Building management maintenance is important for data center operators. This can be done using VPN access but it has inherent limitations that make the use of VPNs risky for the safety and security of corporate networks.
Covid-19 has forced businesses to rethink the working ways and has caused the propagation of a work-from-home or remote-working culture on a massive scale. Cloud-based SaaS videoconferencing and other supporting applications have made this transition a smooth one and allowed the corporate workforce to remain productive.
The real problem is now being faced by the exceptionally skilled technical workers who require system access which is possible only on highly-secure corporate networks like industrial building management systems. Managers also have to ensure that only authorized personnel are granted access to these systems. Till 2019, access to the systems was only possible if the employee was present on-site. The travel restrictions and social distancing measures that were put in place in 2020 have strained these employees and created potential risks that are critical to operations.
For building management system maintenance, earlier the data center operators allowed access through traditional VPN software. But this software has limitations such as vulnerability to common attack vectors and the complexity and difficulty in managing these VPNs. Also, in most cases, dynamic access is not allowed based on user context and conditions.
Owing to these problems, many data center operators are now looking for suitable alternatives to the more traditional VPNs. One of the best answers for such data center operators who manage sensitive industrial systems is the Software-Defined Perimeter (SDP). One of the biggest advantages offered by SDP is the ability to enforce least privilege access to third party organizations. In contrast to a VPN, SDP based access allows employees to work on specific systems which are a part of the support contractor’s agreement, without giving them access to the entire network.
For example, if a contractor is responsible for the maintenance of wireless humidity and temperature sensors of a data center, that contractor can be given limited access to the relevant servers without allowing access to the other building management systems. SDP also has a feature that allows the data center operators to determine whether or not a system is sufficiently updated and secured to access the network. These additional security and audit controls provide much better safety access control than traditional VPNs.
All in all, The traditional VPNs are no longer suitable for dynamic and multi-dimensional access control for industrial building management systems.