We want to assure everyone that the methods used to compromise Verkada’s devices and infrastructure cannot be used against Ava Security.
Ava does not employ the concept of a super-admin that can be used to access all customer systems. Ava Aware customers are fully in control of the creation and administration of accounts on their systems, and there are no backdoors or secret hidden accounts. Ava also does not use Jenkins, or any similar system, to bulk edit any deployments, nor does it have any backdoor into our customers' systems.
We designed our Deployment Management Portal (DMP) to allow Ava’s partners and the Ava Support team to help operate and support deployments. Command of whether this is enabled and what permissions are granted are controlled by the customer. Access by Ava Support is controlled by multi-factor authentication (MFA) and limited to specific individuals based on their role. Besides, all use of this mechanism is logged and audited.
Ava is a security-first company, with a strong product and security culture. We believe that to deliver an effective security solution, the system itself must be secure. Our company’s first offering in the market was Ava Reveal, a cybersecurity solution for data protection. We later broadened the offering to include Ava Aware, Ava Cameras, and the Ava Cloud Connector for video security and analytics. We have industry-leading portfolios and expertise in both video and cyber security, and share secure development models and expertise across domains to ensure all our products are secure from the ground up. While it is impossible to guarantee 100% security, we follow internationally recognized security standards and processes to minimize the risk.