Keep your data secure

 

groov RIO helps you build a secure system for data communications

Traditional control and SCADA systems seldom manage security. Their proprietary networks and protocols may keep out those who don’t know the system. But their data stays locked inside, unable to be used to improve processes, demonstrate compliance, or inform business decisions—unless it goes through an expensive maze of PCs, PLCs, and middleware. 

New edge I/O products like groov RIO unlock that data and make it readily available by incorporating open standards from both automation and information technology fields. Open standards and connection to the internet, however, magnify the need for system security and data integrity.

How does groov RIO help you keep devices and data secure? By:

  • Giving you control over user accounts for authentication
  • Encrypting data
  • Incorporating a configurable device firewall and security certificates
  • Offering VPN access
  • Including MQTT for more efficient and secure data communications

User accounts and authentication

Security starts when you first connect to groov RIO through your web browser. groov RIO has no default login, so you must create your own Admin account in order to access RIO. The username and password for this account are secure, and there is no way to retrieve them. 

If other authorized people need access to your groov RIO, you can create additional user accounts for them, assigning or denying access to individual features (for example, the Node-RED editor) for each account. groov RIO requires user authentication whenever someone tries to log in.

Data encryption

Out of the box, groov RIO uses HTTPS to encrypt all communications. Your connections to groov RIO from your computer or mobile device are encrypted, as is the data RIO communicates to on-premises or cloud-based software, systems, and services.

When you use Node-RED to create data flows or enable MQTT to upload data to an MQTT broker, you can choose to use either non-encrypted or SSL/TLS-encrypted data. For security, choose SSL/TLS encryption.


 


Configurable device firewall 

Networks typically have firewalls. While they protect the network, they also inhibit the flow of data between networks (for example, between your company network and an internet service).

Individual devices with their own device firewalls provide more flexibility. Used with a network firewall, they can reduce the need for protections at the network level (keeping the network more open) or provide another security layer. Used without a network firewall—for example, on a factory floor—they help secure the device and its data.

groov RIO’s device firewall gives you control over which ports are open for incoming connections to the services listening on each port number. For example, you should disable the ports of unused protocols.

Security certificates

Out of the box, groov RIO uses a self-signed security certificate to verify the groov RIO’s identity to other devices. You can also choose to upload security certificates from your IT department or a certificate authority. 

VPN access

groov RIO offers support for virtual private network (VPN) access to the unit. As an OpenVPN client, groov RIO can offer authenticated remote access to its data over a more secure, virtual point-to-point connection.

MQTT 

Using MQTT’s publish/subscribe data communication method reduces security concerns by using outbound, device-originated connections only. That means groov RIO always originates the connection to the broker, eliminating open inbound ports in firewalls. Once the connection is established, data can travel in both directions.  


Questions?

Contact an engineer today

Learn more

Questions? Contact an Opto 22 engineer.

Order Now!