THE BPD Blog

From blogs to case studies to news, we love sharing our tips and tricks for asset management, cloud, IoT and smarter operations.

by | Apr 24, 2020

Security Enhanced Maximo for Sensitive Asset Management Data

One of the biggest problems faced with the accelerating pace of applications moving to cloud based infrastructure is security. When an application is internal or only available over an intranet there is additional security in place by default, as only authorised users will have access to that network. With a cloud-based application this layer of security is no longer available. This places even more importance on the User’s Password.

Is a Password Policy enough to secure your data?

If a Password Policy is not enforced by your organization, the majority of users will not use a strong password. Even with a Policy in place (which might require upper case letters, lower case letters, some numbers and a special character), users will simply add something wholly predictable like “123!” to the end of their weak password. To make matters worse, this password is likely used for all of the user’s credentials! This means the password doesn’t have to be stolen from the cloud-based application itself, if it is acquired from elsewhere – the cloud-based application may be at risk.

Troy Hunt one of Microsoft regional directors and the creator of the website have I been pwned? said, “The only secure password is one you can’t remember”. His Web Application highlights this brilliantly. I recommend opening this application and entering one of your personal email addresses, this website will then search through a database of password lists which have at one time or another been available on the dark web and will show you which accounts have been compromised.

Now it may be that recently you have started using a password manager, so you now have strong unique passwords for all your logins for all websites and applications you use. Great stuff – your personal online security is hardened! However, with a cloud hosted web application there is no guarantee that all or any of your users are using strong passwords and may actually still be using passwords which have been compromised and sold.

A Secure Solution that works for Asset Management?

The solution here goes back to Troy’s quote – force the users to use a password they can’t remember! This approach can be implemented using Two Factor authentication. As well as having to enter a Password, the users are forced to enter a number which is unique to them. They can’t remember this number as it changes every 30 seconds.

A lot of the bigger sites and applications have already implemented Two Factor Authentication, although they leave it as an optional setting in your account. Take Gmail’s 2-Step Verification for example. First, you’ll enter your password as usual when you sign in. Next, a code will be sent to your phone via text, call or app. Or, if you have a Security Key, you can insert it into your computer’s USB port. If a bad guy hacks through your password layer, they’ll still need something else to access your account.

Other providers may send you an SMS with a onetime password or code which expires after a short period of time or may even have an automated service call you with a onetime code. A lot of banking services send out fobs which generate one-time passwords required when logging in. All these methods use a one-time password in one form or another to help protect the data they are responsible for as well as the user’s privacy.

For some organizations, especially where asset data is particularly sensitive, Two Factor Authentication would be an ideal solution to add that extra layer of security – and peace of mind.

Locking down Maximo EAM with Two Factor Authentication – SEMaximo

I have built a framework which allows Maximo Administrators to set up user access using a Two Factor Authentication system. I have called it Security Enhanced Maximo (SEMaximo).

~ Checkbox from the User Application “Use TFA”, when this is checked the user is forced to setup TFA/MFA on their next login ~

SEMaximo makes a checkbox available in the Maximo Users application which when checked will present the User with a QR Code at next login – this is used to setup and sync Google Authenticator on their device.  They will be logged out of Maximo, then every time they log in from that point on, they will have to enter a generated number from the Google Authenticator application on their phone – as well as their Password.

 

~ The next time they login, they are presented with this QR Code and instructions for setting up MFA. Once set up, click return to login page. When they login they now have 3 boxes: normal user name, password and the MFA code generated on their device ~

The SEMaximo framework also allows E Signature to be configured to require two factor authentications for running tasks like Database Configuration or Switching Admin mode on and off.

SEMaximo Two factor authentication has be configurable on an Account by Account basis because not all accounts will be able to use this method of Two Factor authentication (we can assist with alternatives). Integration service accounts for example won’t always be able to use Two factor authentication but this is different to a user account as the system administrator has control of that password and can guaranteed it to be strong.

This extra layer is substantially more secure than the first, so together they offer a tight, secure Asset Management solution! With SEMaximo in place, as with all security measures – it is then up to Maximo administrators and users to implement these security enhancements and ensure asset information and data is never compromised!

We’re aiming to build Two Factor Authentication into the Maximo Integration Framework (MIF) further down the line for any integrations which may be able to make use of it.

BPD Zenith offer SEMaximo as an add-on Solution for Maximo. If you’re interested in the solution, or would like more information about it, please get in touch!

Chris Brown

Chris Brown

As an Engineer, Chris is one of BPD Zenith’s most experienced developers. With over 10 years of in-depth technical experience, Chris is the most certified member of the UK team, specialising in Maximo versions 4 to 7.6, Tivoli Process Automation Engine, DB2, SQL Server and Oracle DBA. Chris can develop custom applications and extend the functionality of standard Maximo applications using both the Maximo Application Designer and the Java programming language to meet client requirements. He is knowledgeable in developing custom reports and modifying existing reports using both Actuate and BIRT report designers.

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

9 Recommendations For A Successful SAP & IBM Maximo EAM Interface

9 Recommendations For A Successful SAP & IBM Maximo EAM Interface

Integration is often a key component for getting the most out of your critical IT applications. Modern Enterprise Asset Management systems such as IBM Maximo are designed for integration which can expand their capabilities and allow the flexibility that the industry...

Reinvent the Wheel with BPD Zenith’s Maximo Accelerators

Reinvent the Wheel with BPD Zenith’s Maximo Accelerators

I was recently involved in preparing a business case for a Maximo implementation, and as a part of process I spent considerable time analyzing and evaluating the best approach. In essence, I was trying to find the optimum balance between minimizing the length of the...

Defence Seaworthiness – A session from AMPEAK 2021

Defence Seaworthiness – A session from AMPEAK 2021

I recently got the opportunity to attend Asset Management Council of Australia’s AMPEAK conference. It has been a great experience interacting directly with the true practitioners of Asset Management, and understanding some of the technology challenges that they are...

How to call a Report directly from the Action Menu in IBM Maximo

How to call a Report directly from the Action Menu in IBM Maximo

In IBM Maximo, it’s possible to add a direct print option to a report. This adds a printer icon to the toolbar and allows you to run the report with just one click. But for reports where there are parameters required before running, this is not possible… Usually, a user will have to click the “Run Reports” action, then find their report in the list of all reports available for that application. They then click on the one they want before being taken to the IBM Maximo Reports Request page. In this blog I’ll show you how to get around that problem. in our example we use an Action launch point for an Automation Script and link it to a menu item in IBM Maximo Application Designer…

BPD Zenith’s Asset Health Monitoring Solution, LoveYourAsset

BPD Zenith’s Asset Health Monitoring Solution, LoveYourAsset

Throughout the history of mankind, technology has always played a great role in facilitating our lives and simplifying critical challenges for progress in every field, particularly in the area of Asset Management where we are seeing many companies investing in a good...

Sign up to our free newsletter to explore emerging technologies, industry events and Maximo best practice.

Come with BPD Zenith to the future of Asset Management

Listen to your assets!

Most companies are aware of waste in their preventative maintenance efforts, but aren’t quite sure how to eliminate it.