Taranis Data Security and Privacy

Taranis Data Security and Privacy


Taranis is committed to providing its customers with a highly secure and reliable environment for our data operations and cloud-based applications. We have therefore developed a multi-tiered security model that covers all aspects of hosted and cloud-based Taranis systems. The security model and controls are based on international protocols and standards and industry best practices.

As part of the company’s focus on security issues, Taranis employs security-oriented management staff including a Chief Technology Officer, a VP R&D and a Chief Innovation Officer as well as cloud platform and data & services team with responsibility for:

  • Applying the security model to all system tiers

  • Monitoring and analyzing the infrastructure for suspicious activities and potential threats

  • Issuing security reports to Taranis management 

  • Dynamically updating the security model and addressing new security threats

In addition, a Taranis joint committee, including representatives from product management and R&D is committed to:

  • Systematically examining the organization's information security risks, considering threats and vulnerabilities

  • Designing and implementing a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address the risks that are deemed unacceptable

  • Adopting an overarching management process to ensure that the information security controls continue to meet the organization's evolving information security needs

Taranis utilizes private storage “buckets” in the Google  Cloud Platform. Additional Google Cloud security, privacy and compliance policies can be found here:

Physical Equipment 

The Taranis service agreement ensures that all pilots must possess and be current with an FAA Part 107, Commercial Drone Pilots License or other local equivalent in other countries of operation.  The Drone Service Providers (DSP) are responsible to ensure currency and compliance with FAA regulations.  To ensure compliance, Taranis verifies and confirms all pilots licenses during training.  

Additionally, Taranis issues the Operations equipment (Drone kit, Pilot Kit) to the DSP to ensure operational continuity and adherence to company policies.  The DSP is responsible for all equipment. For example, in the case of the DJI 300 drones, the Operations Kit includes the following items.

Drone Kit:

  • M300 Case w/ M300 drone, Remote Controller, H20 camera, 2x drone batteries, 2x remote controller batteries

  • 2x Battery Charging Cases -- cases and 16 drone batteries

Pilot Kit:

  • Landing Pad

  • Computer

  • T-shirts

  • Reflective vests

  • Various charging cables and connecting cables

  • SD and Micro-SD Cards

  • Card Adapters

  • Power adapters

Operational and Information Security 

Taranis has implemented a strict set of procedures throughout the entire data life-cycle, to ensure all captured data is security processed, stored and made available only to authorized users. These include:

  • Drones or planes taking images in the field based or precalculated routes, and the captured imagery is stored only on a local memory card.

  • At the end of the flight, the certified pilot uploads the images using a Taranis provided laptop as well as using a secured Taranis-developed application.

  • The data is uploaded into predefined, Taranis owned, private buckets in the Google Cloud Platform (GCP).

  • Stored data in the Google Cloud Platform can be accessed only via a dedicated secured service and made available to customers using the Taranis web and mobile interface based on individual user permissions.

Application Security

The following items are relevant for the application access control:

  • Access control – Access to the Google Cloud Platform buckets is limited, based on role and responsibility and is only available to permitted users for maintaining and supporting customers

  • Authentication – Taranis also enforces a Google based multi-factor authentication including a strict role-based password policy. For Taranis web and mobile apps, user passwords are stored in an encrypted form, using a one-way encryption method based on an industry-standard hash algorithm. Only the application is able to compare the hashed and entered passwords. 

  • Data encryption: based on the Google Cloud platform, it encrypts data in transit between our facilities and at rest, ensuring that it can only be accessed by authorized roles and services with audited access to the encryption keys. Additional details provided below.

Data Encryption at Rest

Taranis uses the Google Cloud Platform for storage. 

  • Google Cloud encrypts all customer content stored at rest, without any action from the customer, using one or more encryption mechanisms.

  • Google Cloud encrypts all customer content stored at rest, without any action required from the customer, using one or more encryption mechanisms.

  • Data for storage is split into chunks, and each chunk is encrypted with a unique data encryption key. These data encryption keys are stored with the data, encrypted with ("wrapped" by) key encryption keys that are exclusively stored and used inside Google's central Key Management Service. Google's Key Management Service is redundant and globally distributed.

  • All data stored in Google Cloud is encrypted at the storage level using AES256, with the exception of a small number of Persistent Disks created before 2015 that use AES128.

  • Google uses a common cryptographic library, Tink, which incorporates our FIPS 140-2 Level 1 validated module, BoringCrypto, to implement encryption consistently across almost all Google Cloud products. Consistent use of a common library means that only a small team of cryptographers needs to implement and maintain this tightly controlled and reviewed code.

Detailed information can be found here: https://cloud.google.com/docs/security/encryption/default-encryption 

Data Encryption at Transit

  • Google employs several security measures to help ensure the authenticity, integrity, and privacy of data in transit.

  • For the use cases discussed in this whitepaper, Google encrypts and authenticates data in transit at one or more network layers when data moves outside physical boundaries not controlled by Google or on behalf of Google. All VM-to-VM traffic within a VPC network and peered VPC networks is encrypted.

  • Depending on the connection that is being made, Google applies default protections to data in transit. For example, we secure communications between the user and the Google Front End (GFE) using TLS.

  • Google Cloud customers with additional requirements for encryption of data over WAN can choose to implement further protections for data as it moves from a user to an application, or virtual machine to virtual machine. These protections include IPSec tunnels, Gmail S/MIME, managed SSL certificates, and Istio.

  • Google works actively with the industry to help bring encryption in transit to everyone, everywhere. We have several open-source projects that encourage the use of encryption in transit and data security on the Internet at large including Certificate Transparency, Chrome APIs, and secure SMTP.

  • Google plans to remain the industry leader in encryption in transit. To this end, we dedicate resources toward the development and improvement of encryption technology. Our work in this area includes innovations in the areas of Key Transparency and post-quantum cryptography.

Detailed information can be found here: https://cloud.google.com/docs/security/encryption-in-transit 

    • Related Articles

    • Taranis Security And Privacy Incident Response Policy

      Taranis Security And Privacy Incident Response Policy Purpose and Scope The purpose of this policy is to ensure that Taranis reacts appropriately to any actual or suspected security or privacy event regarding Taranis systems and/or data and that all ...
    • Data Retention Policy

      Taranis Data Retention Policy Introduction Taranis is committed to protecting our systems, information, and our customers’ information. The purpose of this Policy is to ensure that necessary records and documents are adequately protected and ...
    • Taranis Business Continuity Planning (BCP)

      Business Continuity Plan Overview Taranis systems Business Continuity Plan is a comprehensive statement of actions to be taken before, during and after a disaster. This plan is designed to reduce the risk to an acceptable level by ensuring the ...