Last updated: April 29, 2022
Nureva Console is a cloud-based platform used for managing Nureva audio conferencing systems across multiple locations. This platform provides a single, secure dashboard that allows IT managers to configure and monitor their audio systems remotely.
Nureva Console is hosted on the Microsoft Azure platform. The service is segregated so that users and devices can only access their devices, services and data. All user interaction with enrolled devices in Nureva Console is done via encrypted communications using industry leading TLS 1.2 communications.
The Microsoft Azure cloud services have extensive built-in security controls that Microsoft advises conform to the following security and privacy accreditations:
More information about Microsoft Azure cloud services can be found at https://www.microsoft.com/en-us/trustcenter.
Nureva Console leverages Okta Identity Cloud for all identity and access management (IAM) services.
Okta service states the following security and privacy accreditations:
More information about Okta can be found at https://trust.okta.com/compliance.
Data within the Nureva Console service is encrypted using 256-bit AES encryption while at rest and Transport Layer Security (TLS) 1.2 while in transit. We maintain an “A” ranking from Qualys SSL Labs (www.ssllabs.com) for our certificate, protocol support, key exchange and cipher strength. We only use current cryptographic technologies and disable older, less secure or compromised technologies. Encryption controls are reviewed periodically and as new threats emerge.
Security controls are implemented to ensure that cryptographic keys are managed across the life cycle – generation, distribution, storage and change. Management of key vaults are restricted and automated with the intent to limit access.
The Nureva Console service supports two types of applications. A cloud-based application is intended for managing and monitoring devices remotely, and the other is a Windows® client to facilitate connectivity between Nureva devices and the cloud-based application. The browser-based application is served from a Web server hosted on Microsoft Azure.
Communication with these services is encrypted using Transport Layer Security (TLS) 1.2.
The Nureva Console service stores and retrieves data from an Azure SQL database in the United States. Data stored in the Azure SQL database is encrypted.
Nureva follows a secure software development process that ensures security and privacy are integrated throughout every phrase of the development life cycle. Design and code changes must meet defined completeness criteria prior to introduction into service, and they are reviewed for correctness. Any issues identified during these reviews must be rectified before the change is committed. All new features are tested, and the system is regression tested by a dedicated quality assurance team prior to release.
We create, store and monitor a range of application and infrastructure logs for the Nureva Console service. We also use database auditing and threat detection to monitor actions carried out against our databases. Alerts are automatically generated if anomalous activity is detected. These are investigated by the development and information security management teams.
We regularly engage an independent, accredited company to conduct vulnerability assessments and penetration tests of Nureva Console and other associated services. Any high severity vulnerabilities detected are immediately remedied and then retested.
The assessment uses security testing and incident response team’s (STIRT) vulnerability assessment (VA) methodology, which is based on the Open-Source Security Testing Methodology Manual (OSSTMM) developed by the Institute for Security and Open Methodologies (ISECOM). The VA methodology also includes developments from the Testing Guide for the Open Web Application Security Project® (OWASP).
The cadence of these assessments is determined not only by product releases but also conducted at specified time intervals.
The Nureva Console service employs an authentication/authorization service that uses standard OAuth2 protocols to identify and authorize users accessing resources within the service. Identity and account management services are managed through Okta Identity Cloud.
When users create their account, they have administrator level permissions that allow them to add and remove devices, change devices settings, perform firmware updates and access device information through the Nureva Console service.
For enrolling devices into Nureva Console, Nureva Console uses OpenID Connect and OAuth2 to authenticate a device and allow the device to be accessed by the user account.
© 2022 Nureva Inc. All rights reserved. Nureva and the Nureva logo are trademarks or registered trademarks of Nureva Inc. in the United States, Canada and other countries. All third-party product and company names are for identification purposes only and may be trademarks of their respective owners. April 2022.