Security Assurance

Edge Connector Security Enterprise

The nara Edge Connector is designed for organizations that require strong control over how AI tooling reaches internal systems. This page summarizes the controls, operating model, hosting posture, and independent assurance measures that govern the Edge Connector and the services that manage it.

Executive summary

nara operates the Edge Connector under a defense-in-depth model built around four principles:

1. Constrained central control — the platform cannot introduce arbitrary endpoint behavior without cryptographic trust and policy enforcement at the connector.
2. Least privilege by design — deployments, tools, and operators receive only the permissions required for their scope.
3. Auditable operations — administrative changes, bundle releases, approvals, and runtime actions are logged and reviewable.
4. Independent assurance — the nara security and operating model is backed by external audits, penetration testing, and formal compliance programs.

Security architecture

The Edge Connector separates the control plane from execution on customer-managed infrastructure.

Customer Admin / nara Admin
            |
            v
   nara Control Plane
            |
            v
  Signed Bundle + Policy Distribution
            |
            v
  Edge Connector (customer infrastructure)
            |
            v
  Local Tool Sandbox + Customer Systems

Signed code only

Tool bundles are signed before release. The Edge Connector verifies bundle signatures locally using pinned trust roots before any updated code is accepted or executed.

Policy-enforced runtime

Every deployment is governed by policy. Tool capabilities, update behavior, approval requirements, and device scope are enforced by the connector at runtime.

Isolated execution

Tool implementations run in isolated execution contexts with explicit capability boundaries. High-risk primitives are disabled by default and must be enabled intentionally.

Customer-controlled rollout

Customers can require staged rollout, change approval, or customer-controlled signing before new bundle versions are activated.

Central control risk and blast radius reduction

nara is designed so that compromise of a central service does not automatically translate into broad endpoint control.

The Edge Connector limits central influence through the following controls:

• Bundle signature verification at the endpoint before execution.
• Pinned trust roots inside the connector.
• Customer policy enforcement for update channels, rollout rings, and capability grants.
• Capability-based tool execution instead of generic remote administration access.
• Approval gates for sensitive actions such as write, execute, credential access, or elevated operations.
• Read-only defaults for newly assigned tools and deployments.
• Per-deployment isolation so one deployment cannot be used to impersonate or control another.
• Revocation and emergency block mechanisms for bundles, credentials, and deployments.

Tip

The Edge Connector is not operated as a generic remote administration agent. Customers can restrict deployments to read-only tools, require local or administrative approval for sensitive actions, and disable automatic rollout of new bundle versions.

Deployment trust and code distribution

Bundle release and execution follow a controlled supply-chain model.

• Bundles are built in controlled CI pipelines with signed release artifacts.
• Release signing keys are managed through dedicated key-management processes with separation of duties.
• The connector validates signature, version, integrity metadata, and policy compatibility before activation.
• Rollouts support canary, pilot, and broad-release rings.
• Customers can freeze on approved versions, require manual promotion, or use customer-controlled signing workflows.
• Revoked bundles are blocked from future activation and can be remotely invalidated.

Hosting and data residency

nara operates its production environment with Germany-first hosting for Edge Connector control-plane services and customer data covered by the Edge Connector operating model.

Primary hosting posture

• Production application workloads run in Germany-based regions.
• Primary databases, object storage, backups, secrets management, and audit logging are hosted in Germany-based regions.
• Bundle storage and release artifacts for Edge Connector deployments are hosted in Germany-based regions.
• Disaster recovery replicas remain within approved EU locations.
• Administrative access paths, logging infrastructure, and key-management systems follow the same residency controls.

AI and model processing residency

• AI-assisted processing covered by the Edge Connector security boundary is region-pinned to approved EU or Germany-based processing locations.
• Model routing does not default to global endpoints for workloads subject to residency controls.
• Customers with strict residency requirements can use region-restricted deployments and approved model-processing paths only.

Data residency commitments

• nara documents the storage, processing, backup, and replication location for each major service component.
• Customers receive an up-to-date subprocessor and region list.
• Changes to residency-relevant subprocessors or regions follow formal change management and customer notification procedures.

Certifications and independent assurance

nara maintains an assurance program aligned with enterprise and regulated customer requirements.

Current certifications and reports

• ISO/IEC 27001 for the nara information security management system.

Additional assurance measures

• independent penetration tests covering the external attack surface and authenticated application paths.
• Targeted retesting after major architectural changes affecting the Edge Connector, deployment model, or trust chain.
• Regular vulnerability scanning, patch validation, and remediation tracking.
• Executive summaries and supporting assurance materials available to customers under NDA.

Note

Certification scope statements, report availability, and supporting evidence are provided through the nara trust and compliance process. Customers can request additional documentation during security review.

Access control and administrative safeguards

nara applies least-privilege administrative access to both product operations and internal systems.

• SSO and MFA are mandatory for administrative access.
• Privileged access is role-based and approved through least-privilege workflows.
• Break-glass access is controlled, time-bound, and fully logged.
• Production changes follow peer review, change approval, and deployment safeguards.
• Secrets are stored in managed secret systems with rotation and access logging.
• Administrative actions affecting deployments, bundles, policies, and credentials are audited.

Connector authentication and device trust

The Edge Connector supports both interactive and headless trust models without exposing long-lived credentials in transport.

• Desktop deployments use browser-based approval flows tied to user and organization context.
• Server and headless deployments use deployment-specific credentials and proof-based authentication.
• Deployment credentials are rotated through managed workflows and can be revoked immediately.
• Connector identities are bound to deployment context and enforced at connection time.
• Concurrent or conflicting deployment connections are rejected according to runtime policy.

Runtime controls and approvals

Customers can tailor how much local authority the connector receives.

Policy options

• Read-only tools only
• No automatic bundle rollout
• Manual promotion between rollout rings
• Local user approval for sensitive actions
• Central admin approval for sensitive actions
• Restricted file-system and network capabilities
• Restricted command execution
• Restricted device groups and deployment scopes

Execution safeguards

• Tool executions are isolated from each other.
• Capabilities are granted explicitly rather than implicitly.
• High-risk actions can require separate approval even when a tool is assigned.
• Runtime health, version state, and approval state are visible through deployment management and audit trails.

Monitoring, logging, and incident response

nara operates formal monitoring and security operations processes for the Edge Connector service boundary.

• Security-relevant events are centralized in monitored audit and telemetry systems.
• Alerts cover authentication anomalies, rollout anomalies, connector health degradation, and suspicious administrative activity.
• Incident response follows defined runbooks for containment, revocation, key rotation, rollback, and customer communication.
• Customers receive timely notification for confirmed incidents affecting confidentiality, integrity, or availability according to contractual commitments.
• Post-incident reviews drive corrective actions, control hardening, and documented follow-up.

Customer-facing security materials

Customers can request or receive the following materials as part of security review:

• Security overview and architecture summary
• Data residency and hosting statement
• Subprocessor list with regions and purposes
• Incident response summary
• Certification and assurance summary
• Penetration testing summary
• Shared responsibility model
• Deployment and rollout control summary
• Edge Connector trust model and blast radius summary

Shared responsibility model

nara secures the managed platform, control plane, bundle trust chain, and product-level governance controls. Customers remain responsible for local endpoint hardening, operating-system baselines, internal network controls, and any customer-managed approvals or signing workflows they enable.

This shared responsibility model allows customers to adopt the Edge Connector while preserving local security standards, approval models, and infrastructure governance.