Through the eyes of our security officer
What does our security officer do exactly? And what drives him to make our products more secure every day? We interviewed Dylan Eikelenboom, security officer at IXON, to find out everything about the work and responsibilities of a security officer.
Making systems more secure every day
The demands and attention for cybersecurity triggered Dylan to take responsibility for the technical part of the IXON Cloud and integrated cloud connectors. From a cybersecurity perspective, the SaaS platform and the hardware can be seen as a big wall that holds back unwanted guests.
The main task and responsibility of Dylan are to “find holes in the wall and limit the risks”. Every system contains possible security risks, like outdated software and vulnerabilities. Dylan’s task is to track these holes and close them. Mainly through recording, assessing and testing the technical side of safety.
“Protecting and securing our cloud platform is always an arms race”
To keep up, our security systems monitor actively for vulnerabilities and Dylan follows publications of issues and checks if these are relevant for IXON. If the issue is determined as a risk and could harm our platform, a solution is scheduled for our developers.
The ISO 27001 certification and external parties help us in identifying possible risks. Working with our partners keeps us sharp and gives new insights to improve. “We and our partners monitor and scan our systems constantly to prevent security breaches.“
Dylan’s average day consists of checking security reports, advising on possible security issues during the R&D scrum standups, optimizing the security guidelines and testing software before it is released.
Another part of Dylan’s job is sharing his knowledge and answering security-related questions from our customers or their customers. “To make it understandable for everyone, we have bundled all our measures in our security whitepaper.”
Dylan publishes articles about securing the cloud and he spends time presenting about cybersecurity for groups in different industries.
“Cybersecurity is like bats hunting moths”
Since Dylan studied Biology before moving to IT, he always has some interesting Biology facts ready: “There are many parallels to be drawn between cybersecurity and biology, especially the concept of the evolutionary arms race. In nature, there are species of bats that hunt insects using echolocation. Some types of moths, a favourite prey of many bats have evolved to sense the echolocation the bats send out, and are able to fly away in time,” says Dylan. “As a result, these bats have stepped up their hunting game and are able to catch even fleeing moths. Fascinatingly, recently it was discovered that there are even types of moths that can ‘jam’ the bats’ echolocation, so the bat cannot ‘see’ them” he continues.
The idea of cybersecurity is staying ahead of hackers by applying the best systems, techniques and using industry standards. As a result, the hackers create other and better attack methods and we need to respond to that to stay secured. “This way you stay in an endless arms race, and that occurs everywhere in evolution.”
“It changed the way I look at software code”
Preventing hackers to enter the IXON Cloud is Dylan’s main concern. “If a hacker gets in for some reason, they can access your data.” To prevent this, Dylan looks through the eyes of a hacker: “How can I abuse this piece of code to penetrate further into our systems.”
With his background in Biology and his experience with software engineering, Dylan needs to solve issues and find alternative options to get the job done. This advantage makes him think like a hacker more easily. “It changed the way I look at software code,” thus Dylan.
Common questions for a security officer
The IXON Cloud is widely applicable but mostly used in industrial automation and the building automation industry for industrial remote access and data features. This could be a system integrator, a small machine builder or a large enterprise. “That’s why questions vary from concrete questions from an engineer about a security measure to a manager who wants a 100% security guarantee. Since a 100% guarantee is never possible, it can sometimes be hard to convince them.”
It’s Dylan’s job to answer security-related questions and advise our customers on how to market our products to their customers, taking away any security concern they may have. The tricky part is when a customer has checklists with mandatory requirements that are not applicable to our products, or that we have solved in a ‘better’/’different’ way. If you answer ‘no’ or ‘not applicable’ to most sections of the checklist, they will pass on our product. “Then we need a good explanation because they might not know what the requirement means in detail.”
Protect all data and systems with security processes
“Can a hacker access our data and where is our data stored?” These are two of the most frequently asked questions about security, says Dylan. To protect our systems, IXON implemented several security processes. We are fully prepared when something suspicious occurs. First, our core team will be informed about the possible risk. They make a plan of action and will stop the attack before it harms any system. Then a solution will be implemented to prevent future attacks. “Fortunately, we hardly find ourselves in this situation”.
Prior to launching software releases for the IXON Cloud platform and firmware for the IXrouter (edge gateway) and IXagent, a lot of tests are performed by the R&D team. Systems tests, code reviews and unit tests are part of the general software development process. “No software release is published before all possible risks are excluded,” says Dylan.
Working with industry standards
Another part of Dylan’s job is to comply with the ISO 27001 certification and other industry standards. An example of an industry standard is the TLS 1.2 security protocol. When this became the new standard, all IXON systems were updated to meet up.
The Open Web Application Security Project (OWASP) is a mindset which all IXON developers apply to their code. “OWASP is applied in our R&D team to design software secure and create reliable applications.” It helps to apply security rules from the start.
“As the standards keep changing, there is always work to update outdated software and embrace new industry standards for making a better and safer cloud environment. This makes my job varied and very interesting,” says Dylan with a smile on his face.
Goal: “No security incidents”
IXON relies on the expertise of the development team and its partners, and their drive to optimise the IXON Cloud platform constantly: Delivering a reliable, secure and fast Industrial IoT platform worldwide. “No security incidents is our main priority”, thus Dylan.
“Our second goal is no downtime for our customers”, continues Dylan. Achieving these two main goals is always at the forefront of Dylan and IXON’s R&D team. “Ensuring 100% uptime is difficult to achieve, but we are working hard to make all systems redundant and reach our goal of 99,9% uptime,” thus Dylan.
Read all about IXON’s security and the IXON Cloud infrastructure in our security whitepaper.
If you have any questions about our security you can send an email to firstname.lastname@example.org.