One of the world’s leading authorities on Industrial Internet of Things (IIoT) platforms is urging more companies to explore the potential of Software as a Service (SaaS) platforms to protect their businesses and assets.
Steve Dertien, EVP chief technology officer at PTC (pictured below), pointed to a recent global Apache Log4j 2 security breach as the perfect example of how quickly providers can react to a potential attack if they are embracing SaaS technology.
The company was able to overcome the open-source vulnerability attack in just 3hr, mitigating severe issues for every customer using products that run on its PTC Atlas SaaS platform.
This tight response time was only possible because, in the world of SaaS delivery, everything is highly automated and built to scale efficiently. Software is updated with no effort on the part of the user, and this also means that when critical security or software issues are found, no manual intervention is required at the customer’s site.
PTC engineers discovered the Log4j 2 vulnerability issue early on Friday morning and in just 3hr the remediation had been pushed to Atlas. A few hours later PTC’s Onshape team had surveyed the entire service and was confident there were no exploitable vulnerabilities and no risk to customer data.
Mr Dertien, who has been with PTC for 22 years, said: “After completing the update, we began analysing our systems to determine whether the systems had been successfully exploited before the remediation.
“We found no evidence of any success but plenty of telemetry showing the growth of interest in exploiting the vulnerability and evolving signs of sophistication.”
He concluded: “SaaS technology is well-known to cut application costs and we now have plenty of evidence to suggest its architecture offers excellent protection against potential security breaches.
“The latest episode gives us even more motivation to refactor all of our products onto Atlas as soon as it is feasible to do so. Until then, we still have a critical responsibility to partner with customers to secure ourselves collectively.”
PTC has created the Log4J action centre, which will guide its customers through the next steps they need to take to secure their business for all the software solutions they are managing. Given the severity of this issue and how it is being broadly exploited in the world it is essential for all businesses to remediate and secure all their systems.
To access this resource, please visit www.ptc.com/en/documents/log4j
PTC Response Center Log4j 2 Vulnerability.
PTC, Atlas, Onshape and the PTC logo are trademarks or registered trademarks of Parametric Technology Corporation and/or its subsidiaries in the USA and other countries.”