A conversation with Hervé Tardy, Eaton
Hervé Tardy, president and general manager, Distributed Power Infrastructure for Eaton, recently talked with VAR Insights about all things cybersecurity: from what resellers need to know about it to how to help customers deal with cyber threats.
Q: What do VARs need to inform their customers about how to think about cybersecurity in their broader power management strategies?
Tardy: VARs should encourage their customers to consider how power management is evolving with the emergence of IoT – i.e., the emergence of connected devices inside and outside the data center. There’s a growing interconnectedness between IT and operational functions, including backup power systems, that can benefit businesses across a broad spectrum. However, because IoT devices typically include a unique IP address that enables them to communicate and exchange data with other systems, they pose a daunting cybersecurity challenge.
As IoT solutions continue to make their way into IT infrastructures, VARs need to know how important it is to take an end-to-end approach to cybersecurity for their customers. For context on how important cybersecurity is across every access point within a network, consider this: by targeting an overlooked vulnerability in a major retailer’s HVAC unit, hackers were able to access POS devices and steal 70 million client accounts.
As networks continue to migrate off-site and move away from a traditional, centralized IT framework, the threat of cyberattacks will only grow. Server-gateway connections expand daily and the number of devices connected to networks constantly multiply, simultaneously creating more potential targets.
Q: What role does IoT play in advancing power management and how can a VAR use that to their advantage?
Tardy: With IoT innovation, new capabilities are available for organizations to strategically harness the power of connectivity and data sciences to positively impact their operations. In the power management space, companies can now leverage network management cards to connect uninterruptible power system (UPS) devices and achieve exciting new capabilities. With better speed and cybersecurity, these solutions help improve business continuity by providing warnings of pending issues to IT administrators and perform an orderly shutdown of servers and storage.
Another area where major strides have started to take shape in power management is with predictive analytics. Predictive analytics services are significantly getting better about making decisions on their own as they collect more data on thousands of installed backup systems. As preventive maintenance continues to play a major role in power management functions, VARs can work with their partners to shift the model from reactive to proactive.
As a monitoring and management solution, predictive analytics services can help IT managers anticipate the failure of critical components before they occur. With predictive analytics, Big Data, sensors, and algorithms are used to proactively spot issues and notify IT staffs and field technicians when a part needs replacing. By providing insights surrounding existing power management components, these systems help organizations act quickly and prevent expensive emergency repairs as well as complications that could happen if something breaks down.
Q: What can VARs do to help their customers mitigate those cyber threats?
Tardy: As the proliferation of smart, connected devices link together more elements of everyday operations, VARs should commit to being a proactive participant in addressing IoT and security risks and leverage technologies with the best track record for cybersecurity. This means seeking out electrical products and solutions for customers that make a specific point of highlighting cybersecurity as key differentiators or even go so far as to feature specific cybersecurity certifications (more on this below).
Additionally, there are a number of recommendations VARs can share with partners to help them protect their network infrastructure. Experts recommend taking a number of practical measures to safeguard against cybersecurity breaches, such as using a firewall and encrypting information; conducting routine security assessments; regularly updating antivirus software and antispyware; using advanced email filtering; establishing powerful password policies and endpoint protection; and offering employees cybersecurity awareness training.
Q: What can be done to make IoT-enabled devices secure from cyberthreats?
Tardy: In response to growing cyber dangers, global safety science organization UL has developed and published a standard for software cybersecurity for network-connectable devices, UL 2900-1. The UL cybersecurity certification provides the assurance that the product has been thoroughly reviewed and tested against a trusted benchmark.
State governments are also taking legislative action to demand a higher level of cybersecurity. For instance, California recently passed a bill making IoT device companies more responsible for ensuring the privacy and security of the state’s residents. Additionally, the International Electrotechnical Commission (IEC) has released cybersecurity certifications to give companies more tools for a successful cybersecurity strategy.
As industry standards and government regulations continue to evolve, this type of respected independent testing will remain among the best means for VARs and their customers to ensure their equipment manufacturers have done their due diligence to mitigate risks.
Q: How important is it for a VAR to strengthen their cybersecurity knowledge?
Tardy: It’s incredibly important because new opportunities for threats will continue to emerge as connectivity expands. Devices like UPSs aren’t typically top-of-mind when it comes to cybersecurity, but the desire of more IT professionals to leverage connected capabilities such as remote monitoring has driven manufacturers to introduce more of this type of functionality.
This is why Eaton began taking steps to strengthen cybersecurity in power management equipment – launching the Gigabit Network Card, which is the first UL 2900-1 and IEC 62443-4-2 certified UPS communication card. Additionally, Eaton’s ongoing focus on cybersecurity has helped to ensure that all our products already comply with California’s requirements, from UPSs to power distribution units (PDUs) and power management software.
As VARs increase their knowledge and demonstrate an ongoing commitment to ensure their products meet the highest of standards, it will serve as a signpost for customers that they understand the risks that pervade the internet and are serious about addressing them.
Q: How important is it that a VAR encourage their customers to strengthen their cybersecurity knowledge?
Tardy: VARs are in a unique position to support and coach their customers, who are often adapting quickly to keep up with an ever-evolving IT landscape. Customers can’t afford the costs and delays associated with debilitating cyberattacks. Getting smarter about cybersecurity and incorporating secure-by-design products will help them avoid getting left behind.
As cyber dangers continue to escalate, companies will seek to work with VARs that can demonstrate an ongoing commitment to cybersecurity. By taking a security-first approach and maximizing cyber safety rigors from the ground up – ensuring solutions across their portfolio are optimized for protection – VARs will put themselves in the best position to meet the current and future demands of their customers.