Voyance Security

What do we do?

Nyansa develops a new generation of network analytics software technology. Our flagship product, Voyance, provides IT administrators with continuous data analysis regarding network performance, predictive analytics to warn of future IT ops issues and problem areas, and limited information about the devices connected to the organization’s network in order to assist with troubleshooting and enforcement of network policies. To do this, Nyansa’s customers deploy an on-premise server, called the crawler, that collects performance metrics from the network. It is run either on an appliance provided by Nyansa or an ESXi server provided by the customer. The crawler collects various metrics from the wireless and wired network hardware devices and examines network traffic received off of the SPAN port. Those metrics are then analyzed by the Voyance software, and the aggregated statistics, network performance metrics, and in some cases information regarding the devices connected to the network, are displayed to the customer through an administrative portal and dashboard.

What information do we collect?

Voyance is a passive and ‘out of band’ application, meaning that it does not collect any actual network traffic (or ‘payload’) data from our customers’ networks. And if for some reason, connection between the crawler and Nyansa’s servers is lost, this does not degrade network performance. What Voyance does collect is information that indicates how the network is performing and a limited amount of information about the devices that connect to the network in order to assist with troubleshooting and enforce network policies.

The network performance information collected by the crawler includes things like Protocol response times and error codes, Jitter and delay metrics, flow rate and bandwidth usage, and Wi-Fi metrics including SNR, channel utilization, client association information

The device information collected by the crawler includes device type, operating system and version, timestamp on network, web applications accessed (e.g. Gmail, Dropbox, Facebook, etc.), as well as information that could potentially be personal data, namely device name, any network username associated with that device, MAC address and assigned IP address, and approximate location relative to a wireless network to which the device may be connected.

How do we collect the information?

As indicated above, all information collected and sent to Nyansa’s servers is collected by the crawler that is deployed in the customer’s network when the customer begins using the Voyance service. Much of the information collected, including most of the device-related data, is information exchanged through standard networking protocols. For instance, in order for a device to associate to a network it must transmit its MAC address (and device type, operating systems, and device name) to the network, and the network assigns the device an IP address.

How is customer data protected?

The crawler only collects the data necessary for Nyansa to make the Voyance service available to the customer, and Nyansa only uses the data collected to provide the Voyance service to the customer.

All information transmitted from the crawler to Nyansa’s servers is sent over an encrypted connection using Transport Layer Security (TLS) 1.2 (the successor to Secure Sockets Layer (SSL) encryption). All communications between the Voyance web applications and Nyansa’s back-end occurs over TLS 1.1, and 1.2. All SSL certificates are uniquely generated for each customer account and are automatically provisioned.

Unless a customer has deployed our private cloud version of Voyance, all customer data is stored within Nyansa’s virtual private cloud (VPC) hosted by Amazon Web Services (AWS).This enables us to create a logically isolated instance within AWS. AWS maintains industry standard security certifications such as ISO 27001 and SOC-1, 2 and 3. And all information that Nyansa stores and processes on AWS is replicated across multiple availability zones within the United States.

Internally, Nyansa implements a host of administrative, physical, and technical safeguards to ensure the security and integrity of the data transferred to us. In addition, Nyansa employs third-party services to perform daily penetration testing and application vulnerability assessments. These include cross-site scripting and SQL injection attacks.

Finally, Nyansa makes a variety of tools available to customers to secure access to their Voyance accounts, including email verification, account access/authentication logs, role based access, and different account privileges. There are no default passwords or shared secrets, and user account passwords are stored using a salted hash.

What compliance initiatives do we undertake?

Nyansa certifies its adherence to the EU-US and Swiss-US Privacy Shield Frameworks in order to provide an adequate basis for the transfer of personal information from the European Economic Area to Nyansa’s servers in the United States.

Nyansa has also implemented a robust security and privacy program designed to meet the obligations of a ‘business associate’ under HIPAA, including implementation of each of the required implementation specifications which underlie the administrative, physical, and technical safeguards required under the Security Rule, as well as a comprehensive policy and program regularly to review and assess the adequacy of the controls we have in place.

Where can I find more information?

More information about our security practices are available upon request and under NDA. Please contact your Sales representative or email us privacy@nyansa.com.