How ORDITAL secures your data...
How ORDITAL secures your data...
For more information on the platforms that ORDITAL utilizes please refer to the TECHNOLOGY PARTNERS section of this web site.
For enterprise customers ORDITAL allows synchronization between the ORDITAL mobile app and the ORDITAL server. On the server, data is stored in the salesforce force.com database and images are stored on the Amazon Web Services Simple Storage Service (AWS S3) platform. Images stored on AWS S3 have no identifying meta-data stored on them such as geolocations or other EXIF data and are named with with a Universally Unique IDentifier (UUID) file name which ensures that aside from the security inherent in the platform there is no way to decode anything in the AWS S3 platform without the meta-data that is secured in the force.com database. Further information on salesforce security can be found here, and further information on AWS S3 security can be found here.
The ORDITAL mobile app is a custom developed application built with the following powerful API’s from the following global software leaders.
The ORDITAL mobile app when used in enterprise mode requires a password to log into the ORDITAL server. The credentials for the ORDITAL mobile app and the ORDITAL desktop are identical. The ORDITAL server is configured to determine time out periods after which users must log back in again on the ORDITAL mobile app.
The ORDITAL mobile app communicates with the server via a web server. The Web Server is installed in an Amazon Web Services Elastic Compute Cloud (AWS E2C) instance. The communication between the web server and the mobile device is secured by HTTPS protocol with Secure Sockets Layer (SSL) encryption.
As stated in the data extraction part of this web site, ORDITAL uses crowdsourcing to extract information from photographs. This is done completely outside the salesforce force.com database - there is no linkage / interface whatsoever between the crowdsourcing and salesforce force.com database so it is not possible for crowd workers to ever see any of the data stored in the database.
A unique encrypted link to a single image in AWS S3 is provided to the crowd workers to allow them to see the photograph. This link times out immediately after the crowd worker has reviewed the image and can no longer be used. There is no meta-data about the image that is shown to the crowd workers. The crowd work is simply shown an image and asked to key in data about that image. They don't know where in the world the image, what company it is from, and a single crowd worker might see photographs from multiple companies within the same job to further obscure any chance of identifying where the image has come from. A typical example of what is shown to a crowd worker is shown below.
The most important question to ask with respect to sharing the photographs with crowd workers is not a technical one - it comes down to the the security profile of the information being shared. Generally, the information contained within the photographs originated from a manufacturer and is thus not confidential to the operator of the equipment - anyone that purchase that same equipment would have access to exactly the same information. Therefore information related to process and an operator's usage and performance would not be exposed through any of this information.