Here are the four words that no system integrator wants to hear: “You have been hacked.”
Which is why, when it comes to industrial and building automation, many system integrators are on the hunt for cost-effective solutions that let them securely interface their devices with their Building Management System (BMS) and the Cloud.
As the demand for secure, Cloud-based solutions grows (thanks to an ever-expanding range of Industrial Internet of Things or IIoT-enabled devices within industrial and operational control) so, too, will Cloud-based solutions. In fact, according to Gartner analysts, better than 85% of organizations will adopt a Cloud-first approach by 2025.1
But how secure is the Cloud and the solutions you’ve chosen for your organization?
Surprisingly, not every Cloud solution is as secure as you might think. That’s why we at MSA like to talk about cybersecurity a lot. It’s also why we’re continually evolving the functionality and security of our Cloud-based solutions and automation gateway products (which, by the way are at work both on site and in the Cloud at 100,000+ locations around the globe).
To help protect your organization, let’s take a look at the Cloud, our strategy behind it, and what we’re doing to continue keeping security at the forefront of everything we do.
Cloud-based Automation Solutions
We’ve written about more secure industrial automation in the Cloud before and its ability to promote intelligent and efficient automation. Suffice it to say, the number of industrial organizations that will operate through the Cloud will continue to grow. Gartner researchers also say that more than 50% of global enterprises will have adopted an “all-in” Cloud strategy before 2022.2
For us, that’s no surprise. Because we’re in the business of helping leaders, owners, and system integrators within commercial buildings, institutional facilities, and manufacturing and industrial process plants transition to Cloud-based automation.
In fact, we’ve designed MSA’s FieldServer Gateways with more than 140 communication protocols to allow secure connection of the many disparate devices found within their organizations. This includes MSA devices, as well as devices from other manufacturers. It also includes legacy equipment that’s still reliable, along with smart, Cloud-based devices.
When it comes to Cloud connectivity, our goal is to help you eliminate exposure to your entire organization. So, we’ve developed a line of Cloud-enabled products and Cloud-based solutions, including:
- MSA FieldServer Dual Ethernet Port Device, which allows for secure LAN and WAN connectivity and is capable of blocking VPN, proxy tunnel, and other unwanted connections from coming into the FieldServer bridge; as well as allowing certain ports to be opened, such as Modbus TCP/IP (port 502)
- OpenVPN Interface, which establishes an encrypted and authenticated secure tunnel from a local computer to remote devices connected to a FieldServer gateway
- MSA Grid – FieldServer Manager, which is our Software-as-a-Service (SaaS), Cloud-based platform, enables secure integration and management of connected devices
- FieldVEU, which is MSA’s visualization application that interfaces with the MSA Grid platform, enables real-time notifications from Cloud-registered FieldServer gateways and instant access to their most relevant data points
Ensuring Security in the Cloud
When it comes to leveraging the benefits of the Cloud, there are two specific challenges: (1) keeping it relevant and (2) keeping it secure.
We’ve tackled both. First, by enlisting our engineers in the continual evaluation, testing, and upgrading of our technologies so they meet market functional needs and are not just designed with some random “bells and whistles.” And, second, by enacting strong security measures with our approach and processes and building security into our products, technologies, and solutions.
To protect MSA FieldServer in the Cloud, we take a one-two punch to security that includes layering security features and employing best-practice security measures, including third-party penetration testing.
Our FieldServer gateways include such robust security measures as:
- Unique password requirements
- The ability to set up different users at varying levels
- Encrypting user credentials and personal details
- Updated security between the browser and the gateway with respect to SSL certificates (signed and user signed)
- Hardening of IP interfaces on the gateway
In addition to ensuring the security of our hardware, we work to help ensure the security of our Cloud, too.
In fact, we’re currently undergoing another series of third-party penetration testing and independent review of our security controls. In addition to this regular penetration testing, we monitor compliance with one of the most widely recognized security standards, ISO 27001.
When considering security, our customers want to know that our products and solutions meet not only our exacting standards for security and compliance, but theirs, as well.
Cloud-security is a big deal. You’ll want to be sure that you’re not vulnerable to attack through your BAS or Cloud-enabled devices.
But not every Cloud-enabled gateway is as secure as ours.
So, we recommend auditing your Cloud-based gateways and Cloud-enabled devices and applications to see if they meet both current industry standards as well as any corporate standards you may have.
Better yet, contact us for a complimentary Cloud security review from one of our experts. We’ll be in touch soon, but, in the meantime, we encourage you to learn more about cybersecurity in the industrial environment by downloading our free eBook below.