Proactively protecting your operational network and user privacy across every layer

At VibroSystM, we believe that world-class security isn’t just about adding defenses; it's about fundamentally eliminating risks wherever possible. This principle is the bedrock of the k.on.ect™ platform. This philosophy is applied throughout our solution architecture, from the cloud down to the edge. We've engineered k.on.ect™ to deliver unparalleled insights into your critical assets, confident in a security architecture designed to proactively protect both your operational network and your users' privacy.    

Our primary principle is to avoid all unnecessary risk to your operational environment.

The k.on.ect™ platform is engineered to monitor your critical assets without requiring any connection to your private OT or SCADA networks. By leveraging our private edge deployment and the ZOOMBOX as a secure gateway, our architecture eliminates the inherent risks of integrating with your operational environment. Your most vital systems remain untouched and secure.  

How We Achieve This:

• Isolated Edge Network: k.on.ect™ diagnostics service employs AI and algorithms to independently identify machine operating states, eliminating the need for integration with external systems like SCADA. This unique, patent-pending approach enables the use of an isolated network, segregated from the machine's operational LAN, thereby enhancing security through network segmentation. This isolation restricts unauthorized access and lateral movement within the system.

• Secure Edge Gateway (ZOOMBOX): The central edge computing device, the ZOOMBOX, facilitates secure communication between edge devices and the cloud environment. Crucially, all inbound connections to the edge network are blocked by default. The ZOOMBOX has exclusive control over initiating all outbound communications to the cloud, ensuring your network perimeter remains secure and robust, even with intermittent internet connectivity.
  Proprietary Protocol: To further bolster security, we developed a proprietary communication protocol (patent pending) specifically for cloud connections of critical assets.

We apply this same rigorous philosophy to the handling of personal information

We recognize that storing customer Personal Information (PI) creates significant risk and responsibility. Our platform's core function is to monitor critical assets, not people. We therefore made the deliberate choice to architect our user authentication system so that it does not require the processing or storage of your users' personal data, such as names or email addresses.

Secure, PI-Free Access with Enterprise SSO

To achieve this, we leverage the gold standard for enterprise security: Single Sign-On (SSO) through enterprise federation. This approach ensures security and privacy while putting your team in complete control.

• Authentication Stays With You: We delegate the entire login process to your organization’s trusted Identity Provider (e.g., Microsoft, Okta). Your users authenticate with their familiar corporate credentials on your system, ensuring their passwords are never transmitted to or stored by us.

• Pseudonymous, Non-Personal Identifiers: Upon successful login, your Identity Provider sends our platform a unique, pseudonymous identifier. This secure digital token acts as a passport, confirming the user’s identity and permissions without containing any personal information. This non-personal token is the only user-specific data we need to manage their session. 

• You Retain Full Control: Your IT and security teams retain complete authority over who can access the k.on.ect™ platform. You manage user permissions and can revoke access instantly through your own systems, ensuring your security policies are always the single source of truth. 

Our philosophy is supported by a deep, multi-layered framework that adheres to global best practices.  

Authentication Mechanisms & Zero-Trust Security
VibroSystM leverages mTLS as part of its zero-trust security framework for all device and service-level communications:

• mTLS is used for IoT devices authentication (such as DAQs) on the edge.

• mTLS is involved in edge-to-cloud communications for services authentication.

• mTLS is involved in API security for third-party system integration.

This mutual (two-way) authentication ensures both client and server prove their identity before any data is exchanged, significantly enhancing security over traditional TLS.

Data Security, Confidentiality, Integrity & Availability 

• Data Security: We ensure customer data (metrics) is used for monitoring purposes only. This data is not shared with any third party. Key controls include:

  • 1. Data Encryption: Employing strong encryption standards for data in transit and at rest.

    2. Access Controls: Implementing role-based access control (RBAC) and least privilege access.

    3. Risk Management: Continuously identifying and assessing risks through regular vulnerability scans and penetration testing.

• Data Confidentiality: Access to sensitive information is restricted to authorized individuals through strict authorization and access management processes.

• Data Integrity: Data accuracy and reliability are ensured through measures like data validation checks, version control, and change management processes.

• Data Availability: Redundant systems, failover mechanisms, and a comprehensive disaster recovery plan are implemented to ensure high availability of both services and data.

Cloud Hosting, Monitoring & Controls
k.on.ect™ leverages Google Cloud Platform (GCP) for its robust, secure, and scalable infrastructure. GCP provides comprehensive, built-in security features, including:

• DDoS protection (e.g., Cloud Armor)

• Intrusion Prevention System (IPS) capabilities

• Security monitoring and logging (e.g., Security Command Center)

While GCP ensures the security of the underlying infrastructure, VibroSystM is responsible for securing our applications and data within the platform, maintaining a comprehensive shared security posture.

Management, Compliance & Physical Security

• Framework: VibroSystM adopts the ISO 27001 standard for information security management as a best practice framework and is on its way to obtaining certification. This provides a comprehensive framework for our information security management system (ISMS).

• Human Resources: We conduct thorough background checks and provide regular security awareness training to all employees.

• Physical Security: All physical locations where data is stored are secured with appropriate access controls and environmental protections.

• Compliance: We are committed to compliance with all relevant laws and regulations.