How does Fabriq protect your industrial data?
Discover in video how Fabriq protects the industrial data of its customers. All your questions are answered in this interview with Yacine, our Lead Developer.
Who is Yacine, Lead Developer at Fabriq ?
Hi, my name is Yacine, I am a Lead Developer at fabriq, and I am in charge of security, reliability, privacy and compliance.
Fabriq is a SaaS software for industrial performance management, whose objective is to make production teams more efficient and autonomous in solving operational problems. As a result, we are partners with a number of industrial groups, which attach great importance to data protection.
What does SaaS software in the industry entail?
SaaS is an acronym for software-as-a-service. It means that the application and the data are with the supplier, in this case with us, and not with the customer.
It brings many advantages: reduced maintenance costs, a much faster installation and learning curve, it can accommodate a very variable number of users. In addition, they are generally more recent software with a more modern, more intuitive interface.
And in terms of data protection, this means that the provider is in charge of security and privacy issues, so we are.
How does SaaS software protect your data?
SaaS is often contrasted with on-premise, i.e. software managed directly by the customer. To understand the difference, on-premise is like putting your money in a safe at home, and SaaS is like putting your money in the bank.
A common misconception is that on-premise allows for a better understanding of data protection issues. Indeed, the customer is in control, so he is more reassured. However, this does not take into account the fact that customers are often not software experts, and they have to deal with data protection for a range of software with very different technologies, and without understanding how it works.
With SaaS, it is those who designed the software who protect it. And, the efforts are mutualized among all the customers. This guarantees, for a good investment, that the best people are in charge of security.
The analogy makes it very clear: you may have an excellent safe at home, but your money will probably be safer in the bank.
In addition, Fabriq is an agile and modern organization that can employ the latest data protection technologies.
How Fabriq is committed to your industrial data?
Already, Fabriq is committed to not exploiting our customers' data. It is stored for their use; we do not sell it or mine it on our behalf. Our mission is solely to serve the operational performance in the industry.
After that, we implement a whole bunch of policies for data protection. I can give you an example: the systematic encryption of our databases, the fact that we only save data in the European Union, and one thing we are particularly careful about is the application of a Zero Trust policy. Basically, this means that our system is robust to intrusions; actors must authenticate themselves at all times, and their rights are limited to what they need.
With all this, we are committed to being transparent about our security posture and practices with our customers.
Where is the data stored (where, by whom)
The data is stored exclusively in Europe by AWS.
Who has access to the stored data?
First of all, the users of Fabriq, i.e. the employees of our customers. Of course, only the employees of a given customer have access to the data of this customer. In addition to that, customers can configure access for each employee. They can decide that members of one team cannot see the data of another team.
Then, at Fabriq, our operations team has access to customer data in order to support them. If other teams need a customer's data, we anonymize and redact it before extracting it.
Are there any backups?
How often and how do we retrieve data if our customers have a problem?
Absolutely. We do a snapshot, that is to say a complete extraction, every 24 hours and kept for 30 days, and we replicate the log of modifications in real time in three availability zones. So we are able to restore the data at any time during the last 30 days.
What happens if we don't work together anymore?
What happens to your data? How can you retrieve it and in what format?
When a customer wants to stop working with Fabriq, we offer to extract the data he is interested in, in a format that suits him and, once delivered, we remove all data concerning him from our product. We then have to wait 30 days for the backups to expire so that all traces of the customer's data have disappeared.
Do you have any certifications? Which ones do you have or plan to have on data protection and use?
A few months ago, we launched a project to become ISO 27001 compliant, and our ambition is to begin certification before the end of 2022. We are very committed to these issues, and this is also an integral part of our technological roadmap: to make Fabriq increasingly robust in terms of cybersecurity as we deploy our solution to major accounts.
Why so much effort on security?
Industrialists are very sensitive to this issue, and rightly so. The industrial sector is very competitive, and there are malicious actors who do not hesitate to undermine French industry. That's why the security of our customers is one of our main concerns, and our ambition is to be _the_ SaaS solution for industry 4.0 that customers can trust.
How does Fabriq see the future?
The guiding principle is really ISO27001 certification, so that's our main concern. We would also like to isolate customer data at the infrastructure level, i.e. have a database dedicated to each customer.