ObjectSecurity’s innovative OpenPMF cloud and/or on-premises product technically enforces powerful security policies effortlessly across what we call generically “interconnected IT landscapes”. These can be desktops and servers across enterprise networks, but often are interconnected device landscapes that are today referred to as IIoT, the Industrial internet of Things.

There are multiple challenges with enforcing security policies for IIoT – in particular, rich and dynamic policies need to be enforced in many industries to restrict information flows to only what is authorized. At a high level, everyone wants to implement the theoretical policy “everyone and everything is only authorized to access exactly what they need for their current authorized task and not more”, but this least-privilege policy of course means different things on many systems, many users, many kinds of information etc.

The IIoT is complicated

Technically implementing policy for IIoT is complicated by the fact that IIoT landscapes frequently evolve/change, and the policy implementation solution needs to be able to handle that. Another complication is that IIoT landscapes are usually very heterogeneous, that is there are many different kinds of devices and applications. The policy implementation solution needs to be able to handle that as well.

OpenPMF these challenges  through a unique “security policy automation” approach that allows users to very policies intuitively, using a natural language editor and a graphical editor. To be able to generate the numerous detailed technical rules and configuration, OpenPMF imports and analyzes information about the IIoT landscape that needs to be protected, gathered from available sources such as user/role/key information, network traffic patterns, configuration files (for systems, applications, firewalls etc.). OpenPMF then intelligently analyzes how the authored policies can be technically implemented for the particular IIoT landscape, and generates the technical rules and configurations. In the process, OpenPMF formally teststhe policies, and produces reports and visualizations for users. OpenPMF includes runtime security enforcement software for numerous platforms, and can export configurations into third-party features and products (e.g. on IIoT devices).

OpenPMF Security Policy Automation

OpenPMF’s policy automation approach is ideally suited for “machine-to-machine” environments where it is often clearer what each device should have access to or not and how it talks to other devices for what purpose. This is often not so clear in parts of enterprise/office environments where desktop computers are used for many purposes and users have a lot of flexibility as to what information they receive or send (unless information exchange is controlled through certain collaboration/ERP/EMR etc. products. Some of the areas we have used OpenPMF for IIoT for include intelligent transport, medical devices, air traffic management, supply chain, CCTV/surveillance etc.