The question about “how secure is my dongle” has already been asked and answered. This one adresses the Cloud platform “on the other end”. How you guys secure the plattform and protect it from data leaks/breaches? The main component of a standard dongle is the cloud, therefore im concerned about the security.
As already mentioned in the other thread, all communication between our server and the devices are utilising an enterprise grade privisioning system called saltstack and thus is encrypted and secure.
We follow best practice security-wise, and we have automated tests that verify various areas of the API, including, among other things, that no data is accessible to anyone not authenticated, and also that data isolation is enforced properly, etc.
All our servers are locked down, communicate via a VPN and are updated regularly.
We all have years of software development experience from payment providers, energy companies and government software providers. So we all have the knowhow and most importantly our focus is on security.
I hope this answers your questions.