Bosch IoT Insights

Certifications and security

ISO 27001 and TISAX certified

Bosch IoT Insights is compliant with ISO 27001 and TISAX next to ISO 9001 : 2015 and ISO / IEC 20000-1 : 2018. We continue to strengthen our quality of service for our customers.

ISO 27001 is an international standard for information security management systems. Bosch IoT Insights meets all the requirements for data security and information security.

TISAX stands for Trusted Information Security Assessment Exchange. It is a standard based on the key aspects of information security such as secure information processing and data privacy.

To complete the certifications, Bosch IoT Insights was successfully audited by an accredited independent assessor.

Rate limit

To ensure stability, performance and prevent overload scenarios there is an intelligent rate limit in place.

Unlike ordinary or commonly known rate limits, our rate limit logic only reacts on failed requests.

The logic can be simply described as follows:

If an account (normal or technical user) creates more than 100 failed requests (>=400 response code) within 1 minute, the account will be temporarily be locked for 5 minutes,
and all following requests will be denied by answering error code 429 and a corresponding error message, containing the lock duration time.

This ensures that normal client behaviour is not affected by any kind of limitation, but endless error requests from an single clients are block
to ensures stability and good performance per subscription.

Data Encryption

The service automatically enforces data encryption on hard disk level to ensure the security and privacy of your sensitive information.

Hard disk level encryption is important for safeguarding sensitive data stored on any kind servers or any other device.
By encrypting data on hard disk level, the data becomes inaccessible to unauthorized individuals, even if the physical storage medium is stolen or compromised.
This provides a critical layer of protection against data breaches, theft, and unauthorized access.

In addition to protecting against physical theft, hard disk level encryption also helps mitigate the risk of data exposure in the event of device loss or decommissioning.
It ensures that the data remains confidential and secure, even if the hardware falls into the wrong hands.

All data is therefore encrypted on hard disk level with state of the art encryption and can only be accessed by customers themself and the operation team.

Communication

All communication of the service is encrypted on transport layer level.
By encrypting data at the transport layer, it becomes unreadable to anyone who does not have the proper decryption key, thereby protecting sensitive information from unauthorized access or interception.

In addition to confidentiality, a transport layer encryption also ensures the integrity of data by detecting any unauthorized modifications or tampering during transmission.
This helps to guarantee that data being received is the same as the data that was sent, and that it has not been altered in any way.

Communication is only supported through HTTPS and encrypted through the Transport Layer Security (TLS) Version 1.2 or 1.3 by default.
Unencrypted communication is not allowed!
Older versions of TLS like 1.0 and 1.1 are explicitly are not supported.

In addition we enforce that TLS communication is only done using secure ciphers, with state of the art algorithms and a sufficient bit length of at least 128 bits.
Therefore we enforce the usage of ciphers, such as RSA (Rivest-Shamir-Adleman) and Elliptic Curve Digital Signature Algorithm (ECDSA).
This adds an additional layer of security by making it extremely difficult for attackers to decrypt the data without the proper key.
This also helps to prevent eavesdropping, man-in-the-middle attacks, and other forms of unauthorized access to the data.

Geoblocking

To comply on legal obligations and regulations the usage of the service enforces geographical limitations, also known as geoblocking.

Geoblocking is implemented on IP level, by analyzing the IP address of a client and comparing it to a database of IP address ranges associated with specific geographic locations.
Based on this analysis, the service does deny access and usage from the following countries:

  • Belarus

  • Central African Republic

  • Iran

  • Libya

  • North Korea

  • Russia

  • Somalia

  • Sudan

  • Syria

  • Ukraine - Crimea Region.