Help
  • Explore Community
  • Get Started
  • Ask the Community
  • How-To & Best Practices
  • Contact Support
Notifications
Login / Register
Community
Community
Notifications
close
  • Forums
  • Knowledge Center
  • Events & Webinars
  • Ideas
  • Blogs
Help
Help
  • Explore Community
  • Get Started
  • Ask the Community
  • How-To & Best Practices
  • Contact Support
Login / Register
Sustainability
Sustainability

We Value Your Feedback!
Could you please spare a few minutes to share your thoughts on Cloud Connected vs On-Premise Services. Your feedback can help us shape the future of services.
Learn more about the survey or Click here to Launch the survey
Schneider Electric Services Innovation Team!

EcoStruxure IT Security Handbook

EcoStruxure IT security

The EcoStruxure IT platform is security hardened with a mandatory two-factor authentication and high encryption standards.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
  • Home
  • Schneider Electric Community
  • EcoStruxure IT Help Center
  • EcoStruxure IT Help Center Categories
  • EcoStruxure IT Security
  • EcoStruxure IT security
  • EcoStruxure IT Security Handbook
Options
  • Mark as New
  • Mark as Read
  • Bookmark
  • Subscribe
  • Email to a Friend
  • Printer Friendly Page
  • Report Inappropriate Content
Invite a Co-worker
Send a co-worker an invite to the portal.Just enter their email address and we'll connect them to register. After joining, they will belong to the same company.
You have entered an invalid email address. Please re-enter the email address.
This co-worker has already been invited to the Exchange portal. Please invite another co-worker.
Please enter email address
Send Invite Cancel
Invitation Sent
Your invitation was sent.Thanks for sharing Exchange with your co-worker.
Send New Invite Close

Related Forums

  • EcoStruxure IT forum

  • APC UPS Data Center & Enterprise Solutions Forum

Previous Next

Invite a Colleague

Found this content useful? Share it with a Colleague!

Invite a Colleague Invite

EcoStruxure IT Support

Submit a support request for additional assistance with EcoStruxure IT software.

Request Support
Back to EcoStruxure IT security
Options
  • Mark as New
  • Mark as Read
  • Bookmark
  • Subscribe
  • Email to a Friend
  • Printer Friendly Page
  • Report Inappropriate Content
1 Like
2684 Views

Link copied. Please paste this link to share this article on your social media post.

Trying to translate this page to your language?
Select your language from the translate dropdown in the upper right. arrow
Translate to: English
  • (Français) French
  • (Deutsche) German
  • (Italiano) Italian
  • (Português) Portuguese
  • (Русский) Russian
  • (Español) Spanish

EcoStruxure IT Security Handbook

Sisko JLehr Sisko
‎2024-09-04 04:46 AM

Application security

 

Schneider Electric is committed to securely develop and test against security threats to ensure cstomer data safety. Furthermore, Schneider Electric continuously employs a rotating number of 3rd party certified hackers to perform detailed penetration tests of the entire EcoStruxure IT platform.

 

Security training

All new EcoStruxure IT software developers attend a mandatory security training which is given upon hire and every year after that. Additionally, they can choose to enroll in a White Hat Hacker training to receive the Ethical Hacker certification.

 

Peer review

Any change to the EcoStruxure IT platform is subjected to a mandatory peer review where code and infrastructure changes are reviewed by at least one other engineer in order to validate code quality, security and performance.

 

All changes are tracked using a version control system (GIT) to ensure history, traceability and audit tracking.

 

Separate Environment

EcoStruxure IT testing environments are physically isolated from the Production environment.

 

Application vulnerabilities

 

Dynamic Vulnerability Scanning

Schneider Electric uses several third-party security tools to continuously dynamically scan the EcoStruxure IT platform for vulnerabilities. Schneider Electric maintains a committed security team to handle results and work with engineering teams to remediate issues.

 

Static Code Analysis

All changes to source code are continuously scanned for bugs, security and license issues via static analysis tooling. Any source code change which doesn’t meet the EcoStruxure IT standards will be returned to the development team for improvement.

 

Third Party Security Penetration Testing

Schneider Electric continuously employs a rotating number of third party certified hackers to perform detailed penetration tests on all components of EcoStruxure IT (gateway, mobile and web app).

When new features are released, mission statements are handed to security experts to verify feature security. 

Learn more about our security test report sharing policy

 

Incident Response

The Schneider Electric Corporate Product Cyber Emergency Response Team (CPCERT) has defined vulnerability management processes to ensure efficient incident response.

To report an incident, please contact your local Customer Care Center and include:

 

  • Product line
  • Vulnerable version
  • Vulnerability type [CWE ID, if available]
  • Organization name
  • Email adress
  • Phone number
  • Country

 

If you’re a researcher, please report a cybersecurity vulnerability here.

 

All vulnerability disclosures are reported on the Schneider Electric Cybersecurity Support Portal.

 

XSS Protection (Incident Validation)

In accordance with industry best practices, we use strict procedures for output sanitization of all user input. This is enforced in part by static code analysis and also by using well known, tried and tested third party frameworks.

 

Product security features

 

The EcoStruxure IT platform is security hardened with a mandatory two-factor authentication and high encryption standards. Your data is securely transported to the EcoStruxure IT platform using the EcoStruxure IT Gateway, which uses an outbound connection to ensure no one can compromise your environment.

 

It is best practice to keep operating systems and browsers up to date and patched regularly in accordance to vendor recommendations. 

 

Authentication security

 

Password policy

The EcoStruxure IT password policy requires:

 

  • At least 8 characters in length.
  • At least 3 of the following 4 types of characters:
    • Lower case letters (a-z),
    • Upper case letters (A-Z),
    • Numbers (i.e. 0-9),
    • Special characters (e.g. !@#$%^&* )
  • No more than 2 identical characters in a row (i.e. “aaa” not allowed)

 

EcoStruxure IT will validate your password, as long as it is not one of the 10,000 most common passwords and that it is not the first part of your email address.

 

Please note that your password will not expire according to recommended password policies by NIST & National Cyber Security Centre in the UK.

 

Multifactor Authentication

Multifactor authentication provides another layer of security to your EcoStruxure IT account, making it more challenging for somebody else to sign in as you.

 

Multifactor authentication is turned on for all logins to EcoStruxure IT, whether you are a customer, partner or Schneider Electric employee.

 

Schneider Electric advises you to use the EcoStruxure IT app for second factor authentication or a 3rd-party authenticator app. Though it is possible to use short-lived one time SMS tokens as a last resort, it is not recommended.

 

Secure Credential Storage

Schneider Electric follows secure credential storage best practices by never storing EcoStruxure IT passwords in clear text format, and only as the result of a bcrypt secure, salted hash.

 

Passwords are decoupled from the internal platform and saved using Auth0, a solution recommended by authentication management experts.

 

Failed Login Attempts

Schneider Electric enforces brute force protection for EcoStruxure IT. You will be blocked from logging in to your account if you have entered a wrong password for more than 10 times from the same IP address. You will then receive instructions on how to unblock the IP address from EcoStruxure IT via email.

 

Schneider Electric enforces rate limits as well. If you attempt to log in 20 times per minute as the same user from the same location, regardless of having the correct credentials, the rate limit will apply. You will then only be able to make 10 attempts per minute.

 

EcoStruxure IT Gateway Security

 

Outbound Connection

Schneider Electric is committed to keeping your data secure and private, even before it leaves your site. All connections from the EcoStruxure IT Gateway to our cloud are validated using an industry standard 2048 bit RSA certificate and data is encrypted in transit using 256 bit AES encryption.

 

To avoid compromising the security of your site, the EcoStruxure IT Gateway uses an outbound connection through Port 443, and only communicates to EcoStruxure IT cloud using 40.84.62.190, 23.99.90.28, 52.230.227.202, 52.177.161.233, and 52.154.163.222.

 

The communication from this outbound connection is always initiated by the Gateway. The Gateway connects to our cloud at regular intervals to check for messages, and then performs actions based on those messages. 

Infographic: Learn more about how EcoStruxure IT applies updates to your infrastructure

 

Authentication

All requests coming from the Gateway are signed using a unique private key created on installation and stored in the gateway, making it impossible to impersonate it.

 

Auto Updates

The EcoStruxure IT Gateway features an auto-update functionality ensuring that the software security patching happens automatically and that the Gateway is always up-to-date.

During the update, the Gateway continues to communicate sensor data and alarms to the cloud, minimizing downtime.

 

See EcoStruxure IT Gateway Security Handbook 

 

Data privacy

 

Schneider Electric ensures the privacy and integrity of your data at all times. It is committed to complying with its obligations under the GDPR. EcoStruxure IT only uses machine data to optimize your experience with the platform – guaranteeing the confidentiality of your personal data.

 

Privacy Policy

Learn more about privacy at Schneider Electric

 

GDPR

The General Data Protection Regulation (“GDPR”) addresses the processing of personal data and the free movement of that data. Its goal is to strengthen the security and protection of personal data in the EU and to harmonize EU data protection law.

This regulation sets out a number of data protection principles and requirements which must be adhered to when personal data is processed.

 

Schneider Electric is committed to complying with its obligations under the GDPR. Schneider Electric shares personal information with 3rd party data processors on a need-to-know basis.

 

Learn more about what personal data is shared with subprocessors and subcontractors

 

Personal Data Handling and Storage

Schneider Electric collects sensor data and alarms from critical infrastructure devices that you choose to share with us. Schneider Electric only collects data about the performance of your equipment and metadata, such as where it’s located and how old it is.

 

Before being committed to storage, your data is tagged as yours. Your data is segregated from other customers data by a unique identifier, which the system uses to ensure proper matching of data. In addition, the cloud engine keeps a complete audit trail of the data received and the data processing, so we can always retrace our steps and see where your data has been and what it has been used for.

 

EcoStruxure IT does not access any data stored on your servers or storage, or monitor any traffic passed through your network. Data is stored on Microsoft Azure in the United States. 

 

EcoStruxure IT Privacy Notice

 

Personal Data Use

Firstly, Schneider Electric processes and stores data for you, so it’s available to you anywhere in the world through the EcoStruxure IT app. But more importantly, sharing your data with Schneider Electric allows us to optimize the services and products we provide, to help you optimize your data center, and to enable you to benchmark yourself with peers worldwide.

 

Automatic Personal Data Deletion

When you deactivate your EcoStruxure IT account, our system automatically deletes your personal data for login. A historical record is kept for marketing purposes that is deleted after three years.

 

Data center and network security

 

Physical security

 

Facilities

The EcoStruxure IT servers are hosted in the United States on the Microsoft Azure Cloud, which is ISO 27001, HIPAA, FedRAMP, SOC 1, and SOC 2 certified. 

Learn more about Microsoft Azure facilities, premises and physical security

 

Network security

 

Logical Access

Access to the EcoStruxure IT Production Network is restricted by an explicit need-to-know basis, utilizes least privilege, is monitored, and is controlled by our Operations Team. Employees accessing the EcoStruxure IT Production Network are required to use multiple factors of authentication.

 

DDoS

As EcoStruxure IT is running on Microsoft Azure, Schneider Electric leverages their always-on traffic monitoring, and real-time mitigation of common network-level attacks, providing the same defenses utilized by Microsoft’s online services.

 

Third Party Security Penetration Testing

Schneider Electric continuously employs a rotating number of 3rd party certified hackers to perform detailed penetration tests of the entire EcoStruxure IT platform. 

Learn more about our security test report sharing policy

 

Monitoring

EcoStruxure IT is maintained and operated by a core DevOps team with extremely high standards for cyber security and data privacy. All parts of the EcoStruxure IT system are continuously monitored and scanned for potential security vulnerabilities or privacy issues.

The DevOps team is on-call 24/7 and able to react promptly to newly discovered threats or issues.

 

Encryption

 

Encryption in Transit

All connections to the EcoStruxure IT cloud are validated using an industry standard 2048 bit RSA certificate and data is encrypted in transit using 256 bit AES encryption.

For Android versions prior to 7.0, Schneider Electric can only guarantee 128 bit AES encryption due to limitations in the Android platform.

 

Encryption at Rest

EcoStruxure IT data is encrypted using 256 bit AES encryption.

 

Availability and Continuity

 

Uptime

EcoStruxure IT maintains a publicly available system-status webpage which includes system availability details, scheduled maintenance, service incident history, and relevant security events.

 

Redundancy

All components of the EcoStruxure IT platform are deployed in high availability configuration to eliminate single point of failure. All data is backed up to separate storage to prevent data loss.

 

Subprocessors and subcontractors for EcoStruxure IT

 

To support the delivery of EcoStruxure IT services, Schneider Electric uses subprocessors that may store and process personal data on users and subscribers to EcoStruxure IT services cloud solutions.

 

Subprocessors Personal Data

 

Entity name Purpose Entity country
Auth0

 

Auth0 provides a universal authentication and authorization platform for web and mobile. EcoStruxure IT uses Auth0 as identity provider.

 

For this purpose user name, e-mail, telephone number, IP address and login log information are stored in Auth0.

 

USA
Cloudflare

 

Cloudflare provides a global content delivery network, web application firewall and protection from distributed denial of service attack.

 

EcoStruxure IT uses Cloudflare to protect the service against malicious attacks.

 

Global
Google 

 

Google provides address lookups. EcoStruxure IT uses Google to do address lookups when adding new locations.

 

Global
MapTiler

 

MapTiler provides customizable maps. EcoStruxure IT uses MapTiler to show maps to users of customer locations.

 

MapTiler is supported by OpenStreetMap.

 

Switzerland
Segment

 

Segment is a single platform that collects, stores and routes user data to other tools. EcoStruxure IT uses segment to route analytics and event tracking of user behaviour to Totango.

 

For that purpose Segment stores the name, e-mail, and IP address of the user.

 

USA
SendGrid

 

SendGrid is an e-mail service provider. EcoStruxure IT uses SendGrid to send invitations, machine data reports, and password resets.

 

For logging purposes SendGrid stores e-mail address and information on whether the e-mail has been delivered and opened.

 

USA
Totango

 

Totango Inc. provide customer success software. EcoStruxure IT uses Totango to gain insights and analytics on customer behaviour and adaption as well as to send newsletters and updates to users.

 

Totango stores e-mails and phone numbers of users.

 

USA
Twilio, Inc.

 

The EcoStruxure IT uses Twilio to send authentication tokens to end-users who have chosen SMS based two-factor authentication.

 

For this purpose Twilio has access to the users telephone number in order to send authentication tokens via SMS.

 

Twilio is also used to send alarm push notifications. For this purpose Twilio has access to the content of the alarm notification.

 

USA
Salesforce

 

Salesforce provides cloud-based customer support services. EcoStruxure IT uses Salesforce as a ticketing system for registering customer incidents.

 

For that purpose Salesforce has access to and stores company/account name, names of users, e-mail, phone number, and information on incidents (alarms and ticket updates).

 

USA
Slack

 

Slack is an instant messaging program used for organizational communication. EcoStruxure IT uses Slack to publish customer feedback.

 

For that purpose Slack stores company/account names, names of users, and subscription information.

 

USA

 

Subprocessors Hosting

 

Entity Name Purpose Entity Country
Amazon Web Services

 

Amazon Web Services provide cloud hosting services.

 

USA
Microsoft Azure

 

Microsoft Azure provide cloud hosting services. Microsoft Azure is our primary cloud hosting services provider.

 

USA

 

 

Was this article helpful? Yes No
100% helpful (1/1)

Link copied. Please paste this link to share this article on your social media post.

Comments
cstolte
cstolte Cadet
Cadet
  • Mark as Read
  • Mark as New
  • Bookmark
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
‎2025-01-15 09:18 AM

great tool also to share with clients- to make sure and proof our most resilient secure and sustainable DCIM solution Ecostruxure IT 🙂

1 Like
Didn't find what you are looking for? Ask our Experts
To The Top!

Forums

  • APC UPS Data Center Backup Solutions
  • EcoStruxure IT
  • EcoStruxure Geo SCADA Expert
  • Metering & Power Quality
  • Schneider Electric Wiser

Knowledge Center

Events & webinars

Ideas

Blogs

Get Started

  • Ask the Community
  • Community Guidelines
  • Community User Guide
  • How-To & Best Practice
  • Experts Leaderboard
  • Contact Support
Brand-Logo
Subscribing is a smart move!
You can subscribe to this board after you log in or create your free account.
Forum-Icon

Create your free account or log in to subscribe to the board - and gain access to more than 10,000+ support articles along with insights from experts and peers.

Register today for FREE

Register Now

Already have an account? Login

Terms & Conditions Privacy Notice Change your Cookie Settings © 2025 Schneider Electric

This is a heading

With achievable small steps, users progress and continually feel satisfaction in task accomplishment.

Usetiful Onboarding Checklist remembers the progress of every user, allowing them to take bite-sized journeys and continue where they left.

of