THE BPD Blog

We love sharing our tips and tricks for Maximo, Cloud, and IoT.

by | Apr 24, 2020

Security Enhanced Maximo for Sensitive Asset Management Data

One of the biggest problems faced with the accelerating pace of applications moving to cloud based infrastructure is security. When an application is internal or only available over an intranet there is additional security in place by default, as only authorised users will have access to that network. With a cloud-based application this layer of security is no longer available. This places even more importance on the User’s Password.

Is a Password Policy enough to secure your data?

If a Password Policy is not enforced by your organization, the majority of users will not use a strong password. Even with a Policy in place (which might require upper case letters, lower case letters, some numbers and a special character), users will simply add something wholly predictable like “123!” to the end of their weak password. To make matters worse, this password is likely used for all of the user’s credentials! This means the password doesn’t have to be stolen from the cloud-based application itself, if it is acquired from elsewhere – the cloud-based application may be at risk.

Troy Hunt one of Microsoft regional directors and the creator of the website have I been pwned? said, “The only secure password is one you can’t remember”. His Web Application highlights this brilliantly. I recommend opening this application and entering one of your personal email addresses, this website will then search through a database of password lists which have at one time or another been available on the dark web and will show you which accounts have been compromised.

Now it may be that recently you have started using a password manager, so you now have strong unique passwords for all your logins for all websites and applications you use. Great stuff – your personal online security is hardened! However, with a cloud hosted web application there is no guarantee that all or any of your users are using strong passwords and may actually still be using passwords which have been compromised and sold.

A Secure Solution that works for Asset Management?

The solution here goes back to Troy’s quote – force the users to use a password they can’t remember! This approach can be implemented using Two Factor authentication. As well as having to enter a Password, the users are forced to enter a number which is unique to them. They can’t remember this number as it changes every 30 seconds.

A lot of the bigger sites and applications have already implemented Two Factor Authentication, although they leave it as an optional setting in your account. Take Gmail’s 2-Step Verification for example. First, you’ll enter your password as usual when you sign in. Next, a code will be sent to your phone via text, call or app. Or, if you have a Security Key, you can insert it into your computer’s USB port. If a bad guy hacks through your password layer, they’ll still need something else to access your account.

Other providers may send you an SMS with a onetime password or code which expires after a short period of time or may even have an automated service call you with a onetime code. A lot of banking services send out fobs which generate one-time passwords required when logging in. All these methods use a one-time password in one form or another to help protect the data they are responsible for as well as the user’s privacy.

For some organizations, especially where asset data is particularly sensitive, Two Factor Authentication would be an ideal solution to add that extra layer of security – and peace of mind.

Locking down Maximo EAM with Two Factor Authentication – SEMaximo

I have built a framework which allows Maximo Administrators to set up user access using a Two Factor Authentication system. I have called it Security Enhanced Maximo (SEMaximo).

~ Checkbox from the User Application “Use TFA”, when this is checked the user is forced to setup TFA/MFA on their next login ~

SEMaximo makes a checkbox available in the Maximo Users application which when checked will present the User with a QR Code at next login – this is used to setup and sync Google Authenticator on their device.  They will be logged out of Maximo, then every time they log in from that point on, they will have to enter a generated number from the Google Authenticator application on their phone – as well as their Password.

 

~ The next time they login, they are presented with this QR Code and instructions for setting up MFA. Once set up, click return to login page. When they login they now have 3 boxes: normal user name, password and the MFA code generated on their device ~

The SEMaximo framework also allows E Signature to be configured to require two factor authentications for running tasks like Database Configuration or Switching Admin mode on and off.

SEMaximo Two factor authentication has be configurable on an Account by Account basis because not all accounts will be able to use this method of Two Factor authentication (we can assist with alternatives). Integration service accounts for example won’t always be able to use Two factor authentication but this is different to a user account as the system administrator has control of that password and can guaranteed it to be strong.

This extra layer is substantially more secure than the first, so together they offer a tight, secure Asset Management solution! With SEMaximo in place, as with all security measures – it is then up to Maximo administrators and users to implement these security enhancements and ensure asset information and data is never compromised!

We’re aiming to build Two Factor Authentication into the Maximo Integration Framework (MIF) further down the line for any integrations which may be able to make use of it.

BPD Zenith offer SEMaximo as an add-on Solution for Maximo. If you’re interested in the solution, or would like more information about it, please get in touch!

Chris Brown

Chris Brown

As an Engineer, Chris is one of BPD Zenith’s most experienced developers. With over 10 years of in-depth technical experience, Chris is the most certified member of the UK team, specialising in Maximo versions 4 to 7.6, Tivoli Process Automation Engine, DB2, SQL Server and Oracle DBA. Chris can develop custom applications and extend the functionality of standard Maximo applications using both the Maximo Application Designer and the Java programming language to meet client requirements. He is knowledgeable in developing custom reports and modifying existing reports using both Actuate and BIRT report designers.

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

6 Benefits of MaxiCloud LaaS (Bridge to Cloud)

6 Benefits of MaxiCloud LaaS (Bridge to Cloud)

Cloud is a hot topic at the moment and most organisations are either preparing to move to the Cloud or have already made the jump. If you’re in the first category and are gearing up, then BPD Zenith’s MaxiCloud License as a Service (LaaS) could be the ideal first...

Meet the Team – Yuhang Xiong

Meet the Team – Yuhang Xiong

1. What is your position at BPD Zenith? "I'm a Trainee Maximo Consultant for BPD Zenith North America." ~Yuhang working from home~ 2. What led you to choose this career path? What alternative career path would you have chosen and why? "Being a Maximo Consultant best...

Regulatory Compliance – Maximo for Oil and Gas Use Cases

Regulatory Compliance – Maximo for Oil and Gas Use Cases

As most of us know, there is a lot more to IBM Maximo than most businesses use, and if you add in one of the Industry Solutions then that functionality is exponentially greater!  In the Maximo for Oil and Gas modules, there is a wealth of functionality that enables...

MaxiCloud in Self Isolation

MaxiCloud in Self Isolation

It’s fair to say that even though it’s only May, 2020 has been a challenging year! For our Australian cohort, a set of bushfires which devasted much of the East Coast and then COVID-19 which has impacted us all globally. We are all in this together Positivity is my...

Sign up to our free newsletter to explore emerging technologies, industry events and Maximo best practice.

Listen to your assets!

Most companies are aware of waste in their preventative maintenance efforts, but aren’t quite sure how to eliminate it. 

Resources