On Data Security at tapio
At tapio, we hear these questions often from our customers and especially from those who would like to become our customers. They have recognized the enormous potential of connecting their machines to the tapio ecosystem, but hesitate because they have concerns about safety. First of all, we must have a clear understanding that the data generated by a physical asset such as a machine belongs to the person who owns that physical asset. We as tapio see ourselves here as trustees who manage this data. Therefore, one of our highest principles is to protect the data entrusted to us as best as possible against misuse. This affects, on the one hand, the secure persistence and administration of the data, but above all, also secure communication during the creation and use of the stored data. But one after the other.
The starting point of the data are the machines connected to tapio. For the connection to tapio, a connector software provided by tapio is used, which runs on or in the environment of the machine. OPC UA is used as the interface technology between connector and machine, which has evolved into the standard for machine-oriented communication because of its built-in security mechanisms. This means that the machine provides data as an OPC UA server, which the connector then transports to tapio. The connector supports all security levels defined by OPC UA to protect the machine optimally.
The connection between the connector and tapio is always initiated from the connector. This ensures that the connection cannot be established from the Internet into the customer network and that no publicly accessible ports in the firewall are necessary.
The actual connection setup is also multi-level. It is starting with encrypted communication via HTTPS. A second building block in the connection to tapio is the individual certificate, which each Cloudconnector instance needs and is therefore uniquely identifiable. In return, the connector can also uniquely identify tapio utilizing another certificate. This ensures that a connector will only send its data to tapio.
As a further measure, the connections are time-limited, which means that the connection is re-authenticated periodically, and new, time-limited access tokens are created.
Data is always transmitted and stored encrypted, even within tapio. A secure administration of the keys is especially important. Since tapio is based on Microsoft Azure, we consistently use all security functions offered by Azure. For all keys, secrets, and guidelines, this is the certified key store Key Vault. With Azure Threat Detection, Protection, and Analytics, the latest artificial intelligence-based methods for threat detection and defense are also used.
Apps and services that communicate with tapio must authenticate themselves using standardized procedures such as OAuth2 or OpenID Connect. At the apps and services themselves, the users have to authenticate at the same central administration service. Here we use the same technologies as e.g., Microsoft uses with Office 365. In general, this is one of our highest principles in software development: Security-relevant services, algorithms, or libraries must not be programmed by ourselves. The risk of security-critical errors creeping in is enormous. This is why we consistently rely on proven standard software.
In addition to secure authentication, tapio also includes central rights management. Customer administrators can centrally manage users, machines, and applications. Through the login to the tapio user administration integrated into every application, the administrator can control which app and which user should get access for every service offered on tapio - no matter if by tapio or a partner.
The described measures result in a multi-level security concept, which corresponds to the current state of the art. We will monitor future developments in the information security sector and adopt the findings relevant to us accordingly.
Therefore, every tapio software module, including the connector in the customer network can be automatically updated at any time. From our point of view, the most important component for every security concept. This is the only way to be able to ward off future threats that are not yet known effectively.