December 22, 2020
Tyler Caldwell, CISSP, Director of Security Operations, Projetech
Maximo handles critical information, such as customer, asset location, maintenance scheduling, and contractual data. If this information is stolen, lost, or compromised, a company would be unable to track and maintain its assets properly, possibly resulting in a major malfunction or shutdown. Stolen financial information can be used to commit fraud.
When choosing a partner for Maximo, companies want to know why they should trust the Maximo provider with their data. What is the technology provider doing to protect their information?
IBM Maximo users need to partner with a technology provider that has the right certifications, can provide a layered security strategy, and protects data in the cloud. The Maximo partner should have a framework of security controls in place that include administrative, technical, and physical controls.
ISO 27001 certification is critical for an IBM Maximo provider. This certification must be renewed regularly and demonstrates that a technology provider maintains strict industry security standards that are internationally recognized for information security management systems.
To attain certification, the provider must undergo and pass a rigorous audit. This third-party accreditation from the International Standards Organization shows that the company has done its due diligence in maintaining a security program.
ISO 27017 certification shows that a Maximo provider enforces cloud security. When working with an ISO 27017 certified partner, your business can feel confident about putting asset management data in the cloud.
A Maximo provider should take a layered approach to security. No single approach to security is adequate. A security strategy should eliminate any single point of failure.
Maximo users need to leverage more than one security solution to protect asset and customer data. Administrative, physical, and technical controls must be in place to create an effective security framework.
A layered security approach uses policies and procedures to cover everything from change management and server provisioning to behind-the-scenes administrative controls, such as network monitoring and alerts.
Other layers may include security information and event management (SIEM) with log management, firewalls, endpoint security controls for malware, and a security operations center (SOC). A SIEM can send alerts and can be linked to threat intelligence systems so that threats can be prioritized and evaluated for authenticity.
Backup and disaster recovery are also part of the strategy. Maximo users want to know what RTOs and RPOs they can expect from a technology provider. They demand that any partner they work with have a robust disaster recovery methodology in place.
Maximo users expect their information security partner to show all the signs of trustworthiness. Security program maturity demonstrates that a partner can be relied upon to protect Maximo data.
Projetech displays all the hallmarks of security program maturity. At Projetech, we have an entire team dedicated to security, including an IBM Champion. We work to earn and maintain industry-recognized certifications, such as ISO 27001 and ISO 27017.
Our layered approach to security leverages leading solutions that handle administrative, technical, and physical security. This suite of security solutions includes next-generation firewalls, SIEM systems and an industry accepted backup and recovery solution.
When looking for a Maximo provider, your company should have information security front-of-mind. Be sure to ask prospective partners questions about the comprehensiveness of their security strategies.
At Projetech, our company mission is to keep our customers secure. We make security a priority by offering a portfolio of solutions that protect Maximo data.
Continuously working to raise our information security game, we have plans to add automation and orchestration to our SIEM solution so we can quickly analyze the millions of data points that go through the system.
Because everything we do is cloud-related, Projetech has earned an ISO 27017 certification for cloud security. We understand that availability is a key driver for moving Maximo to the cloud. With our cloud-based disaster recovery, we can lose a data center and still restore in a short amount of time.
We are more agile than most cloud providers because we are not tied down to legacy equipment. Our hardware is constantly refreshed, and our network connections are redundant and much faster than those of our competitors.
Get more details on Projetech Information Security for Maximo. Access our Security Bundle
3 Reasons Netflix Made Me Think Differently About Deploying a Maximo Solution
If Software as a Service (SaaS) has ever been on your organization’s radar to explore, or do more of, now is the time, especially after experiencing a global pandemic. Like many reading this blog, no one could never have predicted what the year 2020 would have in store for us. I am about 99.99% confident that not one person listed “live through a global pandemic” on their life’s bucket list. And if you are that 0.01%, well your list is shorter.Continue Reading
IBM Maximo Executive Chat | Ray Miciek & Steve Richmond
Check out the latest IBM Maximo executive chat with Aquitas Solutions, Ray Miciek, and Projetech's, Steve Richmond. Topics include the evolution of Maximo users/groups, IoT, COVID-19, and everyday maintenance department challengesContinue Reading