The C3 IoT network architecture is designed to ensure security, scalability, and reliability.
Network access to and from C3 IoT customer system infrastructure is controlled by network devices (including firewalls), switching access control lists, and load balancing. These boundary devices employ rule sets, access control lists, and configurations to enforce and monitor the flow of information to the C3 IoT servers.
Firewalls and ports – Multiple network devices provide traffic filtering services. The only open inbound ports and protocols are HTTP, HTTPS, and SMTP. All other ports and protocols are explicitly disabled, thereby preventing worms and other network-based attacks.
Reverse proxies – Load balancers serve as reverse proxies, distributing system load while further protecting C3 IoT application servers from direct access.
Two-factor authentication – Access to C3 IoT servers requires use of a Virtual Private Network with multi-factor authentication and access monitoring.
Hardening standards – C3 IoT follows the National Security Agency’s (NSA) recommended hardening standards for all deployed server instances. These hardening standards are applied at server instantiation and reviewed monthly.
OS upgrades and patches – Operating system patches are reviewed upon release. Depending on the assessed priority and risk, operating system patches and upgrades are scheduled for implementation in accordance with industry best practices.
Virtual Private Cloud – C3 IoT offers customer-dedicated Virtual Private Clouds. Each Virtual Private Cloud is a private network subnet that isolates customer server instances from any other customer’s deployment. This provides uncompromising cyber security while enabling cost-effective system scalability.
Direct connect – C3 IoT offers customers the options of Virtual Private Network (VPN) encrypted tunnels and private lines to connect to C3 IoT’s data centers, thereby ensuring secure transmission along with the option to completely bypass internet service providers (public internet) in the network path.
Development, staging and production environments – C3 IoT implements independent development, staging, and production environments for all customer deployments, thereby further protecting the security and reliability of production systems.
C3 IoT corporate segregation – C3 IoT’s internal corporate network is segregated from all customer systems, further restricting unnecessary access to production systems.