Technology Record - Issue 28: Spring 2023

VIEWPOINT Can you afford the cost of insecure systems? Demilitarised zones can keep data safe while securing systems from expensive attacks Insecure systems cost far too much. The average loss from a successful data breach on a corporate system is in the millions of dollars. Even small business losses are typically in the hundreds of thousands, which is enough to shut many companies down. On top of this, cyberattacks on enterprises of all sizes are also on the rise – more than half of the businesses in industrialised nations are compromised each year. So how can organisations secure their systems to keep data safe? 1. Invest in prevention Considering the risks, it is wise to invest in prevention. Most successful corporate hacks are targeted at office systems. So, if you are allowing connections from IT to operations, you need to ensure that the production system is not compromised by an attack on IT. Cybersecurity experts, industry leaders and government agencies all agree that the most secure way to connect IT and operations is to segregate networks using a demilitarised zone (DMZ). 2. Isolate production A DMZ isolates the production system from IT, ensuring there is no direct link between corporate networks and control networks. Only known and authenticated actors can enter the system. Firewalls are needed to protect both operations and IT sides and should be configured to allow only outbound connections to the DMZ. This ensures that only the correct data passes between networks. 3. Tunnel and mirror the data To make a secure, robust connection across a DMZ and enable real-time bidirectional communication, Skkynet recommends secure tunnel/mirroring. Well-designed tunnel/ mirror middleware can mirror data securely across a DMZ in real time to clients running in IT or the cloud. There is no need for virtual private networks, and all inbound firewall ports can stay closed. Access to operations data is becoming essential in today’s competitive environment. But there is no reason such access cannot be secure. Segregating networks using a DMZ is the recommended approach, and this is best implemented with secure tunnel/mirroring. Find out how Skkynet’s DataHub middleware can keep industrial data safe: Xavier Mesrobian is vice president of sales and marketing at Skkynet Cloud Systems XAVIER MESROBIAN: SKKYNET CLOUD SYSTEMS “The most secure way to connect IT and operations is to segregate networks using a demilitarised zone” 143 INDUSTRIALS & MANUFACTURING