THE BPD Blog

From blogs to case studies to news, we love sharing our tips and tricks for asset management, cloud, IoT and smarter operations.

by | Apr 24, 2020

Security Enhanced Maximo for Sensitive Asset Management Data

One of the biggest problems faced with the accelerating pace of applications moving to cloud based infrastructure is security. When an application is internal or only available over an intranet there is additional security in place by default, as only authorised users will have access to that network. With a cloud-based application this layer of security is no longer available. This places even more importance on the User’s Password.

Is a Password Policy enough to secure your data?

If a Password Policy is not enforced by your organization, the majority of users will not use a strong password. Even with a Policy in place (which might require upper case letters, lower case letters, some numbers and a special character), users will simply add something wholly predictable like “123!” to the end of their weak password. To make matters worse, this password is likely used for all of the user’s credentials! This means the password doesn’t have to be stolen from the cloud-based application itself, if it is acquired from elsewhere – the cloud-based application may be at risk.

Troy Hunt one of Microsoft regional directors and the creator of the website have I been pwned? said, “The only secure password is one you can’t remember”. His Web Application highlights this brilliantly. I recommend opening this application and entering one of your personal email addresses, this website will then search through a database of password lists which have at one time or another been available on the dark web and will show you which accounts have been compromised.

Now it may be that recently you have started using a password manager, so you now have strong unique passwords for all your logins for all websites and applications you use. Great stuff – your personal online security is hardened! However, with a cloud hosted web application there is no guarantee that all or any of your users are using strong passwords and may actually still be using passwords which have been compromised and sold.

A Secure Solution that works for Asset Management?

The solution here goes back to Troy’s quote – force the users to use a password they can’t remember! This approach can be implemented using Two Factor authentication. As well as having to enter a Password, the users are forced to enter a number which is unique to them. They can’t remember this number as it changes every 30 seconds.

A lot of the bigger sites and applications have already implemented Two Factor Authentication, although they leave it as an optional setting in your account. Take Gmail’s 2-Step Verification for example. First, you’ll enter your password as usual when you sign in. Next, a code will be sent to your phone via text, call or app. Or, if you have a Security Key, you can insert it into your computer’s USB port. If a bad guy hacks through your password layer, they’ll still need something else to access your account.

Other providers may send you an SMS with a onetime password or code which expires after a short period of time or may even have an automated service call you with a onetime code. A lot of banking services send out fobs which generate one-time passwords required when logging in. All these methods use a one-time password in one form or another to help protect the data they are responsible for as well as the user’s privacy.

For some organizations, especially where asset data is particularly sensitive, Two Factor Authentication would be an ideal solution to add that extra layer of security – and peace of mind.

Locking down Maximo EAM with Two Factor Authentication – SEMaximo

I have built a framework which allows Maximo Administrators to set up user access using a Two Factor Authentication system. I have called it Security Enhanced Maximo (SEMaximo).

~ Checkbox from the User Application “Use TFA”, when this is checked the user is forced to setup TFA/MFA on their next login ~

SEMaximo makes a checkbox available in the Maximo Users application which when checked will present the User with a QR Code at next login – this is used to setup and sync Google Authenticator on their device.  They will be logged out of Maximo, then every time they log in from that point on, they will have to enter a generated number from the Google Authenticator application on their phone – as well as their Password.

 

~ The next time they login, they are presented with this QR Code and instructions for setting up MFA. Once set up, click return to login page. When they login they now have 3 boxes: normal user name, password and the MFA code generated on their device ~

The SEMaximo framework also allows E Signature to be configured to require two factor authentications for running tasks like Database Configuration or Switching Admin mode on and off.

SEMaximo Two factor authentication has be configurable on an Account by Account basis because not all accounts will be able to use this method of Two Factor authentication (we can assist with alternatives). Integration service accounts for example won’t always be able to use Two factor authentication but this is different to a user account as the system administrator has control of that password and can guaranteed it to be strong.

This extra layer is substantially more secure than the first, so together they offer a tight, secure Asset Management solution! With SEMaximo in place, as with all security measures – it is then up to Maximo administrators and users to implement these security enhancements and ensure asset information and data is never compromised!

We’re aiming to build Two Factor Authentication into the Maximo Integration Framework (MIF) further down the line for any integrations which may be able to make use of it.

BPD Zenith offer SEMaximo as an add-on Solution for Maximo. If you’re interested in the solution, or would like more information about it, please get in touch!

Chris Brown

Chris Brown

As an Engineer, Chris is one of BPD Zenith’s most experienced developers. With over 10 years of in-depth technical experience, Chris is the most certified member of the UK team, specialising in Maximo versions 4 to 7.6, Tivoli Process Automation Engine, DB2, SQL Server and Oracle DBA. Chris can develop custom applications and extend the functionality of standard Maximo applications using both the Maximo Application Designer and the Java programming language to meet client requirements. He is knowledgeable in developing custom reports and modifying existing reports using both Actuate and BIRT report designers.

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Maximo Inspection Forms extension for Procurement

Maximo Inspection Forms extension for Procurement

Since the release of Maximo Work Centers, Inspection Forms have gained popularity in the work management circles, however, this powerful tool seems to be under-utilized for Maximo’s purchasing module. The below is an attempt to harness the potential for procurement. A...

What’s new in IBM Maximo version 7.6.1.2

What’s new in IBM Maximo version 7.6.1.2

IBM released Maximo v 7.6.1.2 on July 24, 2020 to bring new and enhanced functionality to the user community of a leading, world-class asset management solution. IBM continues to assist the Maximo community optimise and enhance the performance of their assets while...

An Introduction to the Service Requests Work Center

An Introduction to the Service Requests Work Center

Service Requests Work Center The Service Request tool is used to create service requests, monitor the status of existing active requests as well as view completed requests. You have the ability to create SRs on your desktop computer, laptop computer, or mobile device....

Digitalization, Remote Operations and Smarter Maintenance  

Digitalization, Remote Operations and Smarter Maintenance  

As the effects of COVID-19 continue, it is reasonable to consider that the ‘new normal’ may be with us for some time. To preserve the long-term health of your organization in these unprecedented times, the value of data to inform activities cannot be overstated.  What...

Crew Management using Graphical Scheduling applications

Crew Management using Graphical Scheduling applications

Maximo Scheduler applications have been around for a while, but some great design enhancements and functionalities released by IBM in the recent versions; and the fact that it provides maintenance planning and scheduling capabilities within Maximo eliminates the need...

Sign up to our free newsletter to explore emerging technologies, industry events and Maximo best practice.

Come with BPD Zenith to the future of Asset Management

Listen to your assets!

Most companies are aware of waste in their preventative maintenance efforts, but aren’t quite sure how to eliminate it.