Product security features

JLehr · ‎2023-11-14

The EcoStruxure IT platform is security hardened with a mandatory two-factor authentication and high encryption standards. Your data is securely transported to the EcoStruxure IT platform using the EcoStruxure IT Gateway, which uses an outbound connection to ensure no one can compromise your environment.

Authentication security

Password policy

The EcoStruxure IT password policy requires:

At least 8 characters in length.
At least 3 of the following 4 types of characters:
- Lower case letters (a-z),
- Upper case letters (A-Z),
- Numbers (i.e. 0-9),
- Special characters (e.g. !@#$%^&* )
No more than 2 identical characters in a row (i.e. “aaa” not allowed)

EcoStruxure IT will validate your password, as long as it is not one of the 10,000 most common passwords and that it is not the first part of your email address.

Please note that your password will not expire according to recommended password policies by NIST & National Cyber Security Centre in the UK.

Multifactor Authentication

Multifactor authentication provides another layer of security to your EcoStruxure IT account, making it more challenging for somebody else to sign in as you.

Multifactor authentication is turned on for all logins to EcoStruxure IT, whether you are a customer, partner or Schneider Electric employee.

Schneider Electric advises you to use the EcoStruxure IT app for second factor authentication or a 3rd-party authenticator app. Though it is possible to use short-lived one time SMS tokens as a last resort, it is not recommended.

Secure Credential Storage

Schneider Electric follows secure credential storage best practices by never storing EcoStruxure IT passwords in clear text format, and only as the result of a bcrypt secure, salted hash.

Passwords are decoupled from the internal platform and saved using Auth0, a solution recommended by authentication management experts.

Failed Login Attempts

Schneider Electric enforces brute force protection for EcoStruxure IT. You will be blocked from logging in to your account if you have entered a wrong password for more than 10 times from the same IP address. You will then receive instructions on how to unblock the IP address from EcoStruxure IT via email.

Schneider Electric enforces rate limits as well. If you attempt to log in 20 times per minute as the same user from the same location, regardless of having the correct credentials, the rate limit will apply. You will then only be able to make 10 attempts per minute.

Gateway Security

Outbound Connection

Schneider Electric is committed to keeping your data secure and private, even before it leaves your site. All connections from the EcoStruxure IT Gateway to our cloud are validated using an industry standard 2048 bit RSA certificate and data is encrypted in transit using 256 bit AES encryption.

To avoid compromising the security of your site, the EcoStruxure IT Gateway uses an outbound connection through Port 443, and only communicates to EcoStruxure IT cloud using 40.84.62.190, 23.99.90.28, 52.230.227.202, 52.177.161.233, and 52.154.163.222.

The communication from this outbound connection is always initiated by the Gateway. The Gateway connects to our cloud at regular intervals to check for messages, and then performs actions based on those messages.

Infographic: Learn more about how EcoStruxure IT applies updates to your infrastructure

Authentication

All requests coming from the Gateway are signed using a unique private key created on installation and stored in the gateway, making it impossible to impersonate it.

Auto Updates

The EcoStruxure IT Gateway features an auto-update functionality ensuring that the software security patching happens automatically and that the Gateway is always up-to-date.

During the update, the Gateway continues to communicate sensor data and alarms to the cloud, minimizing downtime.

See also

EcoStruxure IT security

Application security

Data privacy

Data center and network security

Subprocessors and subcontractors for EcoStruxure IT