Integrated SCADA Application Security – More Control, Less Complexity
All the security features in the world are of no use if they are so burdensome that operators and developers avoid using them. Like all our core SCADA features, we strive to make SCADA application security management simple and scalable, while remaining infinitely configurable.
Application security is managed within the standard operator interface, allowing authorized users to make changes without switching views; then instantly deploy those changes across the entire system without restarting.
A Smarter Approach to Security Management
Each application includes its own security accounts and settings which control access to all parts of the application including workstations, thin clients, mobile clients, and alarm notifications. Deployed security changes are immediate and application wide. Accounts are easily copied, modified, and deleted. You can now even share accounts across multiple applications.
Rules and Roles simplify user management by replacing an ever-growing list of privileges.
- Rules combine tags, privileges, and locations to finely tune who can do what, where.
- Roles are sets of Rules corresponding to specific jobs (e.g., plant opera-tor). Quickly configure new users by adding one or more roles to an account.
The security database scheme employs military-grade encryption as does the security data exchanged between Internet Clients and Servers.
In addition to TLS (Transport Layer Security) VTScada supports SMTP email servers requiring TLS (e.g., Gmail) when sending alarm notifications. USB hardware keys (dongles) are also available.
Configure passwords to exceed a minimum length, contain alphabet-ic, numeric, or special characters, or expire after a configurable period. Accounts can be disabled following repeated failed log-in attempts and users can be logged-out after a configurable period of inactivity.
New in 11.3 – Enhanced Security with OpenID Connect®
Support for OpenID Connect permits integration of VTScada Security with third-party authentication servers on VTScada Anywhere Clients. Depending on your chosen authentication server, this can allow single sign-in (one password to access to many systems) and two-factor authentication (e.g., Google Authenticator or Apple Touch sensor).
Define what information users can see in large applications. For example, if an application monitors two plants, operators from each plant can be grouped so that they see only the alarms and tags from their respective plants. A third group for managers can be set up to see information from both plants.
Share Security Accounts Across Applications
To reduce duplication and ensure consistency, accounts can now be shared across multiple applications. The security database scheme now employs military-grade encryption as does the security information exchanged between the VTScada Internet Client and Server.