Secure and scalable IIoT architecture
How CENTO protects your industrial data
18 min. read
Data breaches today are no longer isolated incidents. They are the defining cybersecurity threat of our time. According to the IBM Cost of a Data Breach Report 2025, the average global cost of a single breach reached $4.44 million, with losses in highly regulated industries such as energy and manufacturing climbing even higher. The challenge is no longer limited to system failures or unplanned outages. The damage runs deeper: stolen blueprints, compromised credentials and corporate emails, loss of stakeholder trust and regulatory fines. In Industrial IoT, attacks need not be overt. With data as the primary target, a single disguised file on an employee’s device and a brief lapse in attention can be enough to trigger a breach.
These are the reasons why in CENTO we took cybersecurity as one of our top priorities, alongside uptime and faultless operation. In an environment where a single wrong click can open the gates, protection can’t be an afterthought. Security must be built into every layer of the system. From segmented network architecture and encrypted data flows to role-based access controls and continuous anomaly detection, CENTO’s safeguards are designed to reduce the likelihood of a perimeter breach to the lowest level achievable with today’s technology.
We regard security as the fundamental basis for operational efficiency. A plant that is safe from intrusion is a plant that can run without fear of hidden sabotage, data leaks and unauthorized process control. That means operators stay focused, systems are reliable, and the pulse of production never misses a beat.
Here’s a review of how we manage enterprise-grade security in our product.
In this article
Why Role-Based Access Control (RBAC) is critical for secure industrial environments
Role-Based Access Control (RBAC) is a security model that governs access to system functions based on a user’s assigned role rather than on individual permissions. It is built on a clear principle: users should have only the access necessary to perform their job.
RBAC in CENTO is based on three core concepts:
- Role assignment: users are assigned roles that reflect their operational responsibilities
- Permission allocation: each role is associated with a specific, predefined set of actions the user can perform
- Access enforcement: users operate strictly within the boundaries defined by their role
CENTO includes a set of default roles such as Administrator, Dispatcher, Operator, and Metrologist. These roles cover typical industrial workflows and can be fully customized. For example, it is possible to define a role with view-only access to reports or restrict access to a specific subsystem or set of commands. This flexibility allows organizations to align access rights precisely with operational needs and security policies.
Access control in CENTO supports two types of user management:
- Local users, created and managed directly within the system, with credentials stored in the platform’s internal database
- Integration with Active Directory (AD), which allows user authentication to align with an organization’s existing identity infrastructure. In this setup, roles and permissions are still managed within CENTO, while account verification is handled externally via AD
Local users and AD users are distinct: local users exist only within CENTO, while AD users are authenticated by the external directory service but can still be assigned roles inside the platform.
RBAC is critical in industrial environments because it allows organizations to maintain strict control over who can view or modify sensitive data, execute control commands, or alter system configuration. For example, in CENTO, an operator may be allowed to monitor equipment status but not change parameters, while only a dispatcher can send control commands. This eliminates the risk of accidental misoperation or unauthorized access from users acting outside their scope.
Moreover, when combined with logging and authentication mechanisms, RBAC provides full traceability — every action in the system can be traced back to a verified user operating under a specific role. This is not only important for internal accountability but also essential for compliance with industry standards such as IEC 62443 and ISO 27001.
Whatch video about how CENTO works
Or read about what is CENTO and how it transforms enterprise operations into a unified digital twin, enabling energy consumption clarity, cost savings, sustainable growth and even more in our article.
Whatch video about how CENTO works
Or read about what is CENTO and how it transforms enterprise operations into a unified digital twin, enabling energy consumption clarity, cost savings, sustainable growth and even more in our article.
Secure logging in IIoT: from RBAC to Syslog over TLS
Knowing who has access to what is only one part of the security equation. True operational awareness is achieved through effective access control combined with a clear understanding of user behaviour within the system. Role-based access can define permissions, while continuous activity logging will show how those permissions are used in practice.
In CENTO, all key user activities are logged. Login events, configuration changes, and control commands are tracked and stored. These records form the foundation for operational traceability, incident investigation, and compliance auditing. Logs can help identify misconfigurations, detect unauthorized behavior, or simply verify that critical procedures were followed correctly.
Access to activity logs is restricted, only administrators or users with explicitly assigned roles can view them. The retention period is configurable and determined by the system administrator, depending on internal policy or regulatory requirements.
In many industrial environments, maintaining comprehensive and tamper-resistant audit trails is a formal requirement enforced by both international standards and industry-specific regulations. Frameworks such as ISO/IEC 27001, IEC 62443, and NIST emphasize continuous monitoring, access control, and traceability as critical elements of a secure system lifecycle. Proper log retention enables forensic investigations, supports certification audits, and ensures operational accountability. In high-risk sectors such as electric power, nuclear energy, rail transportation, and critical manufacturing, strict controls over logging and access are legally mandated and essential for safe and compliant operations.
For example:
- NERC CIP (North American Electric Reliability Corporation Critical Infrastructure Protection) mandates audit logging of user activity, configuration changes, and access events in the electric power sector.
- The IEC 62645 and IAEA NSS No. 33-T standards govern cybersecurity at nuclear facilities, requiring detailed records of operator actions and system responses for forensic readiness.
- EN 50716 and TS 50701 define cybersecurity logging and alerting practices for railway signaling, control, and communication systems, aligned with IEC 62443 principles.
- IEC 62443-2-1 and 62443-3-3, widely adopted in industrial automation and control systems (IACS), emphasize centralized logging, role-based access to logs, and retention policies as part of secure operations.
The logging framework includes role-restricted access, configurable retention periods, and integration via the Syslog protocol – widely used standard for message logging in networked systems. It enables devices, applications, and platforms to send event data to a centralized log server or monitoring tool using a consistent format. This protocol is lightweight, extensible, and supported across nearly all enterprise and industrial systems.
In industrial environments, Syslog serves as a bridge between operational technology (OT) and centralized cybersecurity infrastructure. It allows IIoT platforms to transmit logs related to system access, configuration changes, errors, and control actions to an external collector in near real time. These messages are then processed by SIEM (Security Information and Event Management) platforms, such as IBM QRadar or equivalent, where they can be enriched with contextual data, correlated across systems, and analyzed for anomalies or signs of compromise.
Syslog supports both UDP and TCP transport and can operate over TLS (Transport Layer Security) to ensure secure delivery of log messages. TLS is a cryptographic protocol that guarantees the confidentiality, authenticity, and integrity of data in transit. Without it, log messages sent over plain UDP or TCP can be intercepted, altered, or spoofed — especially in large or segmented networks. This opens the door to log injection, silent tampering, or monitoring blind spots. TLS closes these gaps by encrypting the communication between systems and log collectors, providing end-to-end assurance that logs remain trustworthy and protected throughout their journey.
For industrial environments where log integrity is critical, whether for compliance, audit trails, or forensic readiness, enabling Syslog over TLS is considered a best practice. In many cases, it is also a formal requirement under industry frameworks such as IEC 62443 and NERC CIP.
Using Active Directory to extend RBAC in industrial environment
As discussed, role-based (RBAC) access control in CENTO ensures that users can only perform actions relevant to their responsibilities. However, assigning roles is only part of the overall protection strategy. As we said earlier, AD serves as an external authority for verifying who exactly is requesting access and whether that identity is trusted. This is where authentication becomes critical.
CENTO supports both local user accounts and integration with Active Directory (AD), allowing the platform to align with an organization’s existing identity infrastructure. With Active Directory, security policies are managed centrally. For example, administrators can set rules that require strong passwords such as minimum length, complexity, and expiration time. These rules automatically apply to every user. If someone tries to guess a password, AD detects multiple failed login attempts and temporarily locks the account to block brute-force attacks. It also allows role separation: some users can manage only passwords, others only groups, and only a few can access sensitive systems. This way, no single person has full control unless explicitly assigned.
AD also enables automated provisioning and deprovisioning of user accounts. This is particularly important in industrial environments with high staff turnover, contractor access, or shift-based roles. When access rights are managed manually, delays and oversights may result in former employees still having access long after they leave, creating hidden vulnerabilities. With AD, access changes are applied immediately and system-wide, reducing the attack surface and ensuring that only current, verified users can interact with the platform.
Air-Gapped and segmented: how CENTO protects critical Infrastructure
The next crucial layer of enterprise-grade security is in network segmentation. In industrial environments, separating the Operational Technology (OT) network from the Information Technology (IT) network is essential for limiting exposure and reducing risk. CENTO is built to operate within architectures that enforce this separation by design.
The most common setup begins by clearly separating the two environments: Operational Technology (OT) and Information Technology (IT). OT includes the systems that control and monitor physical industrial processes — such as PLCs, SCADA, sensors, and field equipment. IT refers to business systems used for data analysis, reporting, planning, and enterprise management. To connect these layers without compromising security, a read-only mirror of the OT server is created on a host within the IT network. This mirror is a continuously updated copy of selected operational data. It allows IT users to access production information without opening any direct connection to the OT systems.
Perimeter protection defines how the boundary between networks is secured. Depending on the specific security requirements of a facility, this may include firewalls, which block unauthorized traffic; proxies, which act as controlled gateways between systems; or DMZs (demilitarized zones), which isolate external-facing services from core infrastructure. These components help prevent unauthorized access from external networks to internal industrial systems. Since each deployment may have different risk levels and infrastructure setups, the exact configuration is determined on a case-by-case basis.
CENTO is designed to be flexible and compatible with these security architectures. It integrates smoothly into segmented or layered networks without requiring exceptions or modifications, making it suitable for use in regulated and high-security environments.
Importantly, the platform can also function in completely air-gapped environments, meaning it does not require any connection to the internet or external networks. An air-gapped system is physically isolated from other systems, making it one of the most secure configurations available. In such setups, data transfer occurs only through controlled methods such as removable media, offline synchronization, or unidirectional gateways. Direct network connections are not used at any stage.
This level of isolation is essential for high-security sectors like energy, mining, transportation, and critical manufacturing, where the risk of cyberattacks or unauthorized remote access must be minimized. CENTO was built with this in mind. In fact, all current deployments of the platform operate in air-gapped configurations, demonstrating its ability to provide full functionality even under strict network isolation policies.
Ensuring secure data exchange in IIoT: HTTPS, MQTT, TLS, and API access control
Modern industrial platforms must interact with a wide range of external systems, including SCADA, PLCs, business intelligence tools, and cloud-based analytics. At the same time, these integrations must be protected against interception, tampering, and unauthorized access.
CENTO uses a combination of protocols and encryption methods to ensure that data shared with other systems is protected from interception or unauthorized access.
One of the main protocols is HTTPS, the secure version of HTTP. It is the standard method by which web browsers and applications communicate with servers. HTTPS uses TLS encryption to ensure that data being transferred cannot be read or altered by unauthorized parties while it is moving through the network.
In addition, encryption at the hardware level can be used on communication channels. This means that data moving between devices or systems is protected not only by software protocols but also by encryption built into the networking equipment itself, which adds another layer of defense.
When implemented, MQTT provides a lightweight and efficient protocol for data exchange between devices and systems. MQTT is a lightweight messaging protocol that is especially well suited for industrial environments where bandwidth may be limited and connections are not always stable. Its low overhead makes it ideal for sending frequent, small updates such as sensor readings or equipment status, while minimizing the impact on network performance.
By default, MQTT does not include encryption, but CENTO can be configured to use TLS over MQTT. This adds a secure transport layer, ensuring that all messages are protected from interception or tampering while moving between devices, even over public or unsecured networks. This combination of efficiency and security makes MQTT with TLS a reliable option for IIoT communication.
Data encryption within the platform follows a context-dependent model, meaning it adjusts based on the type of data, its sensitivity, and how that data is used. CENTO uses two main approaches for data protection: encryption in transit and encryption at rest.
Encryption in transit means that data is protected while it is being transferred between systems, devices, or network layers. For example, when a sensor sends a signal to the platform or when data is accessed from a dashboard, it travels through the network. Encryption in transit ensures that no one can intercept or alter that data while it is moving. This is typically achieved using secure communication protocols such as HTTPS or TLS.
Encryption at rest refers to securing data when it is stored — whether in databases, file systems, or backups. This protects information from unauthorized access in case someone gains physical or administrative access to the storage layer. For example, if an industrial server is compromised, encryption at rest makes it significantly more difficult to extract meaningful data without proper decryption keys.
By combining both methods when necessary, CENTO protects sensitive operational data without overloading the system with unnecessary encryption for non-critical data. This flexible model allows each deployment to find the right balance between performance and security, especially in environments with different levels of connectivity, processing power, or regulatory requirements.
When it comes to external connections, CENTO uses a controlled approach to API access. Although the platform offers open APIs for integration with external systems such as dashboards, analytics tools, or automation platforms, not every connection is allowed by default. Only authorized systems and applications can connect to the API. This is managed through access tokens or credentials, which are issued by administrators. These credentials are linked to specific roles or permissions that define exactly what data or functions the external system can use. For example, one integration may have permission to read equipment status but not to send control commands.
In addition to permission settings, API traffic is also restricted at the network level. Only systems from approved IP addresses or network segments are permitted to make requests, which reduces the risk of unauthorized access from outside the trusted environment.
How CENTO prevents unauthorized access and supports secure recovery
While the platform is not a full intrusion detection system, it includes several built-in security measures that act as a first line of defense against common attack patterns.
For example, API endpoints are rate-limited to prevent excessive or automated requests. This helps mitigate brute-force attempts, scripted attacks, or misconfigured integrations that could overload the system. If the request frequency exceeds predefined thresholds, the system temporarily blocks further access from that source, reducing risk without interrupting overall operations.
Authentication is mandatory for accessing the web interface, meaning no unauthenticated request is ever processed. This approach prevents a large class of automated attacks by rejecting invalid traffic before it can reach functional components of the platform.
Additionally, administrators can manually disable or revoke access for specific users if unusual behavior is detected, such as repeated failed logins or unexpected configuration changes. In deployments integrated with Active Directory, this response can be enforced through centralized identity management.
Combined with logging and access controls, these procedures allow CENTO to support incident containment at the software level. While external security systems such as firewalls and intrusion detection appliances provide perimeter protection, CENTO’s internal safeguards help ensure that even if an attacker reaches the platform layer, their ability to act remains limited and observable.
In the unlikely event that something does go wrong, whether due to a misconfiguration, data corruption, or an unexpected intrusion, CENTO provides full backup and rollback capabilities. Administrators can restore the system to a previously stable state, ensuring that operations are resumed quickly and reliably without data loss. This built-in recovery mechanism acts as a final layer of protection, giving organizations confidence that even rare incidents can be resolved with minimal disruption.
CENTO: built for confidence
What makes a system truly secure is not a single feature or protocol, but the way every part works together to prevent, contain, and recover from threats. In CENTO, security is not an added layer but a foundation embedded across the architecture.
From role-based access control, activity logging, and strong authentication to network segmentation, encrypted communications, and controlled API access, each mechanism reinforces the next. Together, they form the pillars of enterprise-grade security, supporting both operational integrity and peace of mind.
At the same time, CENTO remains highly adaptable. It can be configured to meet the specific security requirements of each project, regardless of whether it operates in air-gapped critical infrastructure or within a segmented enterprise network. This flexibility ensures that security does not stand in the way of usability but grows with the needs of the environment.
By aligning with industry standards and anticipating real-world risks, CENTO helps safeguard not just systems and data, but also the confidence of operators and stakeholders who depend on them. In a world where invisible threats can stop visible processes, this confidence is not optional. It is essential.