Privacy and Security

Data Collection, Processing and Storage

Juniper Networks takes the privacy and security of customer data in our cloud-based platform very seriously. Sky Enterprise only collects metadata from managed devices; it does not collect or have visibility of data transmitted over the customer network or through the customer’s managed Juniper devices.

Metadata includes: ports in use, bytes transmitted by a device, site name and IP address, and username (email address). All communication between Sky Enterprise systems and customer devices is via secure protocols (SSH, SSL, TLS) and authenticated. Configuration data such as security policies, NAT and interface settings are retrieved “just in time” when requested by users and cached temporarily. Configuration backups, provisioning templates and encrypted log details for advanced reporting are available on an opt-in basis.

All data stored within Sky Enterprise is encrypted at rest. After termination of the service, all customer devices, user accounts, and data are deleted from the platform.

Sky Enterprise is co-located in sophisticated data centers with industry standard certifications. These data centers are highly secure and are replicated across multiple locations to ensure resiliency and rapid failover in a disaster situation.

Sky Enterprise Security Summary:

  • Sky Enterprise services operate on hardened Linux servers running latest security patches.
  • Servers are hosted in secure data centers in geographically dispersed locations. The data center provider is SOC2 compliant.
  • Servers are locked down and only required ports are open for Junos device connections of the web front-end.
  • Sky Enterprise platforms are periodically scanned by multiple different penetration testing organizations.
  • User access to servers is strictly controlled and available only via locked down VPN entry points using individual SSH keys.
  • Junos device connections are outbound from the device using SSH and are authenticated. Users access to the Sky Enterprise web portal is via SSL and 2 Factor Authentication is available. Device message logs sent to Sky Enterprise must use TLS.