Welcome to Ewon's Blog

Discover how Ewon solutions can turn your IIoT ambitions into reality!

ISO 27001: discover how it helps us develop highly secure industrial IoT solutions

by Jean-David Epaillard - IT & Security Manager | Jan 21, 2020
 

The number of connected devices continues to increase. The installed base, according to Statista, is expected to exceed 50 billion by the end of the year. This growth is driven by several axes, including in particular:

  • Network maturity and the advent of new technologies: we are not only thinking of 5G but also of low-speed protocols suitable for transferring smaller amounts of data reliably and at a lower cost.
  • Interoperability on the rise: OPC UA is just one of the many standards promoting interconnection between PLCs, sensors, HMIs and data processing platforms. Until recently, objects operated in a closed circuit, in network-silos, but this is less and less the case.
  • Data enhancement and the development of machine intelligence: recovering data is only the first step in the digitalization process. The ability of your organization to process this information, with an aim at making it more valuable, will make a huge difference.

This growth also raises many questions, including that of security. Specialized associations have emerged and now draw the attention of users, both private and institutional, to the risks posed by an unsecured connected object. The latest report published by the organization Digital.Security is not very complimentary. Among the vulnerabilities frequently encountered, we find the use of default secrets (username and password), the use of unsecured communication protocols as well as cleartext data storage.

If these vulnerabilities offer attackers the possibility of manipulating a connected object and its data, the compromise of support servers often allows control of all connected solutions deployed by a manufacturer.

Security is our first priority - Security

ISO 27001, more than a certification, a corporate culture

 

Therefore, HMS develops the Ewon solutions in compliance with the ISO 27001 standard. Through this certification, we, as an organization, demonstrate our desire to offer highly secure products.

As a matter of fact, ISO/IEC 27001 is one of the best-known standards in the IT sector. It provides requirements for an information security management system (ISMS) which allows us, among other things, to:

Guarantee the compliance of our solutions with the latest regulations:

In May 2018, the General Data Protection Regulation (GDPR) entered into force. Considerable changes had to be made to many systems to guarantee the protection of personal data. Given its strict framework, ISO 27001 certification has enabled us to comply with this new legislation quickly.

Ensure the level of training of our employees in cybersecurity:

The latest report published by the CNIL in France emphasizes that each year, 46% of IT security incidents affecting businesses are caused by the employees of the companies concerned. The ISO 27001 standard raises awareness of the risks associated with cyberattacks. Per the precepts of this certification, our employees are regularly audited and must follow a training program. Both these actions are additional proofs of our commitment to developing secure solutions.

Improve our organization by defining clear responsibilities and establishing better processes:

Cybersecurity is more than just setting up a firewall. It corresponds to a state of mind. It must combine both protective and reactive measures. Security is a delicate marriage between people, processes and technologies. The ISO 27001 standard guarantees this state of mind which allows Ewon to offer you ever safer products without hampering their ease of use.

Manage and balance risks optimally:

Once again, security is nothing if it does not relate to the most critical processes of an organization. It is imperative to protect your assets effectively. An objective that remains within our grasp through the adoption of sound risk governance. To achieve this, our organization must uniformly assess each risk and balance them effectively. The 27001 standard requires the implementation of quantitative and qualitative risk assessment and treatment systems.

ISO 27001 Certification by Ewon

 

In the context of my IIoT projects, what challenges does the ISO 27001 certification help me meet?

 

At Ewon, our motto is "Easy & Secure". Our industrial connectivity experts must find and maintain the right balance between security and agility, between protection and productivity. A balance that you should be able to take full advantage of when using our solutions.

ISO 27001 certification allows you to:

Reduce risks:

By choosing Ewon, you are choosing a highly secure solution. Whether it's remote access or data collection, Talk2M allows you to achieve your key strategic goals without compromising on security. The ISO 27001 standard acts as a guarantee, drastically reducing the risks linked to the connectivity of your machines.

Manage risks-related costs:

Have you ever tried to quantify the economic impact of the unavailability in minutes, hours or even days of a critical machine on a production line? Unavailability which is often linked to improper handling on site. Our solutions drastically reduce this risk. And since they are ISO 27001 certified, they maintain a positive balance between this type of incident and the dangers linked to connectivity.

Differentiate yourself from your competitors:

By opting for HMS and its Ewon brand, you offer more than a connectivity solution. You provide your customers with the guarantee of being able to intervene on very short notice on your machines. You propose to analyze its performance to make relevant diagnoses without compromising their integrity or security. The ISO 27001 standard radiates beyond our organization. For you, it acts as a quality-guarantee of the services you offer with your machine. Subsequently, it strengthens the image of your brand.

BUILD-UP YOUR market credibility:

Developing your activities in new markets requires the adoption of remote monitoring solutions. These help you reduce the costs related to the supervision and maintenance of the machines you have exported. Beyond remote monitoring, our solutions allow you to collect data to improve the efficiency of your equipment. By offering ISO 27001 certified connectivity services, you assure your customers that all the collected data is protected.

 

ISO 27001 certification is only one of the building blocks of our security approach

 

Operations data, information on machine efficiency and know-how are the basis for value creation for HMS, its customers and partners.

Defense in Depth - Security

Using guidelines set forth by ISO27002, IEC 62443-2-4 and NIST Cybersecurity Framework 1.0, we have developed a managed, hybrid, layered cybersecurity approach to protect your devices, network and most importantly, your industrial control systems.

Willing to learn more about our security approach? Click here. 

Through this article, we hope to have made you aware of the importance of opting for a secure solution for your IIoT projects. We remain at your disposal if you have any questions. Do not hesitate to contact us. Our experts will be happy to help you.

Industrial Routers

Ewon Industrial Routers for Easy and Secure Connectivity

Enjoy the benefits of on-demand remote access, collect and aggregate industrial operations data locally or centrally in the cloud.
Your machine portal

Web Dashboard: M2Web

The free white label web portal of Talk2M providing secure mobile access to your remote HMI, web server, PC and panels.
Remote Access VPN client

Smart VPN Client: Ewon eCatcher

The Talk2M Remote Connectivity software enabling you to connect within a high secure environment to all your devices.
Connectivity as a Service

Industrial Cloud: Ewon Talk2M

Discover Talk2M, a scalable, reliable, and fully redundant Industrial Cloud.