# Security Tricloud Nexus is designed with a strong emphasis on security, leveraging Microsoft Azure technologies to ensure robust protection across all components. Cloud infrastructure integrates Azure IoT and Azure security fundamentals, providing secure communication and role-based authorization through Microsoft Entra. At the edge, Azure IoT Edge runtime security enhances device and network protection. IIoT security is a large topic, below is a short list of the most important key technologies supported by Tricloud Nexus: * Virtual networking with private endpoints between cloud and edge * Device attestation with either Certificates – X509 / TPM / Symmetric keys * Secure communication between edge and cloud (TLS) * Option for layered edge topology, supporting DMZ and OT zones using gateways * Support for Microsoft IoT defender to mitigate current security risks ### **Cloud** The platform is built on Microsoft Azure technologies, including Azure IoT and Azure security fundamentals. Azure IoT enables seamless integration and management of IoT devices, providing robust capabilities for connecting, monitoring, and controlling devices across a wide network. Security is a top priority, with the platform leveraging Azure security fundamentals to ensure data protection and compliance. Azure security fundamentals encompass a range of security practices, including identity and access management, encryption, threat detection, and response. The platform integrates with virtual networks and supports private communication, ensuring secure data transfer within isolated network environments. Role-based authorization is implemented using Microsoft Entra, formerly known as Azure Active Directory (Azure AD), providing granular access control based on user roles. Authentication is seamlessly integrated with customers' Microsoft Entra for user authentication, ensuring a streamlined and secure access experience. ### **Edge** The edge computing component of the platform is based on Azure IoT Edge. Azure IoT Edge runtime extends cloud capabilities to the edge, allowing for local data processing and analysis, reducing latency, and improving responsiveness. Security is paramount, and the Azure IoT Edge runtime ensures that all edge devices are secure and compliant with industry standards.  Security at the Edge can be further enhanced by configuring a layered network topology to enhance the security and reliability of edge deployments, and communication between Edge and Cloud can leverage additional encryption layers like VPN. The platform's edge architecture supports a multi-layered security. ### **Software development** The development process follows well-known code review practices, ensuring that all code is getting proper attention in regard to quality and security. DevOps principles are employed to streamline and automate development, integration, testing, and deployment processes, promoting continuous delivery.  To ensure a high quality code base, static code analysis is performed. The static code analysis scans for the most common OWASP issues that can be detected statically. This ensures that the codebase is regularly scanned for vulnerabilities, helping to identify and mitigate potential security issues early in the development cycle.  Additionally, third-party software and libraries are analyzed for vulnerabilities in third-party components, providing insights and recommendations for remediation. This comprehensive approach to development and security ensures that the platform remains robust, secure, and reliable. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.tricloudnexus.io/platform-architecture/security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.