaranteed by 3rd IaaS vendors. JIKE cloud operation team shall monitor system health logs and deal with system stability incidents in time to ensure SLA.