Story image

Managing data privacy and cyber security with StruxureOn

30 Mar 2017

In my recent blogs I’ve taken the opportunity to write about the features and benefits of StruxureOn – our new cloud-based service for data center monitoring.

This new introduction proactively minimises downtime and reduces break-fix resolution time through smart alarming, remote troubleshooting and visibility into device lifecycles.

Because this is a cloud-based offering, I promised that I would write something about the security and privacy aspects of the service.

This is not only because it’s one of the first questions to be raised when we introduce the service to customers, but because it’s a subject which I believe we’ve paid special attention to getting right.

Anyway, it’s time to make good on my promise.

Today practically every headline about the IoT seems to be associated either with some sort of cyber vulnerability or the potential for hacking.

And talking to those designing and managing everything from hyper-scale data centers to small server rooms, with so much emphasis on real and imagined threat, security has become one of their biggest concerns.

We’ve therefore considered the architecture of StruxureOn, as well as how it collects, processes, stores and transmits data. Since the stories are out there, we have proactively built a practice around cyber security inside Schneider Electric.

This means that our core DevOps team are given training in ethical hacking, so that applications being delivered as a service or on-premise can be secured in such a way as to avoid penetration.

The StruxureOn system is continuously monitored and scanned for potential security vulnerabilities or privacy issues and the team is on-call 24/7 and able to react really, really fast to newly discovered threats or issues.

The StruxureOn solution has been architected in such a way that doesn’t expose the devices providing data to the internet. This is a major step forward for security.

We’ve had intelligent devices in the data center for over a decade – plant such as cooling equipment, UPSs and PDUs have been routinely connected to the internet for services such as firmware upgrades and so-on.

Ensuring the security of individual devices is a massive and complex undertaking, which StruxureOn has rationalised and simplified.

With StruxureOn we aggregate all device data on-site and have one secure, highly encrypted communication gateway to the Schneider Cloud. This is a one-way, outgoing connection only.

There’s no inbound route to allow a malicious attacker get in and gain control of connected devices.

Connections from the gateway are validated using an industry standard 2048 bit RSA certificate and data is encrypted in transit using 128 bit AES encryption.

A single, cyber-secure connection provides improved security for all infrastructure devices and greater peace of mind for the data center manager.

At the same time we have also enabled wide governance options around data privacy – allowing the customer to set policies for the way we treat their machine data and what do we use it for, as well as according privileges about who has access to what throughout their ecosystem.

It’s my belief that digital services like StruxureOn could improve the cyber security of data centers, while bringing together all the machine data which forms the basis of operational insights and analytics to reduce equipment running costs.

For example, we can monitor and report which firmware is running on what device, whether it’s the latest version or in need of upgrading. We can also see who has accessed devices and when they logged in.

This is really helpful reporting for customers who are worried about security or attacks on their internal systems. In addition to secure collection of data and privacy around that, Schneider also ensures secure data processing and storage within the cloud engine.

Protected by state-of-the-art firewalls, the cloud network is configured to only allow access from specific sources (using Access Control Lists), and only a limited set of authorised personnel have access – and only through multi-factor authentication.

The cloud engine is fault tolerant and runs in a redundant configuration to ensure that no data is ever lost.

Data is tagged according to source, and customers can only access what’s theirs – the system always knows which data belongs to who, and a complete audit trail is maintained of all data received and being processed.

Data is transmitted to the appropriate customer via the StruxureOn app using HTTPS TLS 1.2.  

And just to cover all the bases, logging in to the app requires either a specifically generated one-time code sent to the mobile number, or using the device’s biometric security features.

Article by Henrik Leerberg, Schneider Electric Data Center Blog 

Silicon Valley to lose its tech centre crown to global cities
A new survey of tech industry leaders found the majority believe it is likely the Valley will be usurped within four years by other cities around the world.
Hybrid cloud set to mitigate vendor lock-in within Thailand
IDC has released its top 10 predictions for Thailand's IT industry through to 2022.
French cloud giant sets up shop in two APAC data centres
OVH Infrastructure has expanded its public cloud services in the Asia Pacific (APAC) market operating from two data centres within the region.
SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Data center colocation market to hit $90b in next five years
As data center services grow in popularity across enterprises large and small, the colocation market is seeing the benefits in market size.
Google doubles down on hybrid cloud strategy
CSP is a platform that aims to simplify building, running, and managing services both on-premise and in the cloud.
OVH launches public cloud down under
OVH Public Cloud services is expanding to Australia out of two data centres - one in Sydney and one in Singapore.
Huawei invests in cloud deployment for Singapore
The company says its new strategic investment reflects growing demand for cloud service solutions across Asia Pacific.