Zonar has more than a decade-long history of flawless data security, and has maintained 99.99% up-time by going above and beyond industry standards to protect our customers’ information. Here is how we protect your data, and keep our systems safe and secure.
What methods are used to control access to data?
We limit exposure of data by applying the principle of least privilege, something we also help our customers do with their own users. Data is also encrypted at rest with each customer secured individually, preventing an attacker from simply leveraging one customer to access another customer’s data.
How are Zonar’s networks secured?
As with other aspects of Zonar services, we leverage a defense-in-depth strategy for protecting infrastructure. Zonar has built our networks around principles of good design, including network segmentation, firewalls, traffic inspection, audit log collection and analysis, access controls, and encryption to name a few. Zonar also employs the services of a third party security analysis and testing firm to help us validate our security architecture and controls by approaching our infrastructure as an attacker. This second set of eyes is yet another important tool we use to keep our customer data safe.
Who has physical access to the servers?
Zonar is built on a hybrid-cloud architecture, which includes back-end systems running on-premise in a data center, and front-end systems running in the Google Cloud Platform. For our front-end systems running in the Google Cloud Platform, the security measures taken to protect customer data are defined by the Google security whitepaper.
For our backup data centers, Zonar uses premier data center providers to protect physical access to the on-premise systems. These SOC2 Type II certified Zonar partners enforce a laundry list of access controls to protect our physical infrastructure and our customer’s data. These access controls include:
- On-premise 24/7 security guards.
- Access to hardware requires passing through multiple layers of physical security
- Biometric access controls
- Portals and person-traps that authenticate only one person at a time
- Active monitoring of security systems
- Security cameras to monitor access and movement
- Only a small number of Zonar employees have been authorized for physical access to our colocated hardware.
How are user accounts secured?
Zonar’s customers have full control over their own users, with more than 50 individual permissions that can be adjusted for each user, and the ability to track user logins and enable/disable user accounts with a single click. Multiple password strength requirements can be set to ensure your users choose strong passwords.
How is the data communicated securely?
All data between our customers and Zonar services use TLS to encrypt data in transit. Zonar also uses protections to prevent man-in-the-middle attacks ensuring private and protected communication is maintained.
Resilient Data Acquisition and Transmission Architecture
Zonar’s hardware and software architecture is designed to be resilient, and always protect data in the real-world environments encountered by fleets today. In areas where cellular networks are weak or non-existent, our devices store GPS tracking data internally in non-volatile memory until a reliable network connection can be established. Up to three months of vehicle activity tracking data can be stored in memory without overwriting any data. Every part of Zonar’s data gathering and analysis system is designed for this type of resiliency, and to auto-recover from common outages without customer interaction.
Regular Security Updates
Zonar’s web application is updated several times every month, which allows us to release security improvements, new features, and bug fixes very quickly. Using Agile development methods ensures features and fixes are not delayed or held up behind larger feature upgrades, and incremental changes can be made without impacting the larger product delivery timelines.
Zonar’s hardware receives over-the-air firmware updates throughout the year, to keep our hardware systems current and protected. Updates are automatically applied during vehicle down-time and do not require customer interaction, so they do not adversely impact normal vehicle tracking operations.
Security Best Practices & Assessments
Securing internet applications and data requires constant vigilance, and adherence to the best practices defined by industry standards, federal regulations, and the thought leadership of organizations like the OWASP. A key element of good security is to publish as few details about your platform’s security infrastructure as possible.
Zonar follows this best practice policy, by publicly releasing a minimum of security information. Deeper discussions about Zonar’s security infrastructure can be scheduled, by phone or teleconference, between your security team and Zonar’s security leadership, upon completion of an appropriate mutually-binding Non-Disclosure Agreement.
In adherence to security best practices, we do not publicly release security information beyond this article.