Samsara is built from the ground up for sensitive environments and security-conscious customers.

Unlike legacy solutions that were designed in a different era and patched over time, Samsara is purpose-built to aggregate and process sensor data securely. All aspects of Samsara’s service, from its patent-pending technology architecture to built-in security tools for administrators to ongoing monitoring and risk mitigation, are designed for security and reliability by seasoned industry experts with extensive experience building secure technology systems for enterprise and industrial customers.


  • SSL / 256 bit AES encrypted transport
  • Always protected with over the air patches
  • Validated by 3rd party audits
  • Robust end-user security tools
  • Redundant hosted software service

A Read-Only Solution

Samsara is optimized for making it easy and affordable to collect and analyze sensor data.

Samsara is a read-only system: while it passively collects sensor data, it has no control functions. Moreover, Samsara’s integration points are separated from control systems through virtual and physical isolation layers. An attacker cannot take control of, or interrupt service to, a customer’s physical assets by means of the Samsara system, as control functions are independent of the Samsara solution.

Security in Depth

  • Hardened Cloud Infrastructure

    Samsara’s cloud-hosted infrastructure is designed and managed in alignment with the best practices of multiple IT security standards. Samsara’s underlying infrastructure leverages Amazon AWS, which is ISO 27001 and SOC 1 Type II certified, and is rated as the leader in cloud security by research firm Forrester.

    Network devices, including firewall and other boundary devices, are in place to monitor and control communications at the external boundary of the network and at key internal boundaries within the network. These boundary devices employ rule sets, access control lists (ACL), and configurations to enforce the flow of information to specific information system services.

    ACLs, or traffic flow policies, are established on each managed interface, which manage and enforce the flow of traffic.

    Samsara is built on a secure multi-tenant cloud architecture with logical data separation. Customer data is logically separated across distributed databases with required authentication checks for every application-layer and data-layer access made to any tenant's data. The logical separation ensures that data is always associated with exactly one customer, and required authentication checks at the application and data layers ensure that data is completely isolated by customer and accounts provisioned for that customer.

    Samsara employs a Virtual Private Cloud to provide resource isolation and minimize attack surface area. Samsara services are protected by IP- and port-based firewalls. Administrative access to Samsara’s infrastructure is highly restricted, and verified by public key (RSA). Distributed Denial of Service (DDoS) attacks are mitigated with elastic load balancing and highly available DNS services.

    When a storage device containing customer data has reached the end of its useful life, procedures include a decommissioning process that is designed to prevent customer data from being exposed to unauthorized individuals. Techniques detailed in DoD 5220.22-M (“National Industrial Security Program Operating Manual “) or NIST 800-88 (“Guidelines for Media Sanitization”) are used to destroy data as part of the decommissioning process. All decommissioned magnetic storage devices are degaussed and physically destroyed in accordance with industry-standard practices.

  • SSL-Encrypted Data Transmission

    Samsara IoT gateways communicate exclusively over SSL-encrypted connections. Whether communicating over a cellular network or via WiFI, all traffic is encrypted, preventing third parties from reading sensor data. Moreover, Samsara automates gateway provisioning, eliminating the potential for man-in-the-middle attacks through configuration errors or invalid certificates.

    Likewise, all access to sensor data via the Samsara web application, mobile app, or API access are SSL-encrypted, securing data retrieval without depending on the integrity of local networks or VPNs.

  • 24x7x365 Monitoring

    Samsara employs multiple independent systems to monitor system health and security. Security verification and penetration tests are performed daily by McAfee SECURE, an industry-leading third party service. Application availability is constantly monitored by multiple geographically distributed services, and Samsara’s operations engineers are available around the clock to respond to incidents.

    Security monitoring tools help identify several types of denial of service (DoS) attacks, including distributed, flooding, and software/logic attacks. In addition to the DoS prevention tools, redundant telecommunication providers as well as additional capacity protect against the possibility of DoS attacks.

    In the unlikely event of a security event that affects the customer's data, organization administrators and/or identified points of contact will be notified by Samsara. Any event will be reported as soon as possible after discovery.

  • Redundant, Highly Available Infrastructure

    Samsara’s service is a distributed system designed to spread computation and data across multiple physical servers. Every customer’s data is replicated across multiple servers and storage appliances, so that hardware failure will not compromise service availability or customer data. Networks are multi- homed across a number of providers to achieve Internet access diversity.

    Datacenters are equipped with advanced fire detection and suppression equipment, including protection by either wet-pipe, double-interlocked pre-action, or gaseous sprinkler systems. The data center electrical power systems are designed to be fully redundant and maintainable without impact to operations, 24 hours a day, and seven days a week. Uninterruptible Power Supply (UPS) units provide back-up power in the event of an electrical failure for critical and essential loads in the facility. Data centers use generators to provide back-up power for the entire facility.

    Climate control is required to maintain a constant operating temperature for servers and other hardware, which prevents overheating and reduces the possibility of service outages. Data centers are conditioned to maintain atmospheric conditions at optimal levels. Personnel and systems monitor and control temperature and humidity at appropriate levels.

    Samsara is designed for rapid failover in the event of a hardware failure or natural disaster. And Samsara sensors and gateways are equipped with on-board storage to save data locally in the event of a cloud service interruption, and will automatically upload buffered data upon service resumption.

  • Security Tools for Administrators

    Samsara provides administrative tools to protect your organization’s data, including user management with email verification, authentication audit logs, and two factor authentication (via Google Apps). Moreover, Samsara enforces robust user authentication, with data access requiring authentication via Samsara’s centralized server (no default passwords or shared secrets).