By Vishal Gupta, VP of Product Management
Speed of digital modernization, advancements towards cyber physical systems, and post-pandemic economic landscape have driven industrial organizations to rely more heavily on remote work. With that shift, the need to find the right tool for secure remote access to industrial organizations and critical infrastructure is paramount. The right tool must enable multiple parties, including operators, contractors, and third-parties, to remotely and securely connect to the Operational Technology (OT) infrastructure and collaborate with each other. The ability to remotely collaborate over a shared session and work on the same system simultaneously is also crucial.
Multi-user remote session collaboration is a standard field practice in industrial organizations. Some industries refer to this practice as session shadowing, over-the-shoulder collaboration, or remote session monitoring. Whichever term you use, it is frequently necessary for two or more operators to jointly perform a task such as troubleshooting, optimizing, or installing software patches on remote field devices such as Remote Terminal Units (RTUs) and Programmable Logic Controllers (PLCs). A real-life example would be a situation where a process safety controller has malfunctioned at an oil and gas extraction plant. Given that this is a highly critical and sensitive device, any delay in fixing it could potentially lead to catastrophic situations. To fix it requires at the minimum two operators:
- A subject matter expert for this controller, most likely a technician from the third party vendor that manufactured the controller.
- The plant operator that works at the oil and gas extraction facility and has the expertise on the actual operation.
It is important to be able to achieve this without having to fly the third party technician to the local plant, which can be an expensive and time consuming approach. Ideally, both parties could remotely collaborate and debug the issue over a shared session. To achieve this, an operator first initiates a screen sharing session to a dedicated engineering workstation within the OT network from his computer. Using the device specific application installed on that workstation, they then connect to the field device to perform the desired task. The secure access tools commonly used in IT environments lack the granular security controls that are required to keep operational technology (OT) and critical infrastructure secure.
Status Quo Approaches to OT Remote Access
Remote session collaboration tools commercially offered today can be broadly grouped into two categories.
- The first category uses cloud-based technologies and are generally offered as a service. Such tools are easy to use, however they require direct internet connectivity to operate, which unnecessarily increases the risk to OT assets and circumvents layered security defenses.
- The second category of tools use client-server technologies, can be deployed on-premises and are typically VPN and jump-box-based solutions. Such tools do not necessarily require internet connectivity to OT assets. However, operators must install thick clients on employees’, contractors’, and third-parties’ computers and change firewall rules (e.g., opening up vulnerable ports in the firewalls between OT and IT DMZ). Windows native tools such as VNC, RDP and a few other commercially available enterprise tools fall into this category and require VPN access, which introduces numerous attack vectors. Additionally, these tools require complex firewall rules management at the DMZ and subsequent layers.
In addition to the above pitfalls, neither category of solution provides an ability to control which individual assets collaborators can interface with. Once in the workstation, malware or malicious actors can spread laterally and infect the operation of the infrastructure at large.
Modernizing Session Collaboration with a Zero Trust-led Approach
Xage, a leader in Zero Trust Access Management, has introduced the industry-first Zero Trust multi-user real-time session collaboration for operational enterprises. Xage not only eradicates all aforementioned gaps and pitfalls in existing solutions, but bakes the following zero trust principles into its Session Collaboration solution:
- Identity-based authentication: Each collaborator is first required to identify with his or her login credentials along with MFA.
- Granular, per-asset access control: Each collaborator, despite having a valid invitation from the invitee to join an ongoing session, can only collaborate on that session if they have authorized access to the remote workstation and authorization for the specific access method (such as VNC, RDP, SSH, or Telnet) to that workstation, and have authorization to access the actual remote device to connect to from the Windows workstation or from a terminal.
- “Just-in-time” and “just-enough”: “Just-in-time” access where an operator can request for an admin approval for a time-bound remote access. “Just-enough” access where operators can grant access to only a specific asset, such as a workstation, PLC or RTU using a specific access method, a permission level: read only, read-write, or full-control (more on this below).
- No reliance on agents, clients, and VPNs: The Xage solution is fully browser-based and doesn’t require installation of agents or thick clients. This makes it easy to maintain as there is never a need to update or patch any agents or thick clients. Being browser based also makes this solution cross-platform compatible, as all hosts or workstations have a browser by default.
- Multi-hop with protocol breaks: All collaboration sessions follow multi-hop access to the remote devices with protocol breaks at each level including the IT/OT DMZ and over encrypted reverse tunnels. This removes the need to open any custom ports through firewalls and provides protection from any zero-day vulnerabilities in commonly used protocols, such as VNC and RDP.
- Session monitoring and shadowing: Allow users with higher privilege to view all the ongoing collaboration sessions and voluntarily join any session without seeking permission from any collaborator. These users can shadow and provide oversight. They also have the ability to terminate any ongoing session for all collaborators or for just one collaborator
In addition to these unique features, Xage’s Zero Trust real-time session collaboration solution offers various operational benefits that make it easy for highly regulated organizations to adopt, deploy and maintain:
- Extends the session collaboration capabilities beyond just VNC and RDP to the other equally critical protocols, such as Telnet and SSH.
- Introduces three types of permissions to make sure the session collaboration is fully restricted, controlled and time-bound:
- Read-Only permission: Session participants can only view the screen and watch what others are doing.
- Read-Write permission: Session participants can not only view the screen, but can also take control of the mouse and keyboard to operate on the remote screen.
- Full-Control permission: In addition to having full Read-Write permission, session participants can also view all the active on-going sessions across all the devices and workstations that they have been granted access to, and will be allowed to join any of those ongoing sessions without an approval. Additionally, they can revoke the read and or write permission for any other participant as well as can kill the entire session.
- Administrators can require all the collaborators to use an additional factor of authentication (MFA) at each layer or security zone as they traverse down the layers of the Purdue model to establish a session with a remote desktop or device. To learn more about the Xage’s Multi-layer MFA innovation, read our blog post: How Multi-Layer MFA Can Secure Critical Infrastructure.
- Offers secure file sharing during the collaborative session, which enhances the session productivity as multiple collaborators can quickly transfer files from local computers to the remote desktop that is hosting the screen sharing collaboration. All files are scanned for viruses before being securely transferred to the trusted destination through the multi-hop proxy tunnels.
- Administrators can enforce recording of all sessions via simple policy configuration from the administration portal. This setting will require all sessions to be recorded, and session collaborators will not have an option to turn the recording off.
- All actions taken during the session collaboration are audit logged as part of tamperproof audit logs, which can be used later for any forensic purposes.
Xage has been continuously innovating to bring zero trust solutions to industrial organizations and critical infrastructure operators to modernize access management and data security. Our latest real-time session collaboration solution empowers globally distributed workforces to securely collaborate and jointly perform any mission-critical task to keep critical operations running.
Next up, check out our case study to learn why one of the world’s largest steel manufacturers selected Xage for Zero Trust Remote Access to their operational technology