MOBOTIX CLOUD - Data protection FAQ

This article deals with typical questions about the MOBOTIX Cloud and data protection:

  1. How long are log files kept? (accesses, changes, activations)
    Log files are stored for 30 days and then deleted using the ring buffer procedure, so only the last 30 days are accessible.

  2. Where are the data centres for the cloud located?
    The data centre for DACH customers is in Frankfurt, recognisable by the URL C013.mobotixcloud.com 2. You can find other data centres here:
    MOBOTIX CLOUD - Data centre worldwide 2

  3. How is the video data or backups deleted?
    The recordings in the cloud are made using the ring storage method and are automatically deleted after x days (according to the subscription booked by the customer) so that the customer can always call up the recordings of the last x days.

  4. Which certifications and certificates are used for the MOBOTIX CLOUD and in the data centres?

  • SOC 1 and SOC 2 compliant
  • ISO 27001 certified
  • PCI DSS
  • ISAE 3402
  1. Are the servers redundant, is there a raid system in the background?
  • The servers are high-availability servers and the data is protected against failure and data loss by means of redundancy.
  1. How is the data encrypted?
  • AES 256-bit encryption
  1. How is data protection realised?
  • We fulfil the GDPR8 with our products.
  • Security and data protection
    All communication between cameras, the bridge and the devices is encrypted. Two-factor authentication can optionally be used for greater security.
    Fine-grained rights assignment and user management allow you to customise the rights optimally to your needs and data protection.
    All of our German customers’ data is hosted in data centres in Frankfurt am Main. Our EU customers’ data is hosted in data centres in the EU. The data centres are certified (SOC 1+2, ISO 27001), store the data in triple redundancy and thus guarantee availability in accordance with the GDPR.
    A privacy mode is available for end customer sub-accounts to restrict (pixelate or hide) image and audio access by the reseller MOBOTIX CLOUD - Secure connection to CLOUD 2.
    User activities are saved in the action and audit logs so that changes can be tracked.
  1. Does the CLOUD VMS use an approved cryptographic module that meets or exceeds the requirements of FIPS 140-2 for encryption, hashing and other security-related functions?
  • AES 256 bit encryption for video and TLS 1.2 and better
  1. Are pen tests carried out regularly with the Cloud VMS system?
  • Penetration tests and vulnerability tests are carried out annually.
  1. Is the stored data encrypted before it is saved?
  • Yes, the data is already secured during buffer storage on the bridge before it is synchronised to the cloud. This involves AES 256-bit encryption.
  1. Is it possible to delete the data in the cloud after the deletion period has expired?
  • The CLOUD-VMS deletes the data after the set recording cycle, e.g. after 7 days. If the camera is removed from the cloud, the data is also automatically deleted and can no longer be accessed. This means that the admin user can also initiate the deletion individually.
  1. Does the provider outsource the data storage?
  • The storage on the high-availability server and the redundant systems remain in the assigned data centre. For customers in Germany, this would be Frankfurt.
  1. What is the maximum data loss that can be expected in the event of data corruption?
  • The data centres are equipped with triple redundant systems and if one server fails, the redundant server also takes over.

Special GDPR functions:

Detailed information on the MOBOTIX CLOUD data centre:
https://community.mobotix.com/t/mobotix-cloud-data-centre-worldwide/8587/1

Detailed information on encryption:
https://community.mobotix.com/t/mobotix-cloud-secure-connection-to-the-cloud/8588/1

CLOUD Whitepaper
https://www.mobotix.com/en/white-paper-request?documents=cloud