Energisme has reduced the risk of data loss with advanced cloud architecture security
Richard Humphreys |
Paris-based internet of things (IoT) services provider Energisme has created a piece of software that allows companies and local authorities to take control of their energy expenses.
Hosted on the Microsoft Azure cloud, and powered with artificial intelligence (AI), the platform collects and aggregates all types of energy data (such as water, electricity, gas, temperature, heat, cold, steam and wood) coming from heterogeneous sources such as invoices, contracts, smart meters and sensors. This data is then standardised and rendered via multi-level and multi-role dashboards. Energisme then provides its global customers with predictive modelling tools and an ecosystem of partners to anticipate and optimise their energy consumptions. These customers include industrial corporations, hotel groups and real estate management companies.
Protecting business-critical data is of paramount importance for these firms. With this in mind, Energisme wanted to strengthen the security of its complex IoT server architecture, protect client data and enhance regulatory compliance, address any concerns about the risk of data loss and mitigate the threat of remote code execution (RCE) cyber attacks – vulnerability in web applications that allows attackers to run code of their choosing with system level privileges.
“It was critical that we strengthened server security to protect our users and customer data. Any breach of this data was unthinkable,” said Cyril Hommel, Energisme’s vice president of business development. “We were worried about the increasing threat of RCE attacks. So, we needed to upgrade our firewall solution to bolster attack mitigations. Client trust in how we protect their data is crucial, so we also needed a solution that better supported our compliance with GDPR regulation and global information security standards.
“Managing VNet peering was also a big challenge. At the time, Azure global peering was not yet available to our team. We had to connect all of our global, virtual machines to European servers using VPNs, which were both costly and had data latency issues.”
The business knew that it needed to take action to shore up the security of its complex IoT server architecture. Energisme turned to the expertise of its IT security partner Infinigate to find a flexible high-performance firewall solution that could be accessed via Azure Marketplace. Infinigate suggested Microsoft partner Barracuda – a company providing security, networking and storage products.
Barracuda responded immediately to the request from Energisme. Its team embraced the challenge and identified what was needed to meet the company’s complex requirements. Crucially, these included the creation of various user defined routes (UDR) and subnets so that virtual network connections (VNet peering) could be deployed between regions.
This made the decision to go ahead that much easier. “Our aim was clear: to find a security solution that could be deployed immediately and that could be accessed via Azure Marketplace. In this respect, the Barracuda solution was exactly what we needed,” said Hommel.
Deployment was seamless and implementing the solution has made an immediate impact. Advanced cloud architecture security means that client data, which is critical to Energisme’s operations, is protected and the risk of data loss has been alleviated.
The business also has assurance that this data protection complies with the regulatory requirements of ISO 27001 and GDPR. “This gives our clients the confidence that they will continue to receive a service they can trust. From the outset, all of the work completed by the Energisme team was completely secure and customers also benefit from improved continuity of services,” said Hommel.
Energisme now uses servers deployed on Azure platforms across multiple continents. The Barracuda solution was installed on the European servers in collaboration with the company CVC-IT.
Barracuda’s firewall solution also features common vulnerabilities and exposures (CVE) libraries which are updated daily, and its business is protected against all types of RCE attacks. “Our server architecture is as sophisticated as our clients’ network of sites,” Hommel concluded. “Together with our contacts at Barracuda, we have made great strides to simplify and unify our information security.”
This article was originally published in the Winter 2019 issue of The Record. Subscribe for FREE here to get the next issues delivered directly to your inbox.