Story image

Managing data privacy and cyber security with StruxureOn

30 Mar 17

In my recent blogs I’ve taken the opportunity to write about the features and benefits of StruxureOn – our new cloud-based service for data center monitoring.

This new introduction proactively minimises downtime and reduces break-fix resolution time through smart alarming, remote troubleshooting and visibility into device lifecycles.

Because this is a cloud-based offering, I promised that I would write something about the security and privacy aspects of the service.

This is not only because it’s one of the first questions to be raised when we introduce the service to customers, but because it’s a subject which I believe we’ve paid special attention to getting right.

Anyway, it’s time to make good on my promise.

Today practically every headline about the IoT seems to be associated either with some sort of cyber vulnerability or the potential for hacking.

And talking to those designing and managing everything from hyper-scale data centers to small server rooms, with so much emphasis on real and imagined threat, security has become one of their biggest concerns.

We’ve therefore considered the architecture of StruxureOn, as well as how it collects, processes, stores and transmits data. Since the stories are out there, we have proactively built a practice around cyber security inside Schneider Electric.

This means that our core DevOps team are given training in ethical hacking, so that applications being delivered as a service or on-premise can be secured in such a way as to avoid penetration.

The StruxureOn system is continuously monitored and scanned for potential security vulnerabilities or privacy issues and the team is on-call 24/7 and able to react really, really fast to newly discovered threats or issues.

The StruxureOn solution has been architected in such a way that doesn’t expose the devices providing data to the internet. This is a major step forward for security.

We’ve had intelligent devices in the data center for over a decade – plant such as cooling equipment, UPSs and PDUs have been routinely connected to the internet for services such as firmware upgrades and so-on.

Ensuring the security of individual devices is a massive and complex undertaking, which StruxureOn has rationalised and simplified.

With StruxureOn we aggregate all device data on-site and have one secure, highly encrypted communication gateway to the Schneider Cloud. This is a one-way, outgoing connection only.

There’s no inbound route to allow a malicious attacker get in and gain control of connected devices.

Connections from the gateway are validated using an industry standard 2048 bit RSA certificate and data is encrypted in transit using 128 bit AES encryption.

A single, cyber-secure connection provides improved security for all infrastructure devices and greater peace of mind for the data center manager.

At the same time we have also enabled wide governance options around data privacy – allowing the customer to set policies for the way we treat their machine data and what do we use it for, as well as according privileges about who has access to what throughout their ecosystem.

It’s my belief that digital services like StruxureOn could improve the cyber security of data centers, while bringing together all the machine data which forms the basis of operational insights and analytics to reduce equipment running costs.

For example, we can monitor and report which firmware is running on what device, whether it’s the latest version or in need of upgrading. We can also see who has accessed devices and when they logged in.

This is really helpful reporting for customers who are worried about security or attacks on their internal systems. In addition to secure collection of data and privacy around that, Schneider also ensures secure data processing and storage within the cloud engine.

Protected by state-of-the-art firewalls, the cloud network is configured to only allow access from specific sources (using Access Control Lists), and only a limited set of authorised personnel have access – and only through multi-factor authentication.

The cloud engine is fault tolerant and runs in a redundant configuration to ensure that no data is ever lost.

Data is tagged according to source, and customers can only access what’s theirs – the system always knows which data belongs to who, and a complete audit trail is maintained of all data received and being processed.

Data is transmitted to the appropriate customer via the StruxureOn app using HTTPS TLS 1.2.  

And just to cover all the bases, logging in to the app requires either a specifically generated one-time code sent to the mobile number, or using the device’s biometric security features.

Article by Henrik Leerberg, Schneider Electric Data Center Blog 

Vertiv reveals new ‘plug-and-play’ data centre options
The new product families are said to enable the rapid deployment of right-sized, just-in-time data centre and power capacity.
Fujitsu takes conservation prize for immersion cooling system
The prize was awarded for the Fujitsu Server PRIMERGY Immersion Cooling System that can reduce power consumption by up to 40%.
5G will propel RAN market to $160b in near future
5G growth is expected to advance at a faster pace than LTE, particularly within the APAC region.
Telstra partnerships boost subsea cable infrastructure
Telstra’s customers across Asia Pacific will soon be able to take advantage of major major boosts to Telstra’s network services and subsea cables.
Expert comment: Google fined US$57mil for GDPR breaches
The committee examining the breaches found two types of breaches of the GDPR.
NTT Com launches Azure stack in Singapore
NTT Communications Corporation (NTT Com) has introduced the Managed Microsoft Azure Stack Solution to its Singapore operations.
Liquid cooling key to silencing a noisy data centre
Data centre are famous for being very noisy, but Schneider Electric's Steven Carlini says liquid cooling infrastructure could change that.
Achieving cyber resilience in the telco industry - Accenture
Whether hackers are motivated by greed, or a curiosity to assess a telco’s weaknesses; the interconnected nature of the industry places it in a position of increased threat