Security & Compliance

Cybersecurity is more than just certifications and encryption – learn how Arcules lives and breathes security so your business can stay compliant and secure by design.

Arcules is security. It's in our DNA.

Keeping you and your business safe is our reason for being – Arcules was founded to make securing your organization as simple, powerful, and flexible as humanly possible.

These days, it seems like every other day a new virus is unleashed or another company’s information is breached – we know the prospect of transitioning to cloud can seem scary and uncertain – that’s why we eat, sleep, and code data privacy and risk management.

From an office culture that reinforces good IT practices, to an engineering pipeline that doesn’t create back-doors, all the way to layers and layers of digital and physical protections that keep your system as safe as it can be. We’ve got your back 24/7.
Screenshot 2023-05-17 at 12.02.50 PM

What Makes Arcules Secure

infrastructure
INTERNAL SECURITY

Security starts with best practices from within - Arcules nurtures an environment built on good IT hygiene, today and every day.

NETWORK SECURITY

Everything and the kitchen sink encrypted in transit to the cloud. Video, thumbnails, analytics, metadata, settings, and beyond.

CLOUD SECURITY

A SaaS product is only as good as its data center, that's why every bit of information is locked-tight within the Google Cloud facilities.

PLATFORM SECURITY

Multi-factor authentication, RBAC, SAML / SSO integration, and granular user profiles secure access for all system entry points.

INTERNAL SECURITY

Screenshot 2023-05-17 at 12.48.27 PM

Built on a Culture of Best Practices

According to IT research, over 50% of security incidents are caused by people within an organization (verizon). At Arcules, we believe that a secure product doesn’t just mean encrypting your data and making strong passwords; it’s a day-to-day practice of smart internal choices and habits that build the foundation for a safe tech product. Like good hygiene, it’s not something you do only once.

From corporate traditions like “caking”, where employees are encouraged to spot and lock others’ unattended devices and send an embarrassing  announcement that the owner will bring cake to everyone in the office, to rigorous SOC 2 training and smart engineering pipeline validation. You won’t find us building back-door shortcuts for development now, or ever.

NETWORK SECURITY

Every Cloud Needs a Strong Tether

Endpoints should be secure, but the transfer of your communication through the wild west of the internet on its way to the cloud is equally critical. With the Arcules Gateway, we are able to seamlessly manage connection safety, data encryption, and anything related to the transfer of your surveillance system information using just one small device.

Encryption in Transit

Every bit and byte of data sent from the Arcules Gateway is transmitted utilizing TLS 1.2 or greater. Additionally, Google's POP network offers lower latency and adds an extra layer of data protection from nosy eavesdroppers and "man-in-the-middle" interceptors.

Outbound Traffic Only

Arcules only talks to the cloud using outbound connections, so your Gateway, IP cameras, access control panels, and IoT devices can operate with fewer vulnerable points of entry - meaning a smaller overall security footprint for your organization.

Secure by Default

The Arcules Gateway is not only hardened for security, but will also refuse to connect to external devices using their factory default credentials. This allows you to maintain a more secure environment within your organization.

Package Signing

Each package of code deployed to the host is signed with Arcules' own secret signature to prevent sneaky tampering and authenticate the original source, adding yet another layer of protection to your security system.

CLOUD SECURITY

Built on the Trusted Google Cloud

Our partnership with Google Cloud services not only allows us to provide scalability, but also redundant, robust, and trusted data protection 24/7.

Built like an onion, Google’s data centers are designed with 6 layers of redundant physical and digital security to ensure that your data is safe. Check out the tour!

PLATFORM SECURITY

Screenshot 2023-05-17 at 1.22.12 PM

Where the Rubber Meets the Road

Being a cloud-based product means that our Arcules Platform is the final critical access point to secure for our customers. It’s the place where everyone in your organization logs in to manage the system, where the encryption releases for viewing, and arguably where the most potential vulnerability lies.

Our engineering team has baked in several industry-standard protocols (and even a few unique tools) to our platform to mitigate risk at the application level while providing the control/flexibility to fit into your existing environment. With support for SSO from providers like Google, Okta, and Microsoft, easily customizable user permission groups, refusal of easy-to-guess default logins, and seamless automatic updates, your system stays secure without any downtime or installation loading periods.

 

 

What Makes Arcules Compliant

valeriy-khan-0sUe24rw_Fg-unsplash-1000x500

NATIVE COMPLIANCE

Proof We "Walk the Walk"

These days, organizations considering cloud products want to be sure the service is built with stringent data protection – especially those in highly sensitive industries like healthcare, data storage, or education. Every endpoint, connection, and transaction must create a simple experience – while still providing the utmost assurance that protocols are in place to protect sensitive data. For this reason, we maintain the following certifications to enable your successful compliance.

SOC 2 Type II 

SOC is an auditing procedure that ensures service providers securely manage customer data. Developed by the American Institute of CPAs (AICPA), SOC 2 defines criteria for managing customer data based on various trust principles.

SOC 2 compliance is determined by an audit from an AICPA-certified independent third-party party and mandates that organizations adhere to specific information security policies and procedures in line with their business objectives. SOC 2 Type II compliance covers a six to 12-month time-frame to ensure that a company’s security measures align with the evolving requirements of data protection in the cloud.

This means Arcules doesn’t just do the right things today, but every day consistently to keep your data safe.

GDPR

The European Union adopted the General Data Protection Regulation in 2018 as a response to privacy concerns around  the way businesses collect their data online. Since then, the law has required European and international organizations to change the way they collect user data and offer them the ability to manage it by request.

Standard Contractual Clauses (SCCs) The final version of the new SCCs were published by the European Commission on June 4, 2021. SCCs are template data transfer agreements that permit data exporters to transfer customer information to countries outside the EEA that the European Commission identifies as providing “inadequate” data protection such as Australia, Brazil, China, India and the United States.

The Arcules Cloud Platform, as well as our website and customer relationship data systems are fully GDPR compliant. We are cautious about where and how we store your data, while always giving you the option to opt out of tracking or to request management of the data we already have on you. Check out our Privacy Policy for more information

NATIVE COMPLIANCE

What This Means for You

While many companies will tell customers that their product itself is compliant, at the end of the day, your data is still owned and managed by your organization. That’s why Arcules offers a suite of certified tools and services which enable you as the customer to be compliant in the way you manage and store your data within our platform.

 HIPAA for Medical

  • The Health Insurance Portability and Accountability Act of 1996 mandates the way medical organizations collect and manage patient healthcare data.
  • Arcules enables HIPAA compliance by providing full control over access and permissions,  while keeping the data securely encrypted to hospital standards.

 GDPR for European Union

  • The European Union adopted the General Data Protection Regulation in 2018 as a response to privacy concerns around  the way businesses collect their data online. Since then, the law has required European and international organizations to change the way they collect user data and offer them the ability to manage it by request.
  • The Arcules Cloud Platform is designed with the flexibility to give you control over where your data is stored globally, as well as how it is collected and used under strict GDPR guidelines.

 NDAA & TAA for Hardware Selection

  • In the National Defense Authorization Act of 2019, section 889 prohibits United States Government entities from purchasing video communication equipment from Chinese manufacturers that may pose a security risk. This, along with the Trade Agreement Act of 1979 requires products available to these bodies on the GSA Schedules to be manufactured in certain designated countries.
  • While Arcules does not sell video communications hardware, our uniquely open platform works across whichever brand of hardware you choose to use, enabling your organization to be NDAA & TAA compliant with your choice of surveillance cameras.
 

What Our Customers Say...

“One of the main reasons we decided to move to Arcules is it’s all cloud-based, It’s all on one platform, which is much better than having to manage a server for each site with its own unique cameras.”

“With Arcules’ robust cloud-based solution, it’s updated all the time. I’ve got a direct relationship with them as a vendor, so I know the equipment is going to work when I need it to.”

“The ease of use of the product is very important to us. You don’t need to be an IT expert to utilize it. With a cloud-based solution, it’s much more efficient. Not having to monitor the hardware or do software updates is a big time saver—it really manages itself.”

Unlock the Power of a Video Surveillance Solution that is Secure, Simple, and Scalable

Arcules is a Canon Company that delivers the next generation of cloud-based video surveillance, access control, and smart analytics − all in one unified, intuitive platform. We help organizations eliminate complexity, reduce maintenance, and save money while improving safety and optimizing business operations.