There are many benefits to having your security systems hosted in the cloud rather than on a local server, including convenience, flexibility, and cost savings. However, your data is only as secure as your provider’s system. Ideally, you want a product that offers both the latest technology and the strict security measures. Without the proper processes and safeguards in place on the provider side, customers’ data may be left up for grabs, and their systems remain vulnerable, regardless of how advanced the technology may appear. This is the last thing anybody wants when it comes to their security system, which is why Openpath takes security very seriously.
Openpath takes extra steps to protect our customers and their data, including a number of processes and technology capabilities to deter unauthorized access to customers’ information and systems. We employ external security boundaries and strong internal security controls with the principle of least privilege. To be as transparent as possible with our customers and partners, we’re sharing additional details on our own security posture, and how we actively protect against cloud security vulnerability.
One way Openpath proactively protects customers is by giving the customer full control over their accounts. This way, only the customer can make changes to the account details, entries, and credentials.
Customers can enable or disable their Installer’s (Openpath Partners) access to their account within the Openpath dashboard. Learn how to adjust your account permissions and settings.
Openpath Customer Support does not have the ability to modify or unlock customer systems. They have view-only access to customer accounts in order to support inbound customer tickets.
Openpath technology was built from the ground up with enhanced security in mind. Encryption makes it much harder for unauthorized individuals to read or use data, even if they are able to intercept it.
All Openpath customer data is encrypted in transit and at rest. Using the strongest encryption available, Openpath credential data is also protected and secure.
Our hardware is tamper-resistant and we do not store any data locally on our Smart Readers. This means that a vandal or hacker cannot pull any data from the hardware itself.
Encrypted mobile communication also eliminates dependence on the underlying wireless protocol security.
Implementing multi-factor authentication (MFA) is common practice for any security-minded organization. However, not all MFA methods are strong enough to protect against today’s cloud security risks. At Openpath, we reduce cloud security vulnerabilities and mitigate risk by employing the strongest MFA across our organization, as well as restricting IP to prevent anyone outside the organization from accessing the system.
Administrative accounts are not only authenticated by a software-enforced strong password policy but also by cryptographic TOTP-based 2FA (weak, SMS-based 2FA is forbidden). This prevents access to an account if a password were compromised.
Privileged access is additionally IP-restricted.
Openpath not only helps businesses meet their own physical security requirements, we also employ them across our own organization, and adhere to strict standards for auditing in order to identify and mitigate cloud security vulnerability before it occurs.
We are SOC2 certified.
We perform regular 3rd party penetration testing in addition to constant internal security testing and vulnerability scanning.
We provide an immutable audit log of all operations (anyone who is modifying their system) that is accessible by customers via their portal, and additionally provide an audit log of all operations via API.
While built-in security features are key to protecting customers and data, it’s only one part of the equation. As a company, we also focus heavily on educating our employees on cloud security best practices, and have policies and procedures in place to ensure everyone adheres to the high standard of security our customers expect from us.
At Openpath, there aren’t any separate support team-managed servers used for updates or customer deployment tuning. All updates are managed and controlled by the core platform, which has all the security controls. Openpath also does not use Jenkins (Verkada cloud security vulnerability that was exposed March 9th, 2021), or any similar system, to bulk edit any deployments.
All employees receive yearly security training.
We implement industry-leading anti-virus and anti-malware software.
We use a centralized asset inventory and management tool to track and manage all assets and ensure all machines are kept up to date with the latest security patches.
We operate on the principle of least privilege, and only a small number of staff responsible for cloud operations have platform layer access to our cloud infrastructure. This access itself is audited and requires multi-factor authentication, including strong passwords, physical tokens, IP-based restrictions, and VPN access.
We employ a defined approach to classifying sensitive and non-sensitive information, and employ policies defining means to handle access, internal, external, and electronic distribution, storage, and disposal/destruction.
While locally hosted servers may seem like a safer option, that is not necessarily the case. Network vulnerabilities are still a concern for on-premise systems. Physical breaches and human error still account for many cybersecurity incidents that occur within on-site systems. For example, the SolarWinds hack that affected 60 Microsoft customers in early 2020 was the result of on-site breaches, not cloud-based security vulnerabilities. For many enterprise organizations, the on-premise systems depend on a VPN or other locally managed network in order to duplicate the infrastructure and sync across locations, which can raise concerns over compliance and network security.
Because security is an ever-evolving landscape, it takes constant monitoring, testing, and diligence to protect infrastructure from newly emerging vulnerabilities. What gives cloud-based systems the edge over on-premise solutions is the ability to quickly identify, alert, and resolve any issues. The decentralized and interoperable nature of the cloud is a benefit when it comes to security, making cloud systems easier to monitor, often with automated alerts to notify teams of any irregularities in real time. While it’s impossible to build a completely hack-proof on-premise or cloud based system, providers that actively test and search for vulnerabilities, and have processes in place to address them, provide the best security for their customers.
Security is in our mission, and we do everything we can to protect the data, systems and facilities of our customers and partners. If you have any questions about Openpath security measures, or access control systems in general, contact us and a member of our team will be in touch to address your concerns.