How Factry Historian ensures security of production data (and why cloud storage may be a safer option than on-premise)
Frederik Van Leeckwyck on
In our conversations with production companies around the world, data security is often a hot topic – including the age-old dilemma of local storage versus the cloud. In this blog post, you will find out how our historian keeps production data safe and sound, and why storing it in a cloud environment might be the better option instead of keeping it on premise.
Many businesses in the production industry are looking for a more flexible, scalable and affordable way to collect, analyse and visualise process data. Often to replace an outdated data management solution, or when they have finally decided to replace their paper processes with a modern IIoT platform.
As a result, some of them end up in a video call with me to talk about their data challenges, and how our historian software could help tackle them.
The basic idea behind Factry Historian is to make process data accessible for anyone in the company, all through a single platform that brings together any data source, going from sensors to equipment, systems and processes. As such, it offers a single source of truth for production monitoring and analysis.
Yet, many of the industry people I talk to rightfully wonder how their company’s production data, when stored in an open source data historian, is protected against possible cyber attacks. Therefore, even in our initial meetings with production companies, three security-related questions commonly come up:
- How can I both ensure security and give anyone access to data?
- Which measures are put in place to guarantee data security?
- Can cloud storage ever be as secure as on-premise storage?
Q1: How does unlimited access to data and security go hand in hand?
Whereas control systems such as SCADA are typically not designed to store data in the long run, historians store production data for an eternal period of time, opening doors to both short and long-term process insights, and more advanced applications such as MES, AI and predictive maintenance.
Unique about our historian software is that it collects process data from SCADA, DCS or any other source, stores the data on edge in multiple production sites and in the cloud, makes it available to any employee, anywhere and on any device through a user-friendly interface.
So, how does this rhyme with your company’s security policy?
Whereas SCADA systems keep data close to the OT environment, historians send data from the production floor to a secured, standard IT environment.
Data gathered from production processes is sent in near-real time to a different infrastructure and network, so it can be made easily available to any employee with the right security credentials, or to other applications such as MES – without imposing security risks to the production network itself.
The sandbox principle
When querying or analysing data, no resources are used from the SCADA itself, since the data was already captured and stored. There is no way to break anything in production. See a historian as a sandbox. You can play around as much as you’d like, without the risk of causing any trouble. This not only gives people peace of mind when they’re working with the software, it also has positive effects on user adoption.
Q2: Which actions are put in place to guarantee data security?
Fine-grained user management
Factry Historian allows for an unlimited number of users, with no extra license fees. At the same time, it enables fine-grained user management, both locally and in the cloud. Each user has its own account. Managing access rights is made easy by authenticating with Active Directory or by using single sign-on.
Another security benefit is that you don’t have to grant access to the SCADA system anymore whenever someone needs data from it. Within an IT landscape and the historian interface, the same SCADA data can now be securely accessed through modern authentication, eradicating the risk of incidents.
Continuous security updates
Since they are located in a secured production network, SCADA systems will generally pose no real security threats. However, these systems are built to be available 24/7 and are not often upgraded.
If it works, don’t fix it.
Yet, in contrast to SCADA systems and proprietary historians, Factry Historian is updated continuously with security patches, bug fixes, etc. Since the historian only collects data and is therefore a non-production critical system, it is even possible to reboot the system or install updates with users hardly noticing.
Data encryption in transit
Encryption in transit refers to the encryption of data while it moves between your site and the cloud provider, or from the OT to the IT network. Data protection is achieved by encrypting the data before transmission, authenticating the endpoints and decrypting and verifying the data on arrival.
Data encryption in transit has three major advantages:
- No one can spy on your production data
- Data can not be modified while being moved
- You are positively sure the data comes from your devices
Q3: On-premise data storage or in the cloud: which one is safest?
This is often a sensitive issue. In the industry, the cloud is sometimes perceived as less secure than on-premise storage. Intuitively, it may seem the better idea to keep your data between company walls. But is this actually the case? And what if you need the cloud to compare multiple production sites or share data with external parties, without fancy VPNs?
First of all, there is no such thing as perfect data security. The choice between local and cloud storage should always be a trade-off between the advantages and downsides of both. In case your business already has an advanced IT infrastructure in place, it seems logical to leverage your own resources.
In a remote data center, your data will not be physically at hand. Yet the question is whether that is a bad thing, as chances of data being physically stolen become nil. Also, it is the core business of data centers to protect and manage cloud infrastructures against cyber threats.
So, are you going to do a better job?
Therefore you could argue that for many SMEs in the industry, a remote data center will probably meet modern cyber security standards better than their company’s own IT infrastructure. Moreover, storing the production data in an on-premise environment may even give them a false sense of security.
Summary: Factry Historian vs. data security
Factry Historian protects your data by moving it away from the production network to a standard IT environment, thereby applying all of today’s security best practices in an on-premise or cloud environment. This includes single or two-factor authentication, data encryption and fine-grained user management.
Whether storage in the cloud or on premise is the best solution for your business, largely depends on your company’s vision, policy and current IT infrastructure. However, if you put all things together, and in contrast to how it is often perceived, storing your data in the cloud may be the safer choice.
Looking for a software solution to monitor, manage and visualise data from industrial processes? On a single or multiple production sites, on-premise or in the cloud? At Factry, we take data security seriously.
Tell us about your data challenges
And get free advice from one of our consultants.