Prior to selecting an industrial IoT solution that may be both strategic and mission critical to the business, a managing decision maker will typically have a number of concerns and questions. We discuss the typical needs and concerns we meet when talking to new potential customers and then elaborate on how the Secomea Solution addresses these needs.
The concerns and questions in relation to the below ten topics are typically not very technical, but rather touch on the effects on the sales, support and business strategy. For technical details refer to “Information for IT Managers“.
The Secomea solution is developed to and for the Automation Industry. This applies for small machine installations with low budgets, as well as large machine installations that are sensitive to immediate action due to severe maintenance liabilities. The Secomea solution was initially designed and is constantly enhanced based on market trends, knowledge about competition and customer feedback.
The Secomea solution is installed in thousands of factories across the globe. Several larger Machine Builders mount a SiteManager IoT Gateway in the machine cabinet as a standard component. For these companies the solution has not only proved itself technically, it has also proved to actually payback the investment as result of reduced travel cost. But maybe more interestingly, it has received general acceptance and endorsement by IT experts, as an acceptable method for accessing equipment behind corporate firewalls without compromising security.
In addition to this, Secomea has formal partnerships with a number of the major PLC and HMI manufacturers; not only to ensure full compatibility with the products, but also in connection with actual customer projects where industrial remote access is a pre-requisite for closing the bid.
It cannot be stressed enough: Secomea’s number One priority is Security! Office network infrastructures often use Microsoft based credentials management combined with firewalls and VPN for expanding the intranet securely across the Internet. Maintaining and configuring such an infrastructure require IT resources, and yet it may be vulnerable to attacks and leaks subsequent to complex configuration or common human behavior. Secomea’s Industrial IoT Solution also includes relevant IT security components for industrial communication, such as strong end-to-end encryption, two factor security, event audit trails and role based account management. But in addition to this, the solution includes standard measures for eliminating risk of vulnerabilities resulting from mal-configuration or human carelessness.
This is achieved by constantly analyzing customer feed-back in combination with emerging global security risks. The subsequent assessment of needs versus threats is critical to ensure that the solution retains the same high security level while maintaining its primary functionality and its ease of use. This is only possible for solutions with a well defined scope; not for a generic product with multiple purposes. The security aspects are documented in the section “Information for IT Managers” that has the purpose to assure the customer’s IT administrator that the solution is secure and will not compromise the existing infrastructure.
As mentioned, Security is our number one priority. But it is also our belief that ease of use is a crucial prerequisite for ensuring a high level of security. The easier a solution is, the more likely it is to be operated as intended, and subsequently the security remains in effect as designed. The Secomea design principle is to look at the typical user and administrators in the industry segment and adapt the solution to their typical knowledge level and way of working.
Therefore the solution does not require IT or networking knowledge, even though the solution features highly advanced end-to-end communication features that would typically only be obtainable by setting up VPN infrastructures combined with complex routing and firewall rules.
Within the Automation Industry, safety is often considered just as important a topic as security. Motion based equipment, such as packaging machines, are even subject for government regulations that dictates machine providers to ensure remote access control to the machine is properly signalled to the operators. With the Secomea Solution you can for instance connect a light tower to a digital output port of the SiteManager IoT Gateway, which will activate when remote access is conducted.
Additionally the customer can connect an on/off switch or a panel to an input port, in order to let the machine operator prevent remote access when it could pose a risk of personal injury. So the Secomea solution already addresses the Safety aspect and thereby ensures that our customers can prepare machine installations to be compliant with such directives.
Scalability has been a key design goal of the Secomea Solution. A typical scenario is that a Machine Builder has multiple sites with several devices at each site, and which multiple servicer engineers should be able to access individually. Making such a “many-to-many” communication setup with a VPN infrastructure is highly IT knowledge demanding and can be an administrative nightmare. Even if the setup works, it entails vulnerabilities due to manual handling of routing and firewall rules. With the Secomea Solution you do not setup rules. You simply control at the user accounts level, which users have access to what customer sites. This can be fine-grained to a detail level where for instance one service engineer can program a certain device, while another service engineer can only access its web interface.
The GateManager Access Management Server provides a clear overview of all user accounts and their individual access, regardless of how many sites, devices and users are managed. Scalability also involves the ability to optimize hosting of the central GateManager Server. Many customers start up on Secomea’s hosted solution, and later migrate to an own server, or even to a cloud based server in a virtualization centre.
Secomea takes pride in providing fast responses to technical support questions, and continuously update online help and guides based on customer feedback. To Secomea support also implies assurance that our partners can continue using and supporting their clients, should Secomea seize to exist. Secomea therefore offer to enter escrow agreements that will ensure a partner access to source code for all product firmware, software and documentation. (All source code of Secomea is under strict version control and all software and firmware products are build every night as a part of an automatic build procedure.)
Liability to the customer of course involves taking immediate action by accessing the equipment and fixing the problem. Naturally, this is the main purpose of a remote access solution, and is particularly important for Machine Builders in the commissioning period. Liabilities, however, go further than just fixing things. It also involves a need to provide audit-trails of what occurred in the past. The Secomea Solution includes logging of all events in the system, including when equipment was accessed and by whom, or when a device went offline.
The audit trails of the GateManager Server therefore have two purposes: Document to the customer that you fulfill your maintenance obligations Document, from a security perspective, that the system has not been compromised. And if suspecting so, provide detailed access logs Both of these purposes are vital for supporting the Machine Builder’s liabilities from a legal perspective.
A good product investment within this industry is characterized by the following:
Secomea can check mark all these needs.
The Secomea Solution has a low startup fee and based on the Secomea hosted servers. A maintenance fee kicks in only when the number of installations reaches 100, or when more than 2 engineers need remote access to equipment simultaneously. The maintenance fee is your assurance fast support response time and proactive update services for the solution components for many years. Secomea’s price structure with regard to unit pricing and maintenance costs is defined based on feed-back from our customers in the industry, combined with an assessment on what price models best fits the sales and maintenance models towards the end-customers.
Secomea is a well consolidated company with an annual growth rate of more than 30% per year since 2008, and profits are invested in development and expansion of the company and its services. The period from Q4 2011 through Q1 2012 was subject for the most massive launch of new products in the company’s history, and which had as focus to ensure higher application flexibility and an even higher degree of core functionality ease of use. Additionally, 2012 brought products targeting the end-user in form of remote access to web enabled equipment from smart-phones and tablet devices. Apart from offering a practical tool for letting the Factory Manager monitor his own equipment, it also justifies the added cost of the remote access solution to the end-user.
2013 set focus on easier migration to partners or customers that want their own GateManager server and a solution completely independent of Secomea. In 2014 the Secomea solution was further security optimized and obtained a Security Audit Certificate from an external security assessment company, where the solution successfully passed auditing according to NIST SP800-115 & OSSTMM, BSI Grundschutz Catalog and IEC 62443.