Securely connecting production to the cloud

The terms “inbound” and “outbound” are used in various contexts, including call centers (inbound and outbound calls) and marketing (active advertising and cold calling vs. increasing visibility by providing helpful content).

In this article, however, we look at inbound and outbound communication in the context of IT security, more specifically network security. An inbound firewall protects a network from unwanted incoming data traffic, while an outbound firewall prevents unwanted requests from being sent out of a network.

Inbound communication in particular represents a potential security risk: If a network or corresponding ports are opened to inbound traffic and no appropriate security measures have been taken, companies are at increased risk of cyberattacks, malware and Denial of Service (DoS) attacks.

In an industrial production environment, such attack surfaces are particularly critical, as manufacturers are not only transmitting important data but also directly controlling production systems. Attackers could steal data, shut down processes or, in the worst case, take control of machines, devices and software systems.

Cloud computing and network security

Cloud computing has already found its way into industrial production in a number of areas. Many production companies use cloud platforms to centrally collect, store and process production data from different locations, but also to monitor and even directly control various processes.

Yet, communication with third-party cloud services necessarily requires data from local production networks to be transported over the internet in some form.

So how is it possible for data to be exchanged between production facilities and cloud platforms without creating the network vulnerabilities described above?

Outbound communication as the key to a secure cloud connection

Our cloud platform manubes enables communication between local production systems and the cloud without the need to open ports for incoming data traffic. Thanks to the way its edge components work, manubes prevents local production networks from being vulnerable to the outside world.

To connect local systems to the manubes cloud, Edge Nodes are installed in a local network. These are compact applications that (pre-)process production data and transport it to the manubes cloud (see also Edge Computing).

Edge nodes are installed using Docker technology and can therefore be operated on a wide variety of hardware systems, including Windows computers and (Linux-based) edge devices.

manubes Edge Nodes actively connect to the manubes cloud from inside the network (outbound communication). manubes users do not need to configure additional port openings that allow access to the network from outside.

This configuration ensures that potential security gaps in (local) production networks are avoided right from the start.

Conclusion

Cloud applications are firmly embedded in the IT infrastructure of many modern companies. Manufacturers who use cloud platforms benefit from advantages such as scalability, global access and savings on in-house servers and their maintenance.

Nevertheless, IT security is and remains an important issue when integrating cloud services and cloud platforms. Companies are required to consider security issues when researching suitable providers.

The configuration described in this article is just one of many measures to ensure the security and reliability of the manubes platform and its use. You can request the complete security concept on this page.