Overview
Automated Logic, a business unit of Carrier (a global provider of sustainable and intelligent building and cold-chain solutions), is responsible for designing, installing and servicing building automation systems (also known as BASs).
The foundation of strong BASs rests on operational technology (OT) that makes modern buildings comfortable and efficient and reduces their owners’ operating costs. This is achieved through sensors that determine the current state of systems and occupants, then send signals to electromechanical equipment to affect the systems they control.
Automated Logic’s BASs are designed around Web Control, a central server that accesses customer networks so it can perform its building automation services. However, that access also presents security risks.
Watch the presentation
Building Credential Management to Scale Business Management
Visit opensourcesecuritysummit.com to find out more about this annual conference.
Challenges of access management
While the need to operate on customer networks and customer infrastructure was non-negotiable, Automated Logic found that it was encountering inconsistent methods of access to customer networks. It had to track shared, individual and service account credentials – all of which had to change regularly due to password rotation. The company also tracked individual credentials associated with its application server and the databases it uses.
Automated Logic goes to market through field offices, which are managed by different sets of employees. The employees had done the best they could to manage the credentials complexity. Unfortunately, the nature of the problem meant the company was still left in a sub-optimal state.
“There wasn’t any consistency in the way these credentials were tracked,” said Ed Horn, software product manager with Automated Logic. “Credentials were generated that were either predictable or outright reused. Most people can recognise that state of affairs carries with it a very specific and worrying set of risks.”
Adds Horn, “As a service business, our ability to gain access to customer systems and be able to make fixes or updates is critical to our success as a business. Having credentials in the hands of individuals, so only they have access, or having credentials that are poorly managed or inaccessible - that was enough to keep us up at night. So in an effort to ensure that access was reliable, the credentials were often created to be predictable. People who had legitimate business knowledge of these credentials would have knowledge of credentials for new customer sites and new installations, regardless of whether or not a legitimate business need had elapsed. And that is not a great situation.”
Solution requirements
The leadership team at Automated Logic realised it needed a solution to its access management challenges. The solution they landed on was a password vault solution - specifically, Bitwarden.
Ahead of selecting Bitwarden, the team developed a list of requirements for their optimal password management vault. Those requirements included:
Multi-device access
Single sign-on integration
Secure method of sharing credentials and notes
Centralised management
Credential autofill in Chrome and Edge browsers
Automated Logic conducted extensive research as it sought to identify the password management vault solution best suited to meet its needs. The team visited support forums (including Reddit) and read feedback on social media before narrowing down its list to two partners. Automated Logic then engaged in comprehensive and thorough pilots with both solutions in order to make its final decision. Piloting the solutions was advantageous for many reasons, not least because it gave Automated Logic employees the ability to test out both options. Ultimately they decided to select Bitwarden as their password management solution, having landed on four compelling factors:
User preference
Admin preference
Technology/reliability
Partnership with the solution provider
“In summary, it really all came down to a few things,” said Horn. “It’s user preference - that’s obvious. It's an admin and management preference, so how well it fits with your business. And certainly the thing everyone thinks about is, is the technology right? Does it fit? But truly, at the end of the day our selection came down to partnership. And it was really about selecting a business partner to move us forward in our quest for better security.”
"At the end of the day our selection came down to partnership. And it was really about selecting a business partner to move us forward in our quest for better security.”
Get started with Bitwarden
Ready to get started with Bitwarden? Sign up for a free Bitwarden account, or register for a 7-day free trial of our business plans to help keep your business and team safe online.