Skip to main content

Zero Trust - SOC2 No Servers - No Inbound Ports - IT-Friendly by Design.

##4

Zero Trust. SOC2. No Servers. No Inbound Ports. IT-Friendly by Design.

This pack is built to help IT teams approve BluSKY immediately by addressing:

  • Security architecture
  • Network architecture
  • Identity and provisioning
  • Data governance
  • Encryption
  • Compliance
  • Cloud infrastructure
  • Penetration testing
  • Risk and failure-mode analysis
  • IT questionnaire requirements

Security Architecture Overview

Cloud-Native, Zero Trust Model

BluSKY operates under a pure Zero Trust posture:

  • No implicit trust anywhere
  • Identity-driven access
  • Continuous verification
  • No inbound firewall ports
  • All communication outbound-initiated
  • Complete role-based access control (RBAC)
  • Multi-factor authentication (MFA)
  • Encrypted service-to-service communication

This drastically reduces IT exposure and eliminates traditional attack surfaces.

SOC 2 Type II Compliance

BluSKY operates under a full SOC 2 Type II program, covering:

  • Organizational controls
  • Network security
  • Change management
  • Data protection
  • Vulnerability management
  • Access controls
  • Operational integrity
  • Incident response procedures

Consultant takeaway: IT departments approve SOC2 vendors first, every time.

Network Architecture

No On-Prem Servers

BluSKY eliminates the need for:

  • Access servers
  • Database servers
  • Video servers (Milestone integration via LVSM uses no inbound ports)
  • Proxy servers
  • Middleware boxes
  • Integration servers
  • VPN tunnels

All logic and management live in the cloud.

No Inbound Firewall Ports

All site communication uses outbound, encrypted connections to the BluSKY cloud.

This means:

  • No public IPs
  • No NAT rules
  • No port forwarding
  • No DMZ servers
  • No firewall exceptions

Everything is secure by default.

Encryption Everywhere

  • TLS 1.2+ transport encryption
  • AES-256 at-rest encryption
  • Tokenized access
  • Signed requests
  • OAuth-secured APIs
  • Automatic certificate rotation

Device-Level Security

ARC controllers and LVSM communicate via:

  • Encrypted outbound tunnels
  • Mutual authentication
  • Heartbeat monitoring
  • Tamper detection

Controllers never expose ports to the public internet.

Identity, Provisioning & SSO

SCIM 2.0 Identity Provisioning

BluSKY supports:

  • Azure AD
  • Okta
  • OneLogin
  • Google
  • Custom SCIM providers

SCIM automates:

  • Employee provisioning
  • Deprovisioning
  • Role-based access assignment
  • Zero manual data entry

Single Sign-On (SSO)

Supported protocols:

  • SAML 2.0
  • OIDC

SSO brings:

  • Centralized identity
  • MFA enforcement
  • Conditional access
  • Geo/IP policy controls

Data Governance & Privacy Protection

Data Isolation

  • Full tenant isolation
  • Separate databases/logical partitions
  • Strict RBAC boundaries
  • Independent encryption keys

Data Retention Options

Configurable policies for:

  • Events
  • Videos (via Milestone)
  • Identity logs
  • AI metadata
  • Access history

Visitor logs

Compliance-ready for:

  • Banking
  • Insurance
  • Healthcare
  • Government
  • Enterprise and commercial office

Cloud Infrastructure Details

Redundancy & Resilience

BluSKY is built on:

  • Multi-zone cloud redundancy
  • Auto-restart services
  • Distributed load balancing
  • Hot-standby failover
  • Database replication
  • Continuous backup snapshots

Service interruptions fail over within seconds - with no onsite dependency.

Penetration Testing & Vulnerability Management

Regular External Pen Testing

Third-party penetration testing covers:

  • Application layer
  • Authentication
  • RBAC integrity
  • API security
  • Input validation
  • Boundary protections

Continuous Vulnerability Scanning

Includes:

  • CVE scanning
  • Patch-level analysis
  • Dependency checks
  • Container scanning
  • Certificate validation

Risk Controls & Failure-Mode Protections

BluSKY protects against:

  • Server hardware failures
  • Power outages
  • Clock drift
  • Local network failures
  • Database corruption
  • OS vulnerabilities
  • Local attack surfaces
  • Natural disasters
  • Ransomware on-prem

All major failure points of traditional on-prem systems are eliminated.

IT Questionnaire (BluSKY Answers)

QuestionBluSKY Answer
Do you require inbound firewall ports?No
Do you require on-prem servers?No
Do you support SSO?Yes - SAML & OIDC
Do you support SCIM provisioning?Yes
Do you store passwords?No - hashed and salted to industry standards
Do you use encryption?Yes - in-transit and at-rest
Are you SOC2 audited?Yes - Type II
Do you support MFA?Yes
How is customer data isolated?Multi-tenant logical separation
Do controllers expose open ports?No
Is the platform scalable?Automatically
Do you support pen tests?Yes - regularly conducted
Can IT monitor admin sessions?Yes - privileged access logs
Can IT restrict admin privilege?Yes - granular RBAC
Do you support audit exports?Yes - fully exportable logs

These responses dramatically accelerate IT approval.

Why BluSKY Is the Easiest Security Platform for IT to Approve

  • No servers
  • No inbound ports
  • No patching
  • No middleware
  • No VPN
  • No OS updates
  • No proprietary appliances

And fully modern by default:

  • SOC2-compliant
  • Zero Trust
  • Full encryption
  • SSO + SCIM
  • API-first
  • Multi-tenant secure
  • Redundant
  • Self-healing
  • Supervised by AI

This is the architecture IT teams expect - and trust.

Consultant Summary

Consultants specifying BluSKY achieve:

  • Fastest IT approval cycle
  • Lowest cyber risk footprint
  • Highest operational security
  • No integration server dependencies
  • No vendor lock-in
  • Cloud-first compliance readiness
  • Future-proof design for AI and automation

This is the modern security architecture standard.