Manualshelf

User Manual

ManualsBrandsSiemens ManualsBuilding automationBuilding Operator Engineering Guide
10111213141516171819
Customer Operation Best Practices
6
A6V11852371_en_h
15 | 19
6 Customer Operation Best Practices
It is well known fact that most cybersecurity breaches originate due to internal
employee/contractor in an organization doing something either they were not
supposed to do or they fail to do something they are supposed to do, or both.
Listed below are some of the best practices from a customer management and risk
mitigation perspective to ensure cybersecurity risks are identified and mitigated.
Remote Web Client
Users must keep the web browsers and operating system updated on their
client devises (PC, tablet, mobile) to mitigate security vulnerabilities.
Cloud Application
Recommend no more than two Administrator accounts for one Building
Operator subscription, and tasks should be limited to managing users and
subscriptions.
Administrators should never share their login credentials.
When inviting users to Building Operator, use the least privilege principle, that
is, individuals are invited with roles reflecting the needs of the organization
Remove/update user accounts as soon as user is no longer associated with a
company or their role in Building Operator.
Refer to the Building Operator User Guide for Roles and Authorization.
Always logout of your session once you finish using Building Operator.
On-premise IT/OT network and Connect Device
Ensure Connect device installation follows the Building Operator Engineering
Guide and chooses the right network configuration option.
Ensure Connect device is installed in a physically secure area where access is
restricted, that is, access, power or network cable cannot be tampered.
Administrator credentials for Connect Device should not be shared.
Administrator credentials for Building Operator Discovery, required for
provisioning points and alarms, should only be shared as needed.
Ensure correct configuration on the Connect device to access web
applications.
Security is a shared responsibility and as with any solution that encompasses
cloud application and IoT/On-premise connected devices, customers play a key
role in keeping their systems secure. Keeping your systems up-to-date and
employees educated is key to mitigating cyber risks.