3 SaaS Security Measures That Provide Top-Tier Data Protection

Most security hacks water utilities face are external threats with financial motives that compromise credential information. Although personal customer information is not an aspect of the data transmitted with smart water systems, utilities need to prioritize security when choosing a Software as a Service (SaaS) offering to safeguard their system against potential attacks. Here are three key security tactics our SaaS solution prioritizes to protect utility data.

Network Security Standards

At the forefront of our SaaS security measures is a cellular network provider that maintains substantial protocols and technologies to protect against cyber threats. The carrier automates threat detection technologies for data to safeguard the network and corresponding infrastructure against cyberattacks.

Additionally, the provider continually improves its security measures through active research and development programs and evaluates new security technologies and products as they emerge. It also adheres to stringent industry standards—including two global ISO 27001 certifications—and upholds security to the highest level of protection.

ISO 27001 Certification

Since 2015, Badger Meter has committed to annual voluntary audits to minimize potential security threats and ensure customer trust. One audit is the ISO 27001 certification, which analyzes how to appropriately operate, monitor and maintain an Information Security Management System (ISMS). An external auditor comes in to review our organization’s practices, policies and procedures to determine if the ISMS meets standard requirements. Once certified, a certification body then conducts annual assessments to monitor compliance.

The ISO 27001 certification demonstrates our investment in the people, technology and processes necessary to protect our organization’s data. It also provides a professional assessment proving that our data is effectively protected. Benefits of a SaaS backed by ISO 27001 certification include:

• Protecting data wherever it resides
• Defending data against cyberattacks
• Preparing for potential security threats as they evolve

SOC 2 Type 2 Certification

Another annual audit we have done voluntarily is the SOC 2 Type 2 certification. SOC 2 is an auditing procedure performed by external auditors that ensures service providers securely manage data to protect the interests of organizations and the privacy of its clients. It evaluates companies based on five trust service principles, including:

• Security: Refers to the protection of system resources against unauthorized access, including potential system abuse, theft or unauthorized removal of data, misuse of software and improper alteration or disclosure of information.
• Availability: Addresses the accessibility of the system, products or services as defined by a contract or service level agreement. Involves monitoring network performance and availability, site failover and security incident handling.
• Processing integrity: Determines whether a system achieves its purpose (i.e. delivers the right data at the right price at the right time). Data processing must be complete, valid, accurate, timely and authorized.
• Confidentiality: Assures data is confidential with access and disclosure restrictions in place only giving specified company personnel admittance, including intellectual property and other sensitive information. Data encryption is a critical security measure in assuring confidentiality.
• Privacy: Focuses on the system’s collection, use, retention, disclosure and disposal of personal information in conformity with an organization’s privacy notice and defined criteria. Controls are required to protect personal identifiable information that can distinguish an individual.

While SOC 2 compliance is not mandatory for SaaS solutions, the role it plays in securing utility data is a necessity. This certification confirms that we continuously adopt best practices to prioritize security for our customers and minimize threats wherever possible. 

Cloud-Hosting Platform

Another facet of our SaaS offering is the cloud-hosting platform we use: Amazon Web Services (AWS). It delivers the most flexible and secure cloud-computing environment available today. The network is specifically designed to protect information, identities, applications and devices from potential threats, offering these key benefits:

• Superior Visibility and Control: Control where data is stored and who has access to it at all times to maintain protection.
• Built With the Highest Privacy and Data Security Standards: AWS provides the ability to encrypt data, move it and manage retention however is needed.
• Comprehensive Security and Compliance Controls: Regularly achieves third-party validation for thousands of global compliance requirements to help you meet security and compliance standards.

Using AWS as our cloud-hosting platform provides us with the tools to prevent, detect, respond and remediate possible security threats as they arise to protect our customers’ crucial data.

Supporting Utility Strategies

As a final means of supporting data security, we encourage utilities to develop and maintain their own internal strategies, including:

• Requiring users to set passwords that meet strength requirements and change their passwords regularly
• Enabling multi-factor authentication processes, which verifies user identities in multiple steps and makes stealing information more difficult for offenders
• Removing user access immediately when a team member leaves their position or is terminated to prevent malicious threats

Strengthen Your Security Measures With BEACON^® SaaS

By committing to the highest level of security with our SaaS offering, utility data is protected to the highest degree. Utilities are empowered to share as little or as much information as they’d like based on individual preferences.

Whether you have existing security concerns or would like to take preventive security measures, consider an upgrade to cellular AMI with BEACON^® SaaS. Advanced security measures are just the tipping point of our smart water solution—discover more benefits including how an upgrade now can help your utility today and well into the future.