Many companies have systems which have been in place for so long that they have become part of the fabric of their daily operations. Replacing these systems can be costly and disruptive, which means that, despite their lack of modern security features, they often remain in place indefinitely.
Originally these systems would not have been expected to be internet facing. However, as working practices continue to evolve, data is being shared across many platforms, some of them remotely located. This presents a major security and compliance risk.
Read on to find out more how a business used BlastShield to overcome these problems and strengthen its security stance and ensure compliance with data protection legislation.
The client is a logistics business with over 330 warehouse and transport hubs worldwide. Each one of them has a refrigeration and cold storage management system which runs on a legacy Windows server.
In this case, the Operating System had not been patched for several years and was therefore vulnerable to many exploits. The risk was multiplied as these systems controlled the levels of ammonia that were used in the refrigeration process. If a malicious actor was able to access these systems and manipulate the ammonia levels, similar to the Florida Water attack, a serious risk to life would ensue.
The BlastShield solution mitigates the risk associated with the legacy systems, along with all other critical assets – both ancient and modern – by making these systems invisible to all but the authorised users.
With the solution now in place, only authorised users who can identify themselves by means of BlastShield’s patented password-less multi factor authentication solution, or anybody that is approved by a Policy Manager, are able to access the refrigeration management stations.
Whether they are located on the premises on a local LAN, over Wi-FI or remotely located, each user now needs to authenticate and have the correct policy to see that the refrigeration system even exists.
The client has been able to retain and maximise their investment in their existing refrigeration management system, therefore extending their lifespan and freeing up budget for other business initiatives.
Risk and compliance requirements have been met, as the security of these systems is no longer a weakness.
Secure remote access has been established with military grade encryption that does not expose any interfaces or web services to the internet, making these systems secure whilst allowing them to operate in conjunction with modern business needs.
Insider threats have been eliminated as the refrigeration systems are now “virtually” air-gapped from other systems, removing the risk of malicious or inadvertent insider attack.
Security alarms and events are reduced as a result of limited access being provided, meaning that real threat issues become more obvious and can be responded to in a more timely manner.
Performance of remote access is improved through secure edge to edge tunneling between user and asset without the need to traverse security proxy gateways.
And finally, Chief Information Security Officers can sleep soundly at night.
TALK TO US ABOUT BLASTSHIELD
You can send an e-mail directly to email@example.com, or else you can complete the “Got a question?” reply form at the foot of this web page.
You can also call us directly on 01698 749 000.