Introduction

DeviceLynk embraces Industrial IoT technology by creating informative dashboards that are cloud based and capable of collecting and visualizing data from any connected device. Provided as a hosted service, DeviceLynk is composed of three components:

  • Agent: A software utility that is installed on a computer connected to devices, that facilitates communication and data transmission to our DeviceLynk server.
  • DeviceLynk Server: A secure cloud-hosted server that collects and stores data from DeviceLynk Agents and provides a secure web-based interface for users to view reports and manage assets.
  • Web Browser: Any web browser on any modern device, whether a computer, tablet, or smart phone, can be used to securely access the DeviceLynk server.

Protecting the integrity of the corporate and control network and the privacy of sensitive data is of utmost concern to any enterprise. Security is essential when extending Internet-based remote access to field data. However, to ensure low total cost of implementation, secure solutions must integrate smoothly with each organization’s existing security infrastructure and require little IT support or configuration. DeviceLynk was developed with these key security issues in mind. We employ multiple security techniques to maximize the integrity of communications and data.

Security from the ground up

The DeviceLynk solution is designed with security in mind and ensures robust and secure operation while integrating seamlessly with a company’s existing network and security infrastructure.

Secure infrastructure

All DeviceLynk Web, application, and database servers are hosted on Amazon’s Secure Cloud data centers, which utilize state-of-the art electronic surveillance and multi-factor access control systems. For more information, please visit the AWS Security Center at aws.amazon.com/security.

Firewall compatibility

DeviceLynk is firewall friendly. It generates only outgoing HTTPS/TCP connections on port 443. Because most firewalls are already configured to permit outgoing Web traffic, you do not have to bypass or compromise your corporate office firewall, your control network firewall, or your remote asset network firewall to implement secure data collection.

End-to-end encryption

Whenever an Agent connects to the secure server, it employs secure HTTP (HTTPS) via TLS/SSL. This is the same encryption protocol used by banks and government organizations to protect sensitive information shared between them and their users. All data sent is encrypted before it leaves the device and is only de-crypted once it has arrived at the secure server, and vice versa, providing a connection that is insusceptible to man-in-the-middle attacks like data theft and tampering. Connections between the user’s Web browser and the secure server are also encrypted with the same technology regardless of the type of device being used.

Outgoing-only connections

Agents initiate connections with a secure server, however no servers, nor any other devices, can initiate a connection with an Agent. This adds an additional layer of protection to the devices, remote assets, and the corporate and control network.

Authenticated user access

User access to the secure sever requires a user name and password combination over a secure HTTPS connection. All data transferred between these endpoints is encrypted. Role-based access controls further ensure that only authenticated parties can gain access to authorized resources.

Security standards compliance

DeviceLynk allows organizations to prepare cyber-security documents based upon industrial networking security standards for data, reliability, and role-based user access rights. Many of the features within DeviceLynk, such as integral logging, facilitate the ability for organizations to meet and exceed the requirements by standards such as ISA99, CIP and NERC for documentation and performance evaluation.

Conclusion

The DeviceLynk recipe is straightforward: Start with a secure hosted service and operational practices that preserve customer privacy. Complement this foundation with secure configuration and monitoring tools to control access. Protect connections with multi-level authentication and state-of-the-art encryption to keep corporate and control traffic safe. Integrate this solution seamlessly with each company’s existing network and security infrastructure. Provide flexible administrative controls to support and enforce security policies. The end result: DeviceLynk provides robust, secure remote access with low total cost of implementation.

Have questions? Contact us.