Skip to content
Contact us
  • There are no suggestions because the search field is empty.

Data Hosting, Encryption, and Protection

Fleetwise implements a defence-in-depth approach to data protection, leveraging Microsoft Azure’s native encryption capabilities and platform security controls to ensure confidentiality, integrity, and availability of customer data.

Single Tenanted Architecture

Fleetwise uses a single-tenant architecture, with each customer provisioned on dedicated application and database resources in Azure. Each environment is deployed as an isolated instance of Azure App Services and Azure SQL, with no shared database schema or multi-tenant data model.

Tenant isolation is enforced across the application, database, and infrastructure layers, ensuring strong separation between customer environments. This approach eliminates the risk of data co-mingling and provides a high level of logical and operational isolation.

Data Hosting And resourcing

 Fleetwise database is hosted on Microsoft Azure in their East Australia data centre. 

Fleetwise uses Azure SQL Elastic Resource Pools to dynamically allocate shared compute resources across dedicated customer databases and app services, ensuring optimised performance, scalability, and efficient utilisation of infrastructure capacity.
 

Database Backup

 Database backups use Azure read-access geo-redundant storage (RA-GRS) to provide geo-redundancy. All production sites are stored on discrete SQL Databases. By default, these have Point in Time Restore points enabled, which are created every 5 –10 minutes, and retained for 7 days. Long term restore backup are retained for 1 year. 

 As the SQL Database backups are replicated across regions, in the event of a long-term outage at the primary region (Australia East), a second instance could be deployed to the Australia South East region, making use of a recently replicated backup. Fleetwise data are encrypted at rest on Azure SQL Database with Microsoft Transparent Data Encryption, key is managed using Azure Key Vault. Fleetwise enforces TLS 1.2 or above for data at transit.

Data Encryption

Fleetwise data are encrypted at rest on Azure SQL Database with Microsoft Transparent Data Encryption, key is managed using Azure Key Vault. Fleetwise enforces TLS 1.2 or above for data at transit.

TLS 1.2 is enforced for all APIs. UI and APIs primarily use token-based authentication (JWT) for secure communication. API calls are logged and monitored with Azure Application Insight.

Azure defender for cloud

Fleetwise uses Microsoft Defender for Cloud to continuously monitor its Azure App Services, databases, and DevOps resources for security threats and vulnerabilities. It analyses application traffic, database activity, and system configurations to detect anomalies such as attack attempts or misconfigurations, and provides real-time alerts and remediation recommendations. This ensures proactive protection, rapid threat detection, and a consistently strong security posture across the platform.

Event Logging

Each PVBS instance is integrated with an Application Insights resource. This provides near real-time information on PVBS traffic, resource utilisation, availability and exceptions. 

Audit logging has been configured both at the SQL Server and Database level for production PVBS instances.