At MachineMetrics, security is a constant consideration in every decision we make. You don’t have to be a certified network security engineer to use MachineMetrics. Our platform provides a secure, scalable infrastructure for extending your manufacturing metrics, as well as easy-to-use tools for managing your devices. The device platform includes important practices and features such as:
Security By Default
Every message sent through is encrypted and secure. No plaintext allowed. Man-in-the-middle attacks, replay attacks, and loss of sensitive information are just a few of the threats that can occur if communications between the device and the cloud are not encrypted, or are encrypted poorly. Proper encryption ensures confidentiality, integrity, and authenticity.
Configuration Cloud Backup
All Edge device configuration is stored in the cloud. In the event that a device needs to be replaced, configuration simply requires registering the Edge device and updating your machines to use that device.
Each device is given its own private key, so only authorized hardware can communicate with the MachineMetrics cloud.
With access controls, you can assign roles (a set of permissions) to each member of your team. This allows you to limit the users that have access to manage edge devices within your organization.
We monitor our servers and the security landscape to ensure your devices stay locked down.
No Open Ports
MachineMetrics Edge devices don’t leave any incoming ports open for port scanners or active side attacks. Each open port and available protocol is a potential point of attack. MachineMetrics communicates out to machines to gather data and pushes that data out to the cloud. It also reaches out for software updates and uses secure VPN technology for remote device maintenance and troubleshooting.
All services running on the Edge device are isolated to only allow access to the other services and network resources that they require. Utilizing Docker technology, each service runs in a dedicated memory and process space and the use of virtual local area networks are in place to restrict access to just the components required to run each service.
MachineMetrics Edge devices come equipped with multiple Network Interface Cards: two ethernet, one WiFi, and one cellular (optional). By separating the network where your machines reside from the network that has access to the internet, the Edge device acts as a secure bridge — only transmitting out the data that is necessary to power MachineMetrics while significantly reducing the surface area of your machine network.
In addition to no open network ports, MachineMetrics Edge devices do not have any user interface or the ability to log in via terminal. The device is fully managed via a secure connection to the cloud. Input devices (keyboards, mice, etc) are ignored. If a display is connected, only a logo is visible.
Encrypted Radio Connections
Radio connections are encrypted by industry-standard WPA2 when in use.
OTA Firmware Updates
MachineMetrics Edge devices are kept up-to-date automatically with the latest software and operating system versions. We regularly apply new firmware updates to address security vulnerabilities and deliver product enhancements. Establishing a rigorous process to check that your external dependencies and libraries are up to date and validated is critical. Modern encryption and communication protocols evolve over time, and you must invest in staying current, or risk ignoring new vulnerabilities. Just like application security, a larger number of dependencies means that more maintenance must be done. MachineMetrics takes care of that for you.
Strong Administrative Protocols
Our teams use best practices including two-factor authentication for maintaining infrastructure including Edge device management. Two-factor authentication is an industry-standard security feature to help accounts, and subsequently, your fleet of devices, protected. If a device is physically compromised, the device API key can only be used to read information about the device or the application the device is associated with and the keys can be revoked, removing it from service.
As a matter of policy, MachineMetrics intentionally limits the scope of all data stored on the Edge device. As sensitive information passes through, the Edge device will secure the data, but not store it after it has been sent to our cloud. We do not store any personally identifiable information on Edge devices.
MachineMetrics adheres to a set of cloud best practices that assure device and cloud security. We utilize leading industry tools like Balena to manage our edge devices, securely. Always on and connected servers require constant monitoring and testing. By minimizing our network, application, and dependency surface area, and closely monitoring access and behavior, we minimize all known attack vectors providing a highly secure and scalable product.
Contact firstname.lastname@example.org to learn more.