EcoStruxure™ IT is investing in cybersecurity certifications because building secure products is the priority

 By Bjarke Fenger

As a product manager, I am always asking for more capabilities in our products. In a recent meeting with our engineering leadership team, a development manager replied “We can be fast, scalable, and secure. But you have to choose because you cannot get all at once”. In a short sentence, he captured a challenge we are facing. Building a secure product is not free, it is a priority.

The conversation raised an important question: How do I ensure security? As a user, I am looking for the capabilities to solve my problem but may overlook an important part. When I use Data Center Infrastructure Management (DCIM) software to ensure my business operations, I am entering critical customer and financial information into this software – how do I know that the software vendor is prioritizing security?

Ensuring our software products are secure is paramount

Our DCIM 3.0 story is focused on resiliency, security, and sustainability. Security is one of the three pillars, and it is becoming more and more important. Every day the news is filled with stories about ransomware attacks and hacks that leave hospitals unable to function, banks not being able to transact, and more. There is a growing maleficent business built on cybersecurity attacks.

In the EcoStruxure IT portfolio, our team has always focused on helping our customers to operate the data center in the most secure way. Our NetBotz™ products enable monitoring and access control. Data Center Expert and IT Expert ensure data history and audit logs. As the next big step in our dedication to a high security level, we are now investing in security certifications.

Our Network Management Card platform (NMC) recently achieved the IEC 62443-4-2 standard and, as a next step in our journey, we are now in the process of obtaining ISO27001 Certification on IT Expert and FIPS 140-3 Certification on Data Center Expert.

• ISO27001 is an international standard for information security management systems (ISMS). It provides a systematic approach to managing sensitive company information, ensuring it remains secure. This includes people, processes, and IT systems by applying a risk management process.
• FIPS 140-3 is a U.S. government standard that specifies the security requirements for cryptographic modules. These modules are the hardware or software components that encrypt and decrypt data, ensuring secure communications and data protection.

A wealth of benefits

Our project to archive these security certificates has been a valuable experience. It has forced us to evaluate our processes and ensure an even higher level of security. The project started as a focus on increased security and during the process we have identified several other benefits:

1. Enhanced Security Posture: Both ISO27001 and FIPS 140-3 help organizations identify and manage risks systematically. By implementing these standards, software products are better protected against cyber threats, reducing the likelihood of data breaches and other security incidents.
2. Customer Trust and Confidence: In an era where data breaches are common, customers are increasingly concerned about the security of their information. Having ISO27001 and FIPS 140-3 certifications demonstrates that we take security seriously, thereby building trust and confidence in your products.
3. Compliance with Regulations: Many industries have stringent regulatory requirements regarding data protection. The European Union will be enforcing NIC2 directive in 2024. ISO27001 and FIPS 140-3 certifications ensure that your software products comply with these regulations, avoiding potential legal issues and fines.
4. Improved Business Continuity: ISO27001 includes provisions for business continuity management, while FIPS 140-3 ensures the secure design and operation of cryptographic modules. By following these guidelines, your organization can better prepare for and respond to disruptive incidents, ensuring that your software products remain available and reliable.
5. Operational Efficiency: Implementing ISO27001 and FIPS 140-3 can lead to more efficient processes and better resource management. By identifying and mitigating risks, your organization can avoid costly security incidents and focus on delivering high-quality software products.

Peace of mind to focus on your core business

The wealth of benefits we discovered while obtaining the certifications provided great peace of mind. By using software solutions with ISO27001 and FIPS 140-3 certifications, our customers can be confident that their data is protected by industry-leading security practices, allowing them to focus on their core business activities without worrying about cybersecurity threats.

Obtaining these certifications is a commitment from the EcoStruxure IT team to our customers and we will continue to increase our security profile. IT Advisor is also planning for a security certificate, and we will be continuing this journey.

I encourage you to keep in mind the comment from my engineering manager: “We can be fast, scalable, and secure. But you have to choose because you cannot get all at once”. As a simple human, I get attracted to features and capabilities when choosing a software solution. But I should always question my vendor on how they are ensuring my security. I can make do with fewer features, but a ransomware attack will leave me, and my operations, stranded.