Last Modified: January 15, 2022
Purpose is to describe the high-level Information Security Architecture of Sentry AI.
The scope is to give an overview of the Security for Customers, Partners and anyone else who are interested.
Sentry AI provides the AI services to customers using the SaaS model. The software system has well-defined input and output interfaces to receive images/clips and send the Intelligent Alerts to customers. In addition to I/O interfaces, Sentry AI also provides a lightweight Web based Interface (“Customer Portal”). Following sections explain different areas of Security and how it is handled in the Sentry AI.
Sentry AI’s Software infrastructure is currently hosted in the AWS and Azure Cloud Ecosystems. This includes the elements such as Database, Storage, Authentication and AI Computational Engines.
Sentry AI restricts the access to the infrastructure only to those who are authorized to do so. Only designated users will have the login enabled to AWS console. Different roles (Admin, User, Guest, etc.) are defined based on the access level the users are entitled to. The security policies are in line with AWS’s Well-Architected Framework (https://wa.aws.amazon.com/index.en.html) and have been reviewed with the experts’ team from AWS security.
Some of the policies that are implemented to guarantee high degree of security include:
The Information Security deals with securing the customer information that is shared with Sentry AI. The interface to Sentry System is through the APIs. Some of the security details are below.
The User APIs are meant for sending the image or clips for further processing. These APIs use HTTPS, and are protected by API Keys, which are rotated on a regular basis. These are also throttled and rate limited. The APIs support OAuth2 based authentication schemes.
The Eagle Eye Network (EEN) APIs use Token based authentication, wherein the tokens are obtained from logging into the EEN cloud. The Username/Password are stored in encrypted format in Sentry AI DB.
Sentry AI Customer Portal is built to provide an interface to processing system with different controls. This portal uses OAuth2 based authentication with AWS Cognito as the backend. The User creation flow adheres to the methods prescribed by AWS Cognito.
Some of the policies and procedures that are used for Portal security:
Data Backup and Disaster Recovery is an important aspect to make sure that we can recover from catastrophic failure with minimal damage. Here are some of the procedures Sentry AI follows to this end:
End of document