Answer to common security questions
To gain insights into the security measures implemented in the Eclipse Net platform, we kindly invite you to visit the following
Here are responses to common security questions:
Compliance Certifications: We utilize AWS Cloud services, which comply with various industry standards. For more details, you can refer to AWS Compliance.
Penetration Testing: Yes, we conduct internal penetration tests regularly, either every 3 months or after major releases.
Audits: Internal audits are conducted every 3 months or after major releases.
Data Labeling and Security: AWS data is anonymized, and an AWS IAM Policy is enforced to prevent unauthorized data access.
Data Retention Policies: Customer data is purged when the customer or camera is deleted. Integrators have control over deletion.
Production Data Usage: AWS Virtual Private Cloud (VPC) separates environments, and no on-premise staging environment is used.
Multi-Tenant Data Security: AWS data is anonymized, and AWS IAM Policy prevents unauthorized data access.
Data Loss Prevention: No third-party access to AWS cloud infrastructure; AWS GuardDuty is used.
Data Movement: All data is stored on AWS servers; no data relocation between physical locations occurs.
Security Policy Alignment: Yes, our security policies align with industry standards, including AWS SecurityHub (AWS Compliance).
Third-Party Providers: Yes, we utilize AWS cloud services.
Access Removal: AWS IAM policies are used to ensure timely removal of unnecessary system access.
Access Documentation: AWS CloudTrail and SecurityHub maintain documentation for access granting and approval.
User Access Management: Timely deprovisioning of user access is implemented upon changes in the status of personnel.
Data Encryption at Rest: Yes, AWS encryption is applied at rest. For footage, AWS S3 server-side encryption with AES-256 is used.
Data Encryption in Transit: Yes, secure SSL tunnels (AES-256) are established for data transport in Eclipse Net's PUSH technology.
Vulnerability Scans: Regular network, OS, and application vulnerability scans are performed.
Rapid Patching: Critical vulnerabilities trigger AWS AMI recalls and re-deployment in AWS ECS and serverless infrastructure.
Anti-Malware Programs: AWS WAF, AWS GuardDuty, and other security measures are employed.
Incident Notification: Customers are informed in the event of unauthorized data release.
Security Information and Event Management (SIEM): AWS SecurityHub, AWS Guard Duty, and AWS CloudTrail are used.
Incident Isolation: AWS data is anonymized, and customers can review application logs specific to their data in the Admin panel.
Source Code Access: AWS IAM policy, AWS GuardDuty, and AWS CloudTrail restrict access to source code.
Outsourced Providers: We do not have outsourced providers for our service.
Data Segmentation: Separate, personalized Private Cloud installations ensure data segmentation.
Intellectual Property Protection: We do not store, process, or access customer intellectual property.
Data Location Control: Customers can specify the geographic locations for data traversal.
Incident Response Plan: Our incident response plan complies with industry standards.
Subpoena Compliance: We enforce customer data separation when responding to legal subpoenas.
Litigation Holds: Customers can save video footage clips in the Library for evidence.
Metadata Usage: Customer footage is accessed for event production based on customer-created Alert schedules.
Metadata Creation: No metadata is created through inspection technologies.
Identity Federation: Yes, we support identity federation standards like SAML and OAuth2.
Multifactor Authentication (MFA): Strong MFA options are available for user access.
Admin MFA: AWS IAM policies and MFA are used for administrator access.
SDLC Security: Industry standards and best practices are followed throughout the Software Development Life Cycle (SDLC).
Password Encryption: Passwords are stored using AWS SSM and SecretsManager with AES-256 or relevant AWS ciphers.
Software Supplier Compliance: Software suppliers adhere to industry standards for SDLC security.
User ID/Password Management: AWS IAM and SecretManager are used with mandatory MFA and password requirements.
Risk Assessment Program: We have a risk and compliance program integrated throughout the organization.
Information Security Policies: We have established information security policies approved by management.
Policy Review: Our program and policies are reviewed annually.
Third-Party Management: We leverage AWS Security and Compliance tools.
Employee Background Checks: Background checks on employees are conducted.
Background Check Frequency: Annual or as related to employee status changes.
Change Control Policy: We have a change control or change management program and policy.
Antivirus/Malware Policy: We leverage various AWS security and vulnerability tools.
Data Backups: We utilize AWS snapshot and backup services, with the frequency depending on the service.
Firewall/ACLs: We leverage AWS Detection and Network tools.
Vulnerability Assessments: Regular vulnerability assessments, scans, and penetration tests are performed.
Vulnerability Tests: Internal penetration tests are conducted regularly.
SDLC Security: We follow a formal SDLC process that includes security and privacy by design.
Encryption Tools: AWS Encryption is used and managed.
Incident Management: We use AWS Incident Management services.
BC/DR Policy: We have a documented business continuity and disaster recovery policy.
BC/DR Testing: BC/DR tests are conducted annually or after major infrastructural changes.
Business Impact Analysis: Business Impact Analysis is conducted at least annually.
Regulatory Issues: We have a department responsible for identifying and tracking resolution of regulatory issues.
Privacy Risk Assessments: Regular privacy risk assessments are conducted.
Privacy Complaints/Incidents: We have a formal process for reporting and responding to privacy complaints or incidents.
Privacy Incident Response: A documented response program is in place for addressing privacy incidents.
Privacy Safeguards: We have a privacy program with administrative, technical, and physical safeguards for data protection.
Here are responses to common security questions:
Compliance Certifications: We utilize AWS Cloud services, which comply with various industry standards. For more details, you can refer to AWS Compliance.
Penetration Testing: Yes, we conduct internal penetration tests regularly, either every 3 months or after major releases.
Audits: Internal audits are conducted every 3 months or after major releases.
Data Labeling and Security: AWS data is anonymized, and an AWS IAM Policy is enforced to prevent unauthorized data access.
Data Retention Policies: Customer data is purged when the customer or camera is deleted. Integrators have control over deletion.
Production Data Usage: AWS Virtual Private Cloud (VPC) separates environments, and no on-premise staging environment is used.
Multi-Tenant Data Security: AWS data is anonymized, and AWS IAM Policy prevents unauthorized data access.
Data Loss Prevention: No third-party access to AWS cloud infrastructure; AWS GuardDuty is used.
Data Movement: All data is stored on AWS servers; no data relocation between physical locations occurs.
Security Policy Alignment: Yes, our security policies align with industry standards, including AWS SecurityHub (AWS Compliance).
Third-Party Providers: Yes, we utilize AWS cloud services.
Access Removal: AWS IAM policies are used to ensure timely removal of unnecessary system access.
Access Documentation: AWS CloudTrail and SecurityHub maintain documentation for access granting and approval.
User Access Management: Timely deprovisioning of user access is implemented upon changes in the status of personnel.
Data Encryption at Rest: Yes, AWS encryption is applied at rest. For footage, AWS S3 server-side encryption with AES-256 is used.
Data Encryption in Transit: Yes, secure SSL tunnels (AES-256) are established for data transport in Eclipse Net's PUSH technology.
Vulnerability Scans: Regular network, OS, and application vulnerability scans are performed.
Rapid Patching: Critical vulnerabilities trigger AWS AMI recalls and re-deployment in AWS ECS and serverless infrastructure.
Anti-Malware Programs: AWS WAF, AWS GuardDuty, and other security measures are employed.
Incident Notification: Customers are informed in the event of unauthorized data release.
Security Information and Event Management (SIEM): AWS SecurityHub, AWS Guard Duty, and AWS CloudTrail are used.
Incident Isolation: AWS data is anonymized, and customers can review application logs specific to their data in the Admin panel.
Source Code Access: AWS IAM policy, AWS GuardDuty, and AWS CloudTrail restrict access to source code.
Outsourced Providers: We do not have outsourced providers for our service.
Data Segmentation: Separate, personalized Private Cloud installations ensure data segmentation.
Intellectual Property Protection: We do not store, process, or access customer intellectual property.
Data Location Control: Customers can specify the geographic locations for data traversal.
Incident Response Plan: Our incident response plan complies with industry standards.
Subpoena Compliance: We enforce customer data separation when responding to legal subpoenas.
Litigation Holds: Customers can save video footage clips in the Library for evidence.
Metadata Usage: Customer footage is accessed for event production based on customer-created Alert schedules.
Metadata Creation: No metadata is created through inspection technologies.
Identity Federation: Yes, we support identity federation standards like SAML and OAuth2.
Multifactor Authentication (MFA): Strong MFA options are available for user access.
Admin MFA: AWS IAM policies and MFA are used for administrator access.
SDLC Security: Industry standards and best practices are followed throughout the Software Development Life Cycle (SDLC).
Password Encryption: Passwords are stored using AWS SSM and SecretsManager with AES-256 or relevant AWS ciphers.
Software Supplier Compliance: Software suppliers adhere to industry standards for SDLC security.
User ID/Password Management: AWS IAM and SecretManager are used with mandatory MFA and password requirements.
Risk Assessment Program: We have a risk and compliance program integrated throughout the organization.
Information Security Policies: We have established information security policies approved by management.
Policy Review: Our program and policies are reviewed annually.
Third-Party Management: We leverage AWS Security and Compliance tools.
Employee Background Checks: Background checks on employees are conducted.
Background Check Frequency: Annual or as related to employee status changes.
Change Control Policy: We have a change control or change management program and policy.
Antivirus/Malware Policy: We leverage various AWS security and vulnerability tools.
Data Backups: We utilize AWS snapshot and backup services, with the frequency depending on the service.
Firewall/ACLs: We leverage AWS Detection and Network tools.
Vulnerability Assessments: Regular vulnerability assessments, scans, and penetration tests are performed.
Vulnerability Tests: Internal penetration tests are conducted regularly.
SDLC Security: We follow a formal SDLC process that includes security and privacy by design.
Encryption Tools: AWS Encryption is used and managed.
Incident Management: We use AWS Incident Management services.
BC/DR Policy: We have a documented business continuity and disaster recovery policy.
BC/DR Testing: BC/DR tests are conducted annually or after major infrastructural changes.
Business Impact Analysis: Business Impact Analysis is conducted at least annually.
Regulatory Issues: We have a department responsible for identifying and tracking resolution of regulatory issues.
Privacy Risk Assessments: Regular privacy risk assessments are conducted.
Privacy Complaints/Incidents: We have a formal process for reporting and responding to privacy complaints or incidents.
Privacy Incident Response: A documented response program is in place for addressing privacy incidents.
Privacy Safeguards: We have a privacy program with administrative, technical, and physical safeguards for data protection.
Updated on: 09/26/2023
Thank you!