IoT sensor data security — encryption, isolation and audit in plain language

IoT data security has a reputation as a topic where eyes glaze over by the third slide: certificates, acronyms, diagrams with padlocks. Yet the questions an administrator or a security officer really has to ask are simple: who can read my data in transit, is my organisation's data separated from everyone else's, and is it known who changed what. In this article we walk through those questions in plain language — using the way the Nextriv system is built as the example — and at the end we leave a checklist you can use to vet any sensor platform.

IoT data security is three questions, not a hundred slides

Every security mechanism in a measurement platform answers one of three questions:

1. Transport — can the data be eavesdropped on or tampered with on its way from sensor to screen?
2. Isolation — can another organisation using the same platform see my data?
3. Accountability — does every change and every access leave a trace you can show an auditor?

On top of that comes a fourth question, increasingly common from the legal side: what about the GDPR when data has to be deleted. Let us take them in turn.

The data's journey: a closed loop instead of open doors

A reading begins its life in a sensor, which connects to a gateway over long-range radio. That is an architectural detail with big security consequences: the sensors are not devices on your corporate network. They have no IP addresses on the LAN, they do not know the Wi-Fi password, they cannot be scanned from the office network. The only device plugged into the IT infrastructure is the gateway — one point to inventory, update and supervise, instead of fifty.

From the gateway to the cloud, the data already travels over a TLS-encrypted connection — the same standard that protects online banking. The direction of traffic matters too: data enters the Nextriv platform exclusively from Nextriv sensors through Nextriv gateways, while integrations such as webhooks or MQTT are for getting data out to your systems. A closed loop at the input means a smaller attack surface: there is no public endpoint through which anyone could "slip in" fake readings.

The gateway itself is a fully fledged network device the IT department can treat like any other piece of infrastructure. Nextriv Hub Pro has a built-in firewall, support for seven VPN types (including WireGuard) and multi-level administrative permissions — it can be slotted into corporate security standards instead of asking for an exception to them.

Isolation: a wall at the database level, not the application level

A cloud platform serves many organisations at once — the question is what separates them. The weakest answer is "the application filters the data": one bug in the code is enough for the filter to let too much through. Nextriv applies isolation at the level of the database itself (row-level security): every row of data is assigned to an organisation, and the database refuses to return someone else's records regardless of what the application asks for.

Picture it this way: instead of one hall with tape dividing the workstations, each organisation gets its own room with its own lock. Even if someone got the doors mixed up, the key would not turn.

Access: roles, invitations and a second factor

Most data incidents start not with a break-in but with excessive permissions. That is why platform access is role-based: an administrator manages the organisation and configuration, a manager works with sensors and alerts, a user sees what they are meant to see. New people join via invitations that expire after 7 days — a link sent in February will not open any doors in June.

Accounts are protected by a password policy and TOTP two-factor sign-in (codes from an authenticator app) with backup codes in case a phone is lost. An administrator can see active sessions and, if needed, sign an account out of all devices in a single action — handy when a laptop stays behind on the train.

Audit: who, what and when — for five years

The auditor's third question is always the same: "how do you know who changed this?". The audit trail answers it — a chronological register of actions in the platform: who changed an alarm threshold, who acknowledged an event, who generated or downloaded a report. Alongside it runs a separate security event log (sign-ins, permission changes), and both registers are retained for 5 years and exportable to CSV/PDF — exactly the form you can put on the table during an inspection.

Signed PDF reports complete the picture: every document receives a SHA-256 checksum, a QR code and a verification address, so the recipient can confirm by themselves that the report has not been changed since generation. Why this matters in regulated environments is described in more depth in our article on measurement data retention for audits.

Sharing without handing over your account

A common deployment sin: "show the tenant the readings" ends with a login and password sent by e-mail. In Nextriv this is what the public widget is for — a read-only view, available via a tokenized link, no sign-in. You choose which sensors and metrics it shows, you can add a chart of the last 24 hours, set an expiry date on the link and check the view counter. The recipient sees exactly what they are meant to see — and not one thing more.

GDPR: you also have to be able to delete data

Security is not only protection against losing data, but also the ability to delete it in a controlled way. The platform supports deletion on request in line with the GDPR — up to and including self-service removal of an entire organisation together with its data, without writing to support and waiting weeks. Retention is a policy you control, not a trap you cannot get out of.

Checklist: what to ask a sensor platform vendor

Whether or not you choose Nextriv, these questions are worth asking anyone:

1. Are the sensors devices on my corporate network, or do they connect outside it?
2. Is transmission to the cloud encrypted (TLS)?
3. How is different customers' data separated — in the application or at the database level?
4. Are there roles and permissions, or does every user see everything?
5. Is there 2FA and session management (global sign-out)?
6. Is there an audit trail — retained for how long, and is it exportable?
7. Can reports be verified cryptographically years later?
8. What does data deletion look like — and can I do it myself?

The full list of mechanisms — from encryption, through organisation isolation, to the security log — is collected on the Nextriv security page. And the quickest way to judge them is in action: book a demo and we will show the audit trail, roles and secure sharing on a live system.