Security & Compliance
Cybersecurity is more than just certifications and encryption – learn how Arcules lives and breathes security so your business can stay compliant and secure by design.
Arcules is security. It's in our DNA.
Keeping you and your business safe is our reason for being – Arcules was founded to make securing your organization as simple, powerful, and flexible as humanly possible.
These days, it seems like every other day a new virus is unleashed or another company’s information is breached – we know the prospect of transitioning to cloud can seem scary and uncertain – that’s why we eat, sleep, and code data privacy and risk management.
From an office culture that reinforces good IT practices, to an engineering pipeline that doesn’t create back-doors, all the way to layers and layers of digital and physical protections that keep your system as safe as it can be. We’ve got your back 24/7.
What Makes Arcules Secure
Internal Security
Security starts with best practices from within - Arcules nurtures an environment built on good IT hygiene, today and every day.
Network Security
Everything and the kitchen sink encrypted in transit to the cloud. Video, thumbnails, analytics, metadata, settings, and beyond.
Cloud Security
A SaaS product is only as good as its data center, that's why every bit of information is locked-tight within the Google Cloud facilities.
Platform Security
Multi-factor authentication, RBAC, SAML / SSO integration, and granular user profiles secure access for all system entry points.
Internal Security
Built on a Culture of Best Practices
According to IT research, over 50% of security incidents are caused by people within an organization (verizon). At Arcules, we believe that a secure product doesn’t just mean encrypting your data and making strong passwords; it’s a day-to-day practice of smart internal choices and habits that build the foundation for a safe tech product. Like good hygiene, it’s not something you do only once.
From corporate traditions like “caking”, where employees are encouraged to spot and lock others’ unattended devices and send an embarrassing announcement that the owner will bring cake to everyone in the office, to rigorous SOC 2 training and smart engineering pipeline validation. You won’t find us building back-door shortcuts for development now, or ever.
Network Security
Every Cloud Needs a Strong Tether
Endpoints should be secure, but the transfer of your communication through the wild west of the internet on its way to the cloud is equally critical. With the Arcules Gateway, we are able to seamlessly manage connection safety, data encryption, and anything related to the transfer of your surveillance system information using just one small device.
Encryption in Transit
Secure by Default
Outbound Traffic Only
Package Signing
Cloud Security
Built on the Trusted Google Cloud
Our partnership with Google Cloud services not only allows us to provide scalability, but also redundant, robust, and trusted data protection 24/7.
Built like an onion, Google’s data centers are designed with 6 layers of redundant physical and digital security to ensure that your data is safe. Check out the tour!
Platform Security
- No Default Logins
- Single Sign-On (SSO/SAML)
- Granular User Permissions
- Seamless Automagic Updates
- Multi-Factor Authentication (MFA)
Where the Rubber Meets the Road
Being a cloud-based product means that our Arcules Platform is the final critical access point to secure for our customers. It’s the place where everyone in your organization logs in to manage the system, where the encryption releases for viewing, and arguably where the most potential vulnerability lies.
Our engineering team has baked in several industry-standard protocols (and even a few unique tools) to our platform to mitigate risk at the application level while providing the control/flexibility to fit into your existing environment. With support for SSO from providers like Google, Okta, and Microsoft, easily customizable user permission groups, refusal of easy-to-guess default logins, and seamless automatic updates, your system stays secure without any downtime or installation loading periods.
What Makes Arcules Compliant
Native Compliance
Proof We "Walk the Walk"
These days, organizations considering cloud products want to be sure the service is built with stringent data protection – especially those in highly sensitive industries like healthcare, data storage, or education. Every endpoint, connection, and transaction must create a simple experience – while still providing the utmost assurance that protocols are in place to protect sensitive data. For this reason, we maintain the following certifications to enable your successful compliance.
SOC is an auditing procedure that ensures service providers securely manage customer data. Developed by the American Institute of CPAs (AICPA), SOC 2 defines criteria for managing customer data based on various trust principles.
SOC 2 compliance is determined by an audit from an AICPA-certified independent third-party party and mandates that organizations adhere to specific information security policies and procedures in line with their business objectives. SOC 2 Type II compliance covers a six to 12-month time-frame to ensure that a company’s security measures align with the evolving requirements of data protection in the cloud.
This means Arcules doesn’t just do the right things today, but every day consistently to keep your data safe.
The European Union adopted the General Data Protection Regulation in 2018 as a response to privacy concerns around the way businesses collect their data online. Since then, the law has required European and international organizations to change the way they collect user data and offer them the ability to manage it by request.
Standard Contractual Clauses (SCCs) The final version of the new SCCs were published by the European Commission on June 4, 2021. SCCs are template data transfer agreements that permit data exporters to transfer customer information to countries outside the EEA that the European Commission identifies as providing “inadequate” data protection such as Australia, Brazil, China, India and the United States.
The Arcules Cloud Platform, as well as our website and customer relationship data systems are fully GDPR compliant. We are cautious about where and how we store your data, while always giving you the option to opt out of tracking or to request management of the data we already have on you. Check out our Privacy Policy for more information!
Enabled Compliance
What This Means for You
While many companies will tell customers that their product itself is compliant, at the end of the day, your data is still owned and managed by your organization. That’s why Arcules offers a suite of certified tools and services which enable you as the customer to be compliant in the way you manage and store your data within our platform.
HIPAA for Medical
- The Health Insurance Portability and Accountability Act of 1996 mandates the way medical organizations collect and manage patient healthcare data.
- Arcules enables HIPAA compliance by providing full control over access and permissions, while keeping the data securely encrypted to hospital standards.
GDPR for European Union
- The European Union adopted the General Data Protection Regulation in 2018 as a response to privacy concerns around the way businesses collect their data online. Since then, the law has required European and international organizations to change the way they collect user data and offer them the ability to manage it by request.
- The Arcules Cloud Platform is designed with the flexibility to give you control over where your data is stored globally, as well as how it is collected and used under strict GDPR guidelines.
NDAA & TAA for Hardware Selection
- In the National Defense Authorization Act of 2019, section 889 prohibits United States Government entities from purchasing video communication equipment from Chinese manufacturers that may pose a security risk. This, along with the Trade Agreement Act of 1979 requires products available to these bodies on the GSA Schedules to be manufactured in certain designated countries.
- While Arcules does not sell video communications hardware, our uniquely open platform works across whichever brand of hardware you choose to use, enabling your organization to be NDAA & TAA compliant with your choice of surveillance cameras.
Explore Our Services
Experience Arcules for Yourself
Virtual Tour
Get a feel for why, time and again, our customers love the Arcules product experience and service.
Book a Full Demo
Our cloud security experts
are ready to go deep and understand your unique needs.