Our Commitment to Security
We take the security of your operations very seriously. SDA was built from the start using design principles to ensure security, availability, reliability, and data protection.
Security Is in Our DNA
Your factory floor’s operational technology (OT) requires high standards for reliability and security. Software Defined Automation prioritizes security as a fundamental aspect of our solution, which is why we employ a framework for a zero trust environment with a layered defense model built on AWS.
Our state-of-the-art role-based access control (RBAC), secure networking capabilities, tenant isolation, and data protection practices ensure your privacy and security. Our operational practices enable us to target 98% uptime for our services.
Delivering Peace of Mind
OT Cybersecurity
Service Reliability
Data Protection
Single Pane of Glass
Audit logs
Maintain a detailed record of activities for accountability, security, compliance, and troubleshooting.
Role-based access control
Manage user permissions integrated with centralized identity management for easy onboarding, offboarding, and time-based access grants.
Session recording
Record IDE sessions to keep an audit trail of sensitive changes you or your external providers make.
Secure Remote Acces
Provide a secure connection to your OT devices from anywhere in the world.
Approval workflows
Enforce the four eyes principle out of the box to reduce risk.
Vault
Automate password protection and management for connected devices.
Secure Design
Secure tenant isolation
Service reliability
- Highly available public cloud (Amazon Web Services (AWS)) facilities in different regions and Availability Zones enable reliability and scalability.
- Highly available public cloud (Amazon Web Services (AWS)) facilities in different regions and Availability Zones enable reliability and scalability.
- Infrastructure as code (IaC) deployment with backups can be used to resume operations in a secondary region in the event of an outage of an entire primary region.
- Disaster recovery mechanisms in place to resume operations in a secondary region in the event of an outage of an entire primary region.
Data backup and recovery
Secure and limited access to data
- Cloud only (no physical) access to data—the underlying infrastructure is secured by AWS as part of its shared responsibility model.
- Cloud only (no physical) access to data—the underlying infrastructure is secured by AWS as part of its shared responsibility model.
- Full control over access at the project level, with ability to enable temporary third-party access as needed and a complete audit trail.
- Role-based SDA access limited to reliability engineers for maintenance and account operations management.
Secure network traffic and storage
- All network traffic as well as all data stored in the cloud are fully encrypted at rest and in transit.
- All network traffic as well as all data stored in the cloud are fully encrypted at rest and in transit.
- Browser-based Engineering protects against malicious software and minimizes exposure of sensitive information.
- Connectivity service allows for on-demand creation of secure VPN tunnels to a gateway on the shop floor only when needed.
Architected With Security and Scalability in Mind
Web console
Authentication
Users can authenticate via SSO (including but not limited to OIDC and SAML2.0 protocols). Organizations have full contro…
Users can authenticate via SSO (including but not limited to OIDC and SAML2.0 protocols). Organizations have full control of user permissions. Temporary, granular access control for third parties is also possible.
Show lessAPIs
SDA provides a comprehensive REST API to enable integrations, built on AWS API Gateway.
Encryption
SDA encrypts all data in transit and at rest using TLS v1.3 and AES-256.
Version Control
Version Control provides secure storage, versioning, and auditability of PLC source code changes.
Local client
SDA’s local client provides near real-time code check-in, check-out, and synchronization, establishing the cloud a…
SDA’s local client provides near real-time code check-in, check-out, and synchronization, establishing the cloud as the single source of truth, even for on-premises engineering integrated development environments (IDEs).
Show lessBrowser-based Engineering
You can stream specialized engineering IDEs running on Amazon EC2 instances using NICE DCV directly in a web browse…
You can stream specialized engineering IDEs running on Amazon EC2 instances using NICE DCV directly in a web browser to create and edit projects and commit new versions to the Version Control repository.
Show lessConnectivity
SDA connectivity uses a message broker to establish a short-lived, on-demand virtual private network (VPN) connection…
SDA connectivity uses a message broker to establish a short-lived, on-demand virtual private network (VPN) connection to a gateway running SDA Agent VPN Client. These connections happen through AWS IoT Core.
Show lessDeployment
Secure connectivity enables seamless deployment of projects to remote PLCs from various vendors with Automated Ba…
Secure connectivity enables seamless deployment of projects to remote PLCs from various vendors with Automated Backup (API) or the Browser-based Engineering graphical user interface (GUI).
Show lessAutomated Backup
Automated Backup provides code integrity checks and backup of PLCs on demand or on a recurrent scheduled bas…
Automated Backup provides code integrity checks and backup of PLCs on demand or on a recurrent scheduled basis. Backup is backed by AWS services, such as Amazon EC2 for vendor-specific installations and Amazon DynamoDB for metadata storage.
Show less