Security Overview
Anava is built with security as a core design principle. We apply zero-trust access controls, hardware-backed device identity, and end-to-end encryption to protect customer environments.
Core Principles
- Zero trust: Every request is authenticated and authorized.
- Least privilege: Users, devices, and services get only the access they need.
- Defense in depth: Multiple layered controls protect against failures.
- Auditability: Administrative actions are logged and reviewable.
Identity & Access
User Access
- SSO/OAuth for enterprise identity providers
- MFA for privileged access
- RBAC with role-based permissions
Device Access
- Hardware-backed identity via IEEE 802.1AR certificates
- Mutual TLS for device-to-cloud communication
Data Protection
- Encryption in transit for all network communication
- Encryption at rest for stored data
- Tenant isolation to separate customer data
Monitoring & Audit Logging
- Centralized security logging
- Alerting on anomalous behavior
- Audit trails for administrative actions
Compliance
Anava supports enterprise compliance requirements including SOC 2 Type II and GDPR. See Compliance for the public compliance overview.
Internal Security Details
Detailed security architecture, firewall rules, and implementation-specific controls are documented in the internal security section for authorized team members and NDA customers.