Here’s how BVM make it simple.
For functional security and resilience to external attacks, it is essential that modern embedded systems are locked down in a way that only permits approved applications to run. There are a number of techniques for doing this depending on the application.
In larger companies the IT department wants to control all computers, especially if the system is running Windows. In their eyes Window 10 IoT is the same as desktop Windows. This is true to a point but a correctly configured and installed embedded system is secure as it is. There is no need for constant updates which can easily cause functional issues.
For embedded applications with fixed functionality it is common to use Windows 10 and employ a write filter which prevents unauthorised disc writes. This means that at every re-boot a fixed environment is activated. With a correctly configure write filter it is virtually impossible for rogue applications to write to the system disc. The system can be configured to close all ports that are not required and lock any peripherals to the authorised user.
Where applications change from time to time a means is required for the user to be able to create a “white list” of authorised application that can be easily updated by authorised users. Windows built-in App Locker provides the mechanism required and proprietary applications such as McAfee Application Control provides a simple user interface.
All this control and security from necessity makes a locked down system more difficult to install and maintain. At BVM we implement a Control Panel which provides a simple “tick Box” interface to guide the user through the installation process. This negates the need for a deep understanding of the software and how to use the write filter by asking simple questions.
This approach can be tailored to each individual system design and can include application specific parameters, network configurations or station ID
If these issues sound familiar talk to the team. We may just be able to help.