Security at All Levels
From the shop floor IT to the Cloud
Security in Production
IronFlock security integration
The IronFlock SaaS service supports the requirements of NIS-2 and IEC 62443 to prevent cyber attacks at all levels. Admins gain full control to perfectly integrate edge devices into existing security architectures.
Full audit logs
Any user operation on IronFlock is tracked and IronFlock provides full audit logs on any asset. This facilitates internal audits, enables you to prove compliance, investigate past processes, and adapt for the future.
User Security
User accounts are secured by state-of-the-art self-service authentication procedures and are constantly kept up to date.
Device Security
Devices use encrypted connections for communication with the IronFlock cloud. No open ports on the devices are required.
Data Security
Fleet data is collected through securely separated message realms (unified name spaces) and in physically separated data stores.
User Security
We secure your account and your assets via an authentication backend featuring different authentication methods. We support login with Google, 2FA, and more for SSO. If you forgot to log out of your session on a device, you can still do so remotely from any other device. All security-related updates like email or password changes are secured by one-time tokens.
- security
Two-factor authentication
Enable 2FA for your account to secure access with short-lived one-time-tokens. - admin_panel_settings
Fine-grained authorisation
Fleets, devices, groups, apps, dashboards, and data storage each have a detailed set of privileges to set up fine-grained user access roles ready for production environments. - lock_clock
Session management
Keep track of your login sessions on any device and log out of unused sessions.
Device Security
The security of edge devices is at the core of the IronFlock fleet management system. The Flock Agent that runs on the device host creates an outgoing connection to the IronFlock platform in the cloud and manages the tunnel clients in coordination with the IronFlock rendevous service for remote access. Device admins have full control over tunnels, network settings and privileges on the device to perfectly integrate into the existing security protocol of their organisation.
- cloud
No open ports
Devices don't need to expose open ports for cloud communication. Not even for host terminal access or to provide remote access tunnels. - vpn_key
Rendevous remote access
The IronFlock rendevous service enables remote access to apps on devices. Remote access is secured by the IronFlock user authentication and authorisation system. - private_connectivity
End-to-end encryption
Devices use end-to-end encryption on every service endpoint following the latest cyber resilience requirements.
Data Security
The IronFlock data infrastructure automatically provides secure and separate data collection components per fleet.
- sync_lock
Secure messaging realms
Data transfer from device to cloud is encrypted and secured via segmented messaging realms. - dataset
Private databases
Fleet data is collected in separate fleet databases with no interference from other fleets. - folder_shared
User-controlled data ownership
Users manage app data access according to their regional data act.