One of the world’s leading authorities on Industrial Internet of Things (IIoT) platforms is urging more companies to explore the potential of Software as a Service (SaaS) platforms to protect their businesses and assets.
Steve Dertien, EVP Chief Technology Officer at PTC ®, pointed to the recent global Apache Log4j 2 security breach as the perfect example of how quickly providers can react to a potential attack if they are embracing SaaS technology.
The company was able to overcome the open-source vulnerability attack in just three hours, mitigating severe issues for every customer using products that run on Atlas TM, its SaaS platform.
This tight response time was only possible because, in the world of SaaS delivery, everything is highly automated and built to scale efficiently. Software is updated with no effort on the part of the user, and this also means that when critical security or software issues are found, no manual intervention is required at the customer’s site.
PTC engineers discovered the Log4j 2 vulnerability issue early on Friday morning and in just three hours the remediation had been pushed to Atlas.
A few hours later the Onshape® team had surveyed their entire service and were confident there were no exploitable vulnerabilities and no risk to customer data.
“After completing the update, we began analysing our systems to determine whether the systems had been successfully exploited before the remediation,” continued Steve, who has been with PTC for 22 years.
“We found no evidence of any success but plenty of telemetry showing the growth of interest in exploiting the vulnerability and evolving signs of sophistication.”
He concluded: “SaaS technology is well-known to cut application costs and we now have plenty of evidence to suggest its architecture offers excellent protection against potential security breaches.
“The latest episode gives us even more motivation to refactor all of our products onto Atlas as soon as it is feasible to do so.”
“Until then, we still have a critical responsibility to partner with customers to secure ourselves collectively.”
PTC has created the Log4J action centre, which will guide its customers through the next steps they need to take to secure their business for all the software solutions they are managing.
Given the severity of this issue and how it is being broadly exploited in the world it is essential for everyone to remediate and secure all their systems.
To access this resource, please visit PTC Response Center Log4j 2 Vulnerability