By Mike Bacidore, Managing Editor
Any IT department worth its bandwidth has built a wall of security that keeps its data communications secure and reliable. So vital is this network that many IT professionals have been known to stack whatever they can findchairs, desks, any paper documentation, unpaid speeding ticketsinto a large pile, creating a protective barrier around the network, and set it ablaze. Thats what a firewall is, right?
OK, we all know that the firewall is not actually a burning heap, designed to scare away would-be network assailants. It is a defensive boundary that doesnt allow destructive elements, whether they are fire or corporate hackers, beyond it.
Bully for you, IT.
The conflict arises when IT security must be compromised to accommodate things like remote diagnostics or troubleshooting of machines. Experiencing operational downtime is like watching revenue go up in smoke, so the more quickly a machine builder can determine a machines woes, the earlier the flames can be extinguished.
In 2005, we surveyed our audience and discovered that 38% had incorporated Web-based remote monitoring on installed machines. Of the respondents who said they hadnt, the biggest hurdle (26%) was that customers wouldnt allow them through the firewall.
Fast forward to 2008 with the same set of survey questions. We see a 10% increase in the number of participants who have already incorporated Web-based remote monitoring. But whats interesting is that the portion of machine builders blaming their customers firewalls also increased, from 26% to 33%. While these surveys arent scientific, the results confirm that IT is on increased alert for potential security breaches.
In mid-size enterprises, 61% reported a hacker or unauthorized intrusion of a user machine, network or server over the past year, according to the fourth annual IT security study by Amplitude Research. This was a significant jump from the 49% that reported an intrusion in the previous year. So, with IT throwing gasoline on its great wall of fire to keep the villains out, whats a machine builder to do?
One company, Wilmington Machinery, Wilmington, N.C., learned how to be fireproof when it needs to be.
Wilmington recently shipped a high-speed rotary blow-molding system that produces 8-oz, six-layer plastic bottles at a rate of more than 12,000 bottles/hour. The production line involved three different suppliers of equipment, all with Web-enabled Ethernet connection, which were integrated by Wilmington. At our customer facility, these machines are connected to the customers network, says Jeff Newman, vice president of sales and marketing at Wilmington. This customer has one key processes engineer who is responsible for the process and machine uptime. The connections allow the engineer to monitor the machine 24/7 from his house or from his office. In addition, our engineering team can make suggestions for process improvement and maintenance issues to minimize downtime. This allows us and the customer to conduct remote diagnostics including making changes to the program and the process set points.
This application involved considerable discussion in the design phase, due to the risks brought on by making changes without being at the machine, explains Newman. We only monitor the machinery when the customer allows us access and when the process engineer is at the machine, he says. We do not make remote changes without the process engineer being at the machine. The firewall was another issue. Their IT department was reluctant for us to have access through the server. There were discussions about bringing in a third-party Internet line that bypassed their server and only plugged into the machine when we needed access.
In the end, the decision was made that if Wilmington needed to access the machinery, the customer would give a code that was good for several hours and then would expire.
Newmans team also had to reprogram the machine with the IP number. A few additional steps, to be sure, but a creative solution that enables remote diagnostics and maintains security of the enterprise network. Is that what they call friendly fire?