Prior to selecting an industrial communication solution that may be both strategic and mission critical to the business, a managing decision maker will typically have a number of concerns and questions:
- The solution must be designed specifically for the automation industry
- The solution must be proven and endorsed by machine builders and PLC/HMI manufacturers
- The solution must be secure
- The solution must be easy to deploy and maintain
- The solution must comply with safety standards
- The solution must be scalable
- The solution must be fully supported, and yet it must not be dependant of the vendor
- The solution must actively help fulfil obligations for servicing installed machines
- The solution must recoup its investment through saved maintenance cost
- The provider of the solution must be a dedicated and financially healthy company
This document has for purpose to elaborate on how Secomea have addressed all these topics with a solution consisting of the three components:
The concerns and questions in relation to the above ten topics are typically not very technical, but rather touch on the effects on the sales, support and business strategy. For technical details refer to “Information for IT Managers“.
1. Assurance that the solution is the Best Choice within its segment
The Secomea solution is developed to and for the automation industry. This applies for small machine installations with low budgets, as well as large machine installations that are sensitive to immediate action due to severe maintenance liabilities.
The Secomea solution was initially designed and is constantly enhanced based on market trends, knowledge about competition and customer feedback. Although Secomea may not yet be known by the entire automation industry, we consider our solution to be the most complete and dedicated solution for this segment.
2. Assurance that the solution is Proven
The components of the Secomea remote access solution for automation equipment are based upon the Secomea office security technology that was launched in 2003. The technology has evolved from the 1st generation in 2005 into the current 3rd generation solution that was announced in 2008.
The Secomea solution is today installed in thousands of factories across the globe.
Several larger machine manufacturers (of which a few are listed here) mount a Secomea SiteManager in the machine cabinet as a standard component. For these companies the solution has not only proved itself technically, it has also proved to actually payback the investment as result of reduced travel cost. But maybe more interestingly, it has received general acceptance and endorsement by IT experts, as an acceptable method for accessing equipment behind corporate firewalls without compromising security.
In addition to this, Secomea has formal alliances with a number of the major PLC and HMI manufacturers (see a list here); not only to ensure full compatibility with the products, but also in connection with actual customer projects where remote access is a pre-requisite for closing the bid.
3. Assurance that the solution is Secure
It cannot be stressed enough: Secomea’s number One priority is Security!
Office network infrastructures often use Microsoft based credentials management combined with firewalls and VPN for expanding the intranet securely across the Internet. Maintaining and configuring such an infrastructure require IT resources, and yet it may be vulnerable to attacks and leaks subsequent to complex configuration or common human behavior.
The Secomea solution for the automation industry also includes relevant IT security components for Internet based communication, such as strong end-to-end encryption, two factor security, event audit trails and role based account management. But in addition to this, the solution includes standard measures for eliminating risk of vulnerabilities resulting from mal-configuration or human carelessness.
This is achieved by constantly analyzing customer feed-back in combination with emerging global security risks. The subsequent assessment of needs versus threats is critical to ensure that the solution retains the same high security level while maintaining its primary functionality and its ease of use. This is only possible for solutions with a well defined scope; not for a generic product with multiple purposes.
The security aspects are documented in the section “Information for IT Managers” that has the purpose to assure the customer’s IT administrator that the solution is secure and will not compromise the existing infrastructure.
4. Assurance that the solution is Easy
As mentioned, Security is our number one priority. But it is also our belief that ease of use is a crucial prerequisite for ensuring a high level of security. The easier a solution is, the more likely it is that it is operated as intended, and subsequently the security remains in effect as designed.
The Secomea design principle is to look at the typical user and administrators in the industry segment and adapt the solution to their typical knowledge level and way of working.
Therefore the solution does not require IT or networking knowledge, even though the solution features highly advanced end-to-end communication features that would typically only be obtainable by setting up VPN infrastructures combined with complex routing and firewall rules.
5. Assurance that the solution complies with Safety standards
Within the automation industry, Safety is often considered just as important a topic as Security. Motion based equipment, such as packaging machines, are even subject for government regulations that dictates machine providers to ensure that remote service access to the machine is properly signalled to the operators.
In the Secomea solution you can for instance connect a light tower to a digital output port of the SiteManager hardware unit, which will activate when remote service is conducted. Additionally the customer can connect an on/off switch or a panel to an input port, in order to let the machine operator prevent remote access when it could pose a risk of personal injury.
So the Secomea solution already addresses the Safety aspect and thereby ensures that our customers can prepare machine installations to be compliant with such directives.
6. Assurance that the solution will Scale
Scalability has been a key design goal of the Secomea solution.
A typical scenario is that a machine builder has multiple sites with several devices at each site, and which multiple servicer engineers should be able to access individually.
Making such a “many-to-many” communication setup with a VPN infrastructure is highly IT knowledge demanding and can be an administrative nightmare. Even if the setup works, it entails vulnerabilities due to manual handling of routing and firewall rules.
With the Secomea solution you do not setup rules. You simply control at the user accounts level, which users have access to what customer sites. This can be fine-grained to a detail level where for instance one service engineer can program a certain device, while another service engineer can only access its web interface. The Secomea GateManager administrator portal provides a clear overview of all user accounts and their individual access, regardless of how many sites, devices and users are managed.
Scalability also involves the ability to optimize hosting of the central GateManager server. Many customers start up on Secomea’s hosted solution, and later migrate to an own server, or even to a cloud based server in a virtualization centre.
7. Assurance that Secomea will Support the solution
Secomea takes pride in providing fast responses to technical support questions, and continuously update online help and guides based on customer feedback.
To Secomea support also implies assurance that our partners can continue using and supporting their clients, should Secomea seize to exist. Secomea therefore offer to enter escrow agreements that will ensure a partner access to source code for all product firmware, software and documentation.
(All source code of Secomea is under strict version control and all software and firmware products are build every night as a part of an automatic build procedure.)
8. Assurance that the solution supports corporate Liabilities
Liability to the customer of course involves taking immediate action by accessing the equipment and fixing the problem. Naturally this is the main purpose of a remote access solution, and is particularly important for machine builders in the commissioning period.
Liabilities, however, go further than just fixing things. It also involves a need to provide audit-trails of what occurred in the past. The Secomea solution includes logging of all events in the system, including when equipment was accessed and by whom, or when a device went offline.
The audit trails of the Secomea GateManager therefore have two purposes:
Document to the customer that you fulfill your maintenance obligations
Document, from a security perspective, that the system has not been compromised. And if suspecting so, provide detailed access logs
Both of these purposes are vital for supporting the machine builder’s liabilities from a legal perspective.
9. Assurance that the solution is worth your Investment
A good product investment within this industry is characterized by the following:
- Startup does not involve large capital investments
- Price per installation can be accurately calculated
- No hidden costs will surface when the solution once is in production
- Consecutive purchases follow a linear or even declining cost-per-installation curve
- Expanding the solution does not require expansion of personal to maintain the solution
Secomea can check mark all these desires.
The Secomea solution has a low startup fee and based on the Secomea hosted servers. A maintenance fee kicks in only when the number of installations reaches 100, or when more than 2 engineers need remote access to equipment simultaneously. The maintenance fee is your assurance fast support response time and proactive update services for the solution components for many years.
Secomea’s price structure with regard to unit pricing and maintenance costs is defined based on feed-back from our customers in the industry, combined with an assessment on what price models best fits the sales and maintenance models towards the end-customers.
10. Assurance that Secomea will be a Trusted and long lasting partner
Secomea is a well consolidated company with an annual growth rate of more than 30% per year since 2008, and profits are invested in development and expansion of the company and its services.
The period from Q4 2011 through Q1 2012 was subject for the most massive launch of new products in the company’s history, and which had as focus to ensure higher application flexibility, and an even higher degree of core functionality ease of use.
Additionally 2012 brought products targeting the end-user in form of remote access to web enabled equipment from smart-phones and tablet devices. Apart from offering a practical tool for letting the factory manager monitor his own equipment, it also justifies the added cost of the remote access solution to the end-user.
2013 set focus on easier migration to partners or customers that want their own GateManager server and a solution completely independent of Secomea.
In 2014 the Secomea solution was further security optimized and obtained a Security Audit Certificate from an external security assessment company, where the solution successfully passed auditing according to NIST SP800-115 & OSSTMM, BSI Grundschutz Catalog and IEC 62443.