Step Five: Handling Security Objections




Step five in our series “Ten Steps to Drive a Connected Product Program,” looks at how to handle security objections.

  • Organizations regularly have security conversations with end users. Add credibility to these conversations by being well-read and well-versed on the ThingWorx AlwayOn Firewall-Friendly™ technology.
  • Remote access is always associated with a firewall server. With AlwaysOn™ technology, customers maintain their current security model and do not have to make changes to firewall settings or proxy servers.
  • Customers can limit access, views, and even actions based on the user’s role, which addresses security and leads into a compliance conversation.

Place yourself in the end user’s shoes. You are the Deposit Operations Director for a midsized bank in the Pacific Northwest. You manage operations, service, and fulfillment. You are responsible for vendor management when internal development of systems is not an alternative. You have advanced knowledge of bank operations, core systems operations, and deposit operations. Your bank currently manages $85 billion in assets. Thousands of successful ATM transactions are carried out every day; in fact, more than 90 percent of your customers now use ATMs. When your vendor approaches you with a proposal for a connected product initiative designed to increase end-user convenience and satisfaction, are you going to ask about security? Of course. And you should ask about compliance, too.

Every company, in every industry, has sensitive business information. Whether this information resides in the cloud or on site, customers need to protect corporate resources from unauthorized access and malicious threats. Connecting a computer to the internet raises security concerns. Connecting an intelligent device is no different.

Customers need assurance that security controls are in place, and it’s easy to understand the reasons for their concern. According to a 2010 study by Ponemon Institute, the median cost of cyber-crime to companies is $5.9 million, with a range of $1.5 million to $36.5 million each year per company. Customers want assurance that the connected product solution is cohesive with their security model, allows granular control over user access, and offers easy-to-use audit and tracking capabilities. Plan to engage in a two-way conversation that uses the language of the customer’s business, as well as the business of securing emerging technologies. Appreciate the impact of adding intelligent devices to a network, and anticipate the customer’s security concerns around suitability and acceptability.

Have the following information at the ready:

Thingworx connected products require no changes to the end user’s current security model and infrastructure.

In keeping with an end user’s security model and policies, they can remain in complete control of access controls.

  • Thingworx AlwaysOn™ technology is based on Web Services standards, including HTTP, SOAP, and XML. The ThingWorx edge agent initiates all communication, so devices do not
    require public IP addresses and are not visible from outside the firewall.
  • SSL encryption supports key length up to 168 bits and mutual authentication using bidirectional digital certificates.
  • Secret key AES 256-bit message encryption can be used with SSL to encrypt data behind the DMZ.
  • Access to the system is centrally controlled and authenticated against an enterprise LDAP system.
  • Strong passwords are enforced — a minimum of six characters with a combination of letters, numbers, and symbols.
  • All remote access activity is tracked and recorded.

ThingWorx technology undergoes 3rd party security certification and is deployed in highly secure environments around the world by manufacturers in a range of industries, including homeland security, healthcare, life sciences, information technology, telecommunications, print and imaging, kiosks, semiconductor, industrial, and building automation. ThingWorx carefully incorporates security principles and standards in the design and operation of infrastructure and services. Download our white paper, “Protecting Smart Devices and Applications Throughout the IoT Ecosystem” and learn how an IoT platform can help secure your enterprise today.