Exosite complies with leading security frameworks, employing bank-level SSL encryption on all sensitive interfaces of the platform. API end points communicate through secure socket layers (SSL/TLS) to prevent eavesdropping, tampering, or message forgery. User interfaces and web applications use HTTPS-encrypted communication to protect the privacy and integrity of data exchange.DOWNLOAD EXOSITE'S SECURITY WHITE PAPER
User authentication tightly controls who has access to the platform. Permissions are layered, making it easy to grant multiple degrees of access to information or pass temporary API keys based on user-level permissions. Sensitive customer information, passwords, and tokens are securely stored.
Exosite ensures data is never exchanged between the platform and end points without authorization. All Exosite-powered devices use a private key to interact with the platform for secure data exchange. To reduce the risk of spoofing during set up, devices in the field have a controlled time-window to authenticate themselves with the platform over encrypted API communications (DTLS, TLS). Once a device is fully authenticated, its ownership and hierarchy are established.
As a global leader in IoT, Exosite has thoroughly examined the security challenges posed by connected devices and developed a world-class IoT security foundation to address them.