From blogs to case studies to news, we love sharing our tips and tricks for asset management, cloud, IoT and smarter operations.

by | Apr 24, 2020

Security Enhanced Maximo for Sensitive Asset Management Data

One of the biggest problems faced with the accelerating pace of applications moving to cloud based infrastructure is security. When an application is internal or only available over an intranet there is additional security in place by default, as only authorised users will have access to that network. With a cloud-based application this layer of security is no longer available. This places even more importance on the User’s Password.

Is a Password Policy enough to secure your data?

If a Password Policy is not enforced by your organization, the majority of users will not use a strong password. Even with a Policy in place (which might require upper case letters, lower case letters, some numbers and a special character), users will simply add something wholly predictable like “123!” to the end of their weak password. To make matters worse, this password is likely used for all of the user’s credentials! This means the password doesn’t have to be stolen from the cloud-based application itself, if it is acquired from elsewhere – the cloud-based application may be at risk.

Troy Hunt one of Microsoft regional directors and the creator of the website have I been pwned? said, “The only secure password is one you can’t remember”. His Web Application highlights this brilliantly. I recommend opening this application and entering one of your personal email addresses, this website will then search through a database of password lists which have at one time or another been available on the dark web and will show you which accounts have been compromised.

Now it may be that recently you have started using a password manager, so you now have strong unique passwords for all your logins for all websites and applications you use. Great stuff – your personal online security is hardened! However, with a cloud hosted web application there is no guarantee that all or any of your users are using strong passwords and may actually still be using passwords which have been compromised and sold.

A Secure Solution that works for Asset Management?

The solution here goes back to Troy’s quote – force the users to use a password they can’t remember! This approach can be implemented using Two Factor authentication. As well as having to enter a Password, the users are forced to enter a number which is unique to them. They can’t remember this number as it changes every 30 seconds.

A lot of the bigger sites and applications have already implemented Two Factor Authentication, although they leave it as an optional setting in your account. Take Gmail’s 2-Step Verification for example. First, you’ll enter your password as usual when you sign in. Next, a code will be sent to your phone via text, call or app. Or, if you have a Security Key, you can insert it into your computer’s USB port. If a bad guy hacks through your password layer, they’ll still need something else to access your account.

Other providers may send you an SMS with a onetime password or code which expires after a short period of time or may even have an automated service call you with a onetime code. A lot of banking services send out fobs which generate one-time passwords required when logging in. All these methods use a one-time password in one form or another to help protect the data they are responsible for as well as the user’s privacy.

For some organizations, especially where asset data is particularly sensitive, Two Factor Authentication would be an ideal solution to add that extra layer of security – and peace of mind.

Locking down Maximo EAM with Two Factor Authentication – SEMaximo

I have built a framework which allows Maximo Administrators to set up user access using a Two Factor Authentication system. I have called it Security Enhanced Maximo (SEMaximo).

~ Checkbox from the User Application “Use TFA”, when this is checked the user is forced to setup TFA/MFA on their next login ~

SEMaximo makes a checkbox available in the Maximo Users application which when checked will present the User with a QR Code at next login – this is used to setup and sync Google Authenticator on their device.  They will be logged out of Maximo, then every time they log in from that point on, they will have to enter a generated number from the Google Authenticator application on their phone – as well as their Password.


~ The next time they login, they are presented with this QR Code and instructions for setting up MFA. Once set up, click return to login page. When they login they now have 3 boxes: normal user name, password and the MFA code generated on their device ~

The SEMaximo framework also allows E Signature to be configured to require two factor authentications for running tasks like Database Configuration or Switching Admin mode on and off.

SEMaximo Two factor authentication has be configurable on an Account by Account basis because not all accounts will be able to use this method of Two Factor authentication (we can assist with alternatives). Integration service accounts for example won’t always be able to use Two factor authentication but this is different to a user account as the system administrator has control of that password and can guaranteed it to be strong.

This extra layer is substantially more secure than the first, so together they offer a tight, secure Asset Management solution! With SEMaximo in place, as with all security measures – it is then up to Maximo administrators and users to implement these security enhancements and ensure asset information and data is never compromised!

We’re aiming to build Two Factor Authentication into the Maximo Integration Framework (MIF) further down the line for any integrations which may be able to make use of it.

BPD Zenith offer SEMaximo as an add-on Solution for Maximo. If you’re interested in the solution, or would like more information about it, please get in touch!

Chris Brown

Chris Brown

As an Engineer, Chris is one of BPD Zenith’s most experienced developers. With over 10 years of in-depth technical experience, Chris is the most certified member of the UK team, specialising in Maximo versions 4 to 7.6, Tivoli Process Automation Engine, DB2, SQL Server and Oracle DBA. Chris can develop custom applications and extend the functionality of standard Maximo applications using both the Maximo Application Designer and the Java programming language to meet client requirements. He is knowledgeable in developing custom reports and modifying existing reports using both Actuate and BIRT report designers.


Submit a Comment

Your email address will not be published.

Resourcing for Success

Resourcing for Success

Project resourcing is frequently one of the hot topics in our meetings. I frequently receive questions such as: Can we start the project now? Can we commit this resource to deliver from start to finish? Can we upskill one of our techs? Can we provide an additional...

Maximo Mobile Review

Maximo Mobile Review

The Maximo Mobile app recently released by IBM is something to get excited about!  IBM's Maximo mobility journey has been a little checkered in the past – previous solutions (Everyplace and Anywhere) didn't quite meet all the needs and requirements of many...

Developing Custom Mobile App using Maximo REST API

Developing Custom Mobile App using Maximo REST API

The mobile app for Maximo operations is a gateway to IoT and Advanced Analytics by capturing precise data at the point of performance and data not being captured when using the desktop version of Maximo. As assets become smarter and existing businesses need more...

Asset Management for Net-Zero Futures

Asset Management for Net-Zero Futures

Sustainability is not a new concept and BPD Zenith have always strived to be socially responsible, however, it is a critical imperative for today’s business operations – and for the planet. There has been a shift from using digital to improve the bottom line, to...

The Hidden Value of CMMS Master Data

The Hidden Value of CMMS Master Data

Having made a significant investment in your CMMS, advances in Data analytics are prompting rethinks about the Master Data that underpins your ability to launch programs such as Asset performance management, Monitor Asset health and enhance Predictive Maintenance. A...

Sign up to our free newsletter to explore emerging technologies, industry events and Maximo best practice.

Discover the Maximo Application Suite

Discover BPD's award winning Maximo and IoT Services

Come with BPD Zenith to the future of Asset Management

Partner Ecosystem

BPD Zenith partners with a diverse array of the world’s top Technology, Business and Solution Integration leaders.