Versions Compared

Version Old Version 1 New Version 2
Changes made by

Kimberly Onnen

Kimberly Onnen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Updated:

Insert excerpt
BOB:Security Document Update Date
BOB:Security Document Update Date
nopaneltrue

Traditional BAS Security Approach

Traditional building automation systems (BAS) and non-Cloud analytics solutions require installers or end-users to deploy their server solutions within a corporate network. While there is nothing inherently insecure about deploying vendor solutions within corporate networks, there is an increased responsibility taken on by the installer and end-user to ensure that the solutions are deployed in a secure manner. This includes taking responsibility for:

  • SSL certificate management

  • Network access management (Public and Private)

  • Database management

  • Application maintenance

  • Operating

    System

    system maintenance

  • Hypervisor maintenance

  • Physical security to data centers

When a vendor system is deployed, specifically in the building automation and analytics space, the expectation of the vendor and end-user is that the system is available from any location and any device. This is typically accomplished in one of two ways:

  • VPN Access

  • Exposing the application to the internet with a public IP address

Once the solution is exposed to the internet with a public address, that solution is now a target for attackers to leverage as a penetration point into the corporate network. While some attacks target applications like building automation and analytics systems, the attackers are typically more interested in corporate information that is placed behind the firewall with no direct access from the internet.

...

Fully Managed Cloud Services

  • The Building Optimization Broker application service is deployed in a fully managed cloud in AWS

  • The Building Optimization Broker database server is deployed in a fully managed cloud in AWS

Scroll pagebreak

AWS (Amazon) Handles

WennSoft® Handles

Operating System maintenance (Database)

Operating System maintenance (Application Servers)

Hypervisor maintenance

Network access management (Public and Private)

Physical security to data centers

Database management


Application maintenance

SSL Communications between Clients and Server/Database

  • Building Optimization Broker MiniAgents communicate with the Building Optimization Broker database and application server using SSL

    • The Building Optimization Broker Desktop Application communicates with the Building Optimization Broker database and application server using SSL

Proprietary Communications Protocol

Our “mLink” protocol employs a proprietary messaging system that onlyWennSoft®devices and applications are able to decrypt.

...

By employing the above security features Building Optimization Broker allows vendors and end-users to:

  • Remove the need to handle top-to-bottom management and maintenance of the solution

  • Securely access live and historic building automation data without exposing those systems to the internet

With the Building Optimization Broker tunneling feature, WennSoft provides vendors and end-users access to the building automation system in a manner significantly more secure than the required exposing of other vendor solutions to the internet.

...