Data Security
Taranis is committed to providing its customers with a highly secure and reliable environment for our data operations and cloud-based applications. We have therefore developed a multi-tiered security model that covers all aspects of hosted and cloud-based Taranis systems. The security model and controls are based on international protocols and standards and industry best practices.
As part of the company’s focus on security issues, Taranis employs security-oriented management staff including a Chief Technology Officer, a VP R&D and a Chief Innovation Officer as well as cloud platform and data & services team with responsibility for:
Applying the security model to all system tiers
Monitoring and analyzing the infrastructure for suspicious activities and potential threats
Issuing security reports to Taranis management
Dynamically updating the security model and addressing new security threats
In addition, a Taranis joint committee, including representatives from product management and R&D is committed to:
Systematically examining the organization's information security risks, considering threats and vulnerabilities
Designing and implementing a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address the risks that are deemed unacceptable
Adopting an overarching management process to ensure that the information security controls continue to meet the organization's evolving information security needs
Taranis utilizes private storage “buckets” in the Google Cloud Platform. Additional Google Cloud security, privacy and compliance policies can be found here:
Taranis has implemented a strict set of procedures throughout the entire data life-cycle, to ensure all captured data is security processed, stored and made available only to authorized users. These include:
Drones or planes taking images in the field based or precalculated routes, and the captured imagery is stored only on a local memory card.
At the end of the flight, the certified pilot uploads the images using a Taranis provided laptop as well as using a secured Taranis-developed application.
The data is uploaded into predefined, Taranis owned, private buckets in the Google Cloud Platform (GCP).
Stored data in the Google Cloud Platform can be accessed only via a dedicated secured service and made available to customers using the Taranis web and mobile interface based on individual user permissions.
The following items are relevant for the application access control:
Access control – Access to the Google Cloud Platform buckets is limited, based on role and responsibility and is only available to permitted users for maintaining and supporting customers
Authentication – Taranis also enforces a Google based multi-factor authentication including a strict role-based password policy. For Taranis web and mobile apps, user passwords are stored in an encrypted form, using a one-way encryption method based on an industry-standard hash algorithm. Only the application is able to compare the hashed and entered passwords.
Data encryption: based on the Google Cloud platform, it encrypts data in transit between our facilities and at rest, ensuring that it can only be accessed by authorized roles and services with audited access to the encryption keys. Additional details provided below.
Taranis uses the Google Cloud Platform for storage.
Google Cloud encrypts all customer content stored at rest, without any action from the customer, using one or more encryption mechanisms.
Google Cloud encrypts all customer content stored at rest, without any action required from the customer, using one or more encryption mechanisms.
Data for storage is split into chunks, and each chunk is encrypted with a unique data encryption key. These data encryption keys are stored with the data, encrypted with ("wrapped" by) key encryption keys that are exclusively stored and used inside Google's central Key Management Service. Google's Key Management Service is redundant and globally distributed.
All data stored in Google Cloud is encrypted at the storage level using AES256, with the exception of a small number of Persistent Disks created before 2015 that use AES128.
Google uses a common cryptographic library, Tink, which incorporates our FIPS 140-2 Level 1 validated module, BoringCrypto, to implement encryption consistently across almost all Google Cloud products. Consistent use of a common library means that only a small team of cryptographers needs to implement and maintain this tightly controlled and reviewed code.
Detailed information can be found here: https://cloud.google.com/docs/security/encryption/default-encryption
Google employs several security measures to help ensure the authenticity, integrity, and privacy of data in transit.
Google encrypts and authenticates data in transit at one or more network layers when data moves outside physical boundaries not controlled by Google or on behalf of Google. All VM-to-VM traffic within a VPC network and peered VPC networks is encrypted.
Google applies default protections to data in transit. For example, we secure communications between the user and the Google Front End (GFE) using TLS.
Detailed information can be found here: https://cloud.google.com/docs/security/encryption-in-transit
Taranis is committed to protecting our systems, information, and our customers’ information. The purpose of this Policy is to ensure that necessary records and documents are adequately protected and maintained and to ensure that records that are no longer needed by Taranis or are of no value are discarded at the proper time. This policy defines the retention requirements for Taranis service data. This policy applies to all Taranis employees or contractors working on behalf of Taranis.
Taranis service data includes all Acquired Imagery, Generated Data and Insights, and User-provided Data.
Acquired Imagery includes satellite and drone imagery acquired on serviced acres. User-provided Data includes any information uploaded to Taranis systems by users, including field boundaries, planting dates, crop hybrids, etc. Generated Data and Insights includes insight scores, severity, heat maps, and all other information generated from the Acquired Imagery, User Provided Data, and other data sources such as weather history.
Taranis will define a reasonable retention policy for all systems and data in use within the organization and will document them in the Retention Requirements below.
All employees who create and use records and information are responsible for maintaining Taranis Records according to this Policy.
All levels of management within Taranis are responsible for ensuring compliance with this Policy within their respective group, region, or function.
Taranis will retain data files in compliance with the retention periods stated below:
Acquired Imagery will be retained for the current season and 2 additional seasons; for example, during the 2024 season imagery will be available from the 2024, 2023 and 2022 seasons.
Generated Data and Insights will be retained as long as a current contract is in effect; after contract termination, data will be retained for a period of 30 days.
User-provided Data will be retained as long as a current contract is in effect; after contract termination, data will be retained for a period of 30 days.
The retention periods provided in this policy are intended to be as short as possible to minimize the volume of Taranis Records while still complying with legal, contractual, and/or operational requirements. Records will be kept only for the period stated in the policy and Taranis reserves the right to destroy or discard the data at the stated retention period expiration.
Measures will be taken to ensure that the information can be accessed by authorized users during the retention period (both with respect to the information carrier and the readability of formats).
As data expires according to the retention policy, Taranis reserves the right to delete or otherwise destroy the data in accordance with its classification and destruction requirements.
The Taranis Vice President of R & D is responsible for ensuring compliance with this policy and will assist with the protection of Taranis data.
Any employee found to willfully or intentionally violate this policy may be subject to disciplinary action, up to and including termination of employment.