as a Process, not a State
Protect your product‘s Achilles Heel.
While the number of connected devices is expected to tremendously grow within the next years, only very basic security features - if any - are deployed in most of the installations.The result is an increasing number of attacks due to serious vulnerabilities: spoofing, tampering, repudiation, information disclosure, espionage, elevation of priviledge and denial of service (DoS) or service disruption are the result.
Unsufficient protection of critical infrastructure is the number one risk within the industry.
Security is a process - not a State
While some IT professionals might still believe in security as being a static product (against intrusion, for trust, against DoS), we distinctively follow the concept of a continuous process instead.
The rules of security are dynamically changing, as the complexity (and vulnerabilities) of devices and their interoperation increases.
Attack vectors are multifaceted and sometimes hard to predict, but a process of continuous monitoring, testing and improving is the essential basis, combined with the latest cryptographic expertise.
What might be manually doable with single devices, becomes an Herculean and riskful task within highly distributed systems, like IoT or Industrial IoT.
Therefore a persistent monitoring and alarming, combined with remote updates (patch management) becomes an essential feature to protect devices within industrial applications or critical infrastructure.
Security as a Service
Connecting industrial systems and making use of collected data is a complex task of its own that requires significant internal ressources.
The technical and legal requirements are dynamic and complex, ressource-intensive and as an economic entry barrier often overlooked.
Security and vulnerability management is a process that requires continuous supervision and adaptation of tools before and during the product lifecycle.
Therefore industrial partners expect infrastructures to work like tools, to be up-to-date and to comply with legal requirements without investing into expert staff recruiting.
Our understanding of Security as a Service is a comprehensive, but modular set of services, when implementing or operating IoT systems:
• Security consulting
• Continuous adaption to IEC62443 and security
recommendations/regulations of German BSI,
French ANSSI and US DHS
• Device monitoring
• Device installation/repair/service
• Patch management/security updates
• Compliance report generation
Design & Management
The cloud market is under continuous change driven merely by consumer IoT, next generation connectivity platforms (E.g. cellular networks) and upcoming software trends or security topics.
The lifecycles often don't match or overlap long enough to protect your or your customers investements.
We ensure that your product interoperates with the cloud system of your choice and stays connected during the lifecycle.
We support the following cloud connectors and communication protocols:
• AWS IoT
• Google IoT
• OPC UA and OPC UA companion specifications
Industrial IoT applications are often very specific and unique in design and application.
Gateways are emerging as a key element of bringing legacy and next-gen devices to the Internet of Things or a highly customized backend application.
We understand ourselves as full-service provider enabling industrial partners to realize their individual Industry 4.0 solution - hardware, software, device management, service concepts and compliance topics.
In oder to meet your individual requirement, we allow a broad customization along hardware, software and certifications required or develop your specific gateway according to your performance specification (ODM).
Get in touch with us, to discuss your particular idea.
© SPECTRAAL 2019