Automated processes enable companies in intralogistics enormous gains in efficiency. However, digitalisation also involves risks: Cyberattacks are on the rise and, in the worst case, can lead to costly downtimes. In order to prevent this, secure networks are essential. System operators are also legally obligated, for example by the new NIS2 Directive and industry-specific compliance regulations, to secure their systems accordingly and make them transparent.

Classic remote access solutions like virtual private networks (VPNs) reach their limits here. For this reason, SSI Schaefer developed a new secure remote access concept, which meets the highest security requirements. Comprehensive identity and access management reliably protects data and ensures compliance with legal requirements. The new solution gives service teams privileged remote access while providing transparency for customers – thereby taking not only information security, but also system availability to a whole new level.

Site-to-site VPNs offer a good deal of security, but reach their limits when it comes to transparency and access control. Whether it is theft of access data, outdated software or compromises in the supply chain – the security risks are manifold. With the help of a new category of remote access solutions, these can be minimized in the future: The Remote Privileged Access Management (RPAM) can reduce risk exposure by up to 50%, according to forecasts by the Gartner market research institute.

RPAM connects a clearly verified identity with strictly controlled access to precisely defined applications or systems. At the same time, the respective end device is checked for compliance with security standards before access is granted, for example with regard to patch level, active virus protection or system configuration. This ensures that only authorized persons with trusted devices can access critical systems – in a fully traceable and temporary manner. This innovative approach is also being used by SSI Schaefer for their new secure remote access solution, which enables the intralogistics expert to provide even more secure and flexible customer service.

Said Admir Sipic, VP Global Head Remote Services: “In contrast to the usual VPN solutions, which, if inadequately configured and lacking segmentation, may allow access to the entire corporate network, our secure remote access offers granular control.”

The connection is established via a centrally hosted, repeatedly secured virtual desktop infrastructure (VDI) including two-factor authentication. The VDI instances are configured uniformly, isolated at the network end and enable targeted remote access to the relevant customer systems – such as for installations, configurations or maintenance.

The supplementary Remote Privileged Access Management strictly regulates access to sensitive systems and data in accordance with the zero-trust principle. Whether it is internal technicians, administrators or external service providers: Only verified identities get access – and only to clearly defined resources, limited to the required minimum. All connections are seamlessly documented and continuously monitored.

Continued Sipic: “In this way, we optimise the information security, create maximum transparency and remain operational at all times.” 

When developing the new solution, one thing was clear to SSI Schaefer: In the event of a malfunction, the connection to the customer must not become a bottleneck. Therefore, a central, hardened and monitored cloud environment was created with the Secure Maintenance Environment, which combines all the components necessary for secure remote maintenance. It is available worldwide and across the entire corporate structure and is not tied to a fixed location – a decisive factor for fast response times. In combination with a redundant system architecture, the solution enables efficient, consistently secured remote support.

Added Sipic: “A site-to-site VPN solution is not unsafe per se – but remains a black box. The connection can be secured, but it is not transparent what exactly happens within the session and what data is transmitted. Our new solution provides much greater clarity in this area, thereby reducing both legal and operational risks.”

Automation solutions in intralogistics are complex and place high demands on information security, not least due to applicable standards and guidelines. In order to meet these demands, SSI Schaefer intensively tested their secure remote access solution in several proofs of concept over several months. The result is a flexibly adaptable security concept, which integrates itself seamlessly in existing processes and meets industry-specific requirements. A central principle here: SSI Schaefer then only gets access to a customer system if this is mandatory, made approved by the customer and explicitly requested. Click secure remote access for more.