@Alta-Chase How much control does Alta have over my controller? Can you see all the sites I’ve created? Can you see my users?
Do you have any information you can share about the security of the system?
1 Like
@Willie_Howe Great question! Thanks for bringing this up! Security is at the very top of our priority list. We are actually building out an entire section of alta.inc that describes in great detail the security and redundancy measures that we have built into the Alta Labs cloud management platform. I will list a handful of the highlights here, knowing we will be going live with the updated alta.inc site that will explain it in further detail.
-
The Alta Labs team (technical support, sales, training, etc.) can only access sites they have been invited to by the site administrator. This is a Global and Company wide policy. They cannot browse or access a list of sites.
-
Alta Labs team members, if invited by a site administrator and also given administrator access, would then have the same access as the original site administrator.
-
Alta Labs as a company does not maintain or control any sites it is not invited to, unless invited to do so by the site administrator. However, Alta Labs does work to maintain the physical, virtual and network infrastructure that houses the controller and the sites that leverage that technology. This includes assuring the security standards and protocols mentioned below are being met and exceeded, along with the target uptime service level agreement.
-
We can only see a list of users that have created accounts within the Alta Labs forum. The Alta Labs team cannot see a list of users you have invited to a particular site, unless you have invited a member of our team to help manage a site as a fellow administrator.
-
We do not route or process any of you or your customer’s network traffic through our management platform.
-
As for security built into our data centers, the compliance programs we participate in, as well as the cloud architecture, here is a sample of what we maintain:
-
Cloud Security Alliance Controls, CyberGRX, CyberVadis
-
ISO 9001 (Quality), ISO 22301 (Security and Resilience), ISO 27001 (Security Management), ISO 27017 (Cloud Controls), ISO 27701 (Privacy Information Management), ISO 27018 (Personal Data)
-
AICPA SOC 1, SOC 2, SOC 3 (Audit controls, security, availability, confidentiality)
-
Ability to enable Multi-factor Authentication (MFA) for individual accounts within Alta Labs
I hope this helps provide a better understanding. As soon as the alta.inc site goes live with the additional details promised above, I will provide a link within this thread.
Thanks, Willie!
-Chase
10 Likes
Thanks for putting this out there. When we vet a company and they can’t answer basic questions they fail and we ban their use. Looks like you all understand security and I’m looking forward to any detailed documentation release so that I can expedite the vetting.
5 Likes
Hi Willie! If this is the same Willie Howe that runs the YouTube channel, how cool to see you checking out Alta Labs equipment as well! I am excited to see how they stack up agains the GWN7660s and GWN7664s I am using now. It is refreshing to see a new face in the market that is starting off on the right foot and speaking directly with their customers.
4 Likes
So is the controller HIPAA compliant?
@Chad_Pence Great question! Yes! We don’t route any traffic through our controller. We are HIPAA compliant.
1 Like