SaaS Security - Hardening Your Smart Factory Analytics Platform
The new year is a great time to examine habits and create healthy new ones. With this in mind, we’re going to talk about cyber-security protocols and the healthy habits that you and your co-workers should embrace in order to protect your critical data, as well as your company’s.
According to the recent, well documented article 40 Stunning Hacking Statistics that Concern Us All in 2019:
- There’s a hacker attack every 39 seconds
- There are 75 records stolen online every second
- 444,259 ransomware attacks took place worldwide in 2018
- Hackers create 300,000 new pieces of malware daily
- Cybercrime cost the world almost $600 billion in 2018
They also note that 71% of Americans are wary of hackers stealing their credit card or financial info.
Every business is susceptible to hacking, period. The most prevalent forms of hacking are:
Malware: Malware is harmful software that includes viruses and ransomware. Ransomware installs itself in your computer, takes control of it, and locks it up until you pay a ransom, typically in a Bitcoin transfer. Other malware operates in stealth without your knowledge, simply monitoring your keystrokes as you type in order to siphon valuable information such as account login credentials.
Phishing: A phishing attack takes place when you or someone in your company is sent an email that appears to be authentic and is trustworthy enough in appearance to fool you into taking an action. Once you click a link or open an attachment it may open up a malware installation or it may take you to a fake version of a trusted site and when you try to log in, you’re actually providing the hackers with your login credentials.
SQL Injection: Many corporate servers store critical data for websites and services in databases that use Structured Query Language (SQL). A SQL injection attack targets this type of server, injecting malicious code to take control of or extract information from the server. Essentially, it embeds a SQL instruction where a webpages is asking for information from a user. For example: Enter Username: “johnsmith OR 1=1” Essentially, the computer logic test the OR condition and since 1 does equal 1, the username is always valid.
Cross-Site Scripting: In cross-site scripting, an attacker injects malicious code into a comment or elsewhere on a website. This can place the website visitor at risk as a script can harvest information such as credentials or credit card information. This both puts the visitor at risk and damages the reputation of the site owner.
DoS Denial of Service: A denial of service attack occurs when a computer floods a website with traffic (or requests), making access to the website by normal users extremely slow or even impossible. A specific form of this is a DDoS, or Distributed Denial of Service, where hackers coordinate DoS attacks from many computers simultaneously to a targeted website.
Credential Reuse: Many people reuse usernames and passwords, or slight variations, across a large number of sites. Once hackers have your credentials, they’ll test these and commonly used variants (add a number or an exclamation point to the password for instance) across a large number of sites to crack as many of your accounts open as they can.
In the case of businesses, most IT departments standardize on email formats, for instance firstname.lastname@example.org. Unfortunately, this removes one barrier for a hacker as the login email addresses are easy to guess and the only variable is the password.
When companies move from internally hosted software to using SaaS solutions, this opens up vectors of attack that didn’t exist before, including many of the above.
Some companies have the benefit of an ISSO, or Information Systems Security Officer or CSO, Chief Security Officer who ensures that internal security protocols are followed. Other companies must make do with other internal resources to try and internally share best practices.
At a previous company, Worximitys' own CTO had the ISSO role and performed security tests of his own company, including hiring outside firms to perform penetration testing, where they try to hack systems.
Additionally, an outside consultant (“white hat” in the vernacular) initiated a phishing attack at the company and the attack got right through. Worximity has subsequently deployed countermeasures to reduce the chance of this happening in the future. This is why we raise this topic with you, our customers. We want to increase your awareness and help ensure that you’re taking the necessary steps to protect your data.
It’s vital when deploying a SaaS solution that you consider security of your data as part of your rollout and take it as seriously as we do.
The Center for Internet Security provides guidelines that everyone who is a SaaS user at your company should be following.
Here’s how Worximity manages security on your behalf:
With respect to IoT (Internet of Things) devices such as sensors, which are heavily used in manufacturing and smart factories, many enterprises are struggling to secure the IoT devices they already have. According to a 2019 survey conducted by Forrester, “67% have experienced a security incident related to unmanaged IoT devices.”
Worximity uses multiple layers of security in order to ensure manufacturing data is secure, including security:
- On the IoT device (our TileConnect sensor)
- In the network, and with authentication & communication between the TileConnect sensors and the cloud (TileBoard)
- Between the TileBoard cloud and other factory systems it exchanges data with such as Enterprise Resource Planning (ERP) and Manufacturing Execution Systems (MES)
- For the users; in order to only display the data uses are authorized to view and/or change
IoT Device Authentication
Using Digital Certificates issued by trusted 3rd parties.
Digital Certificates are credentials that facilitate the verification of identities when data is exchanged. Just as people use government-issued photo identification to prove you are who you say you are, IoT devices and cloud systems use digital certifications, also known as public key certificates or identity certificates. Trusted 3rd party digital-certificate issuers can add an additional degree of confidence by performing background checks on the companies or individuals before issuing them a digital certificate. This can help prevent spoofing by a malicious person attempting to impersonate a company or an IoT device.
IoT Data Encryption
Once a IoT device or system is authenticated, the data exchange (or conversation) should be encrypted. Transport Layer Security (TLS) is an encryption mechanism used within enterprise networks and over the public Internet. TLS provides both authentication and end-to-end encryption. This helps prevent information being compromised in the event a malicious person has a tool that captures network traffic between the IoT device and the cloud server. Since the data is encrypted, a human cannot read the information being transmitted.
IoT Data Retention Policies
Sensor data is only stored on the device until it has been securely transmitted to the cloud.
Firewalls are used to limit access to computer networks. This can also include limiting network traffic, restricting access based on geographic location, and even blocking computer viruses. Intrusion detection systems (IDS) monitor network packets and look for unusual requests, such as dashboard login attempt using the credentials of an IoT sensor.
Beyond the security layers, Worximity also recommends regular audits of IoT configurations to make sure that they aren’t deviating from security best practices. Setting up automatic alerting for unusual events, such as multiple devices using the same certificate, a device trying to authenticate with an expired certificate, or a sudden increase in the device’s network traffic.
Please take some time to review the recommendations that You can find here and distribute this information to your peers.
Here are additional resources as you think through your Smart Factory Analytics implementation:
If you have questions about the Smart Factory Analytics implementation process, including implementing security recommendations, reach out to a Worximity solutions consultant below!