The cloud holds tremendous potential for critical infrastructure organizations. Aggregating and analyzing operational technology (OT) data in the cloud enables organizations to detect performance issues, schedule device maintenance, and fine-tune operations in ways that would otherwise not be possible. But tapping into that potential is not always easy.
Sending OT data to the cloud requires, by definition, that devices be connected to an external network, and external connections create security concerns. The technology needed to secure those connections—allowing data to flow out, without providing a pathway back in—has traditionally been expensive, or flawed, or both. These shortcomings have led many organizations to give up on the benefits of cloud services.
With Owl’s low-cost, easy-to-deploy DiOTa, secure OT-to-cloud connections are finally possible on an enterprise scale. Diota provides a hardware-enforced, unhackable one-way path for OT data, without the recurring costs, administrative burdens, and inherent weaknesses of software-based firewalls.
Cost effective one-way security
There are two general categories of solutions for enforcing one-way data flows: software-based firewalls and hardware-enforced data diodes.
Firewalls are simply not a viable option for securing OT systems, because they’re built on commercial-grade platforms that require constant patching and introduce new vulnerabilities wherever they’re implemented. The ongoing cost of maintaining firewalls for dozens or hundreds of connected devices can easily outweigh the business value of the connections themselves.
Data diodes, on the other hand, are industrial-grade solutions that provide a deterministic, one-way path for data. Diodes provide no possibility for malicious code to travel backward from an external network to a connected device, and can operate for years without the need for maintenance of any kind.
Owl’s data diode solutions are widely deployed across the globe in critical infrastructure operations, often supporting multiple protocols and connections at once, allowing organizations to control the flow of data between networks and systems. But as the industrial internet of things has expanded, a new need has emerged: a simple way for organizations to connect devices to the cloud, one device and one protocol at a time.
DiOTa provides exactly that: hardware-based security that can be deployed in less than one hour, for only a few thousand dollars per device. DiOTa provides more reliable protection than any software-based firewall, and requires zero ongoing maintenance. And while firewalls require tedious configuration by specialized personnel, DiOTa provides a simple setup wizard that requires no specialized skills or security experience.
With DiOTa, critical infrastructure organizations can take full advantage of the cloud’s capabilities, without putting their devices and networks at risk. Even traditionally off-limits devices such as safety systems can be safely connected the cloud, at a fraction of the cost of any comparable solution.