User Manual
Cloud Security: Provider and Cloud Hosted Application
3
8 | 19
A6V11852371_en_h
both conform with the Federal Information Processing Standard (FIPS) 140-2
standards.
Data Encryption-in-Transit - All Data in transit (e.g. communication to and from
Building Operator cloud application) is encrypted via HTTPS/TLS1.2.
Details on cryptography employed to secure Building Operator cloud data is found
in Appendix A [➙ 16].
Data Privacy
Collected data can be classified into two types - personal data and data generated
by the building’s devices/sensors e.g. temperature values or alarm events. For
Building Operator, all collected personal data complies with European Union
General Data Protection Regulation (EU GDPR), providing control to individuals
over their personal data. The building data is owned by the building owner unless
otherwise agreed in a contract.
Secured Remote Web Access (Tunnel)
One of the features offered by Building Operator is the remote access to on-
premise web interfaces. This enables customers to securely expose web
applications/front ends that run within a building IP network to the public cloud
without opening ports on a firewall or making intrusive changes to corporate
network infrastructure.
Compared to traditional VPN technology, which is far more intrusive because it
relies on altering the network environment, the benefit of the Remote Web Access
feature is that user access can be scoped to a single application endpoint.
Remote Web Client
The recommended browsers for use with Building Operator are Chrome and
Firefox. Building Operator has a session timeout of 24 hours.
Incident Handling
Siemens has processes in place for handing security incidents. In an event where
a cybersecurity threat is suspected or found, immediately contact your local
Siemens customer service or Siemens Computer Emergency Response Team for
products (Product CERT).
More detail on Incident handling can be found
at:
http://www.siemens.com/cert/advisories.