Security is Part of our Culture

ServiceMax strives to meet the most stringent security and compliance requirements, so you can easily adopt the right products that deliver positive outcomes for your asset-centric business. From the asset in one of your Customer’s sites, the technician executing a work order, and the dispatcher in the enterprise, ServiceMax securely facilitates serviceability of those assets. As digital industrial companies evolve, optimizing operations requires complete, valid, unimpeded, and, above all else, secure data.

Advanced and persistent threats have been targeting cloud and connected and non-connected assets. With ServiceMax you can rest assured that the transmission of data as well as the data that resides in our cloud, is protected. By building Security into the design of our products we have ensured that you can connect with confidence, knowing that your data, processes, and outcomes are delivered in a resilient environment.

Data Security

ServiceMax employs asset and data classification guidelines to ensure your security needs and priorities receive the right level of protection. ServiceMax protects your data by maintaining strict isolation between production and development environments. Depending on the product being consumed, some level of control may be passed along to you given the cloud security shared responsibility model. Security policies at multiple layers are applied to limit access to ServiceMax workforce members who possess a legitimate business need for such access. Additionally, data is de-identified where needed and transmitted in encrypted form using Transport Layer Security (TLS). Encryption keys are then protected.

Product Security (Secure by Design)

At ServiceMax product security is fundamentally about protecting the applications and services that we build along with the supporting platform and ecosystem which stores and processes your sensitive data. The concept of ”Secure by Design” is ingrained in our engineering practices. Our Secure Development Lifecycle (SDL) framework serves during the development process to secure applications and services. Following SDL empowers our Engineering Teams to: 1) apply the appropriate architecture and design, 2) understand threats and choose the right controls for protection, 3) conduct proper security testing, and 4) remediate vulnerabilities before production deployment.

Infrastructure and Platform Security

ServiceMax employs industry-leading technical controls at the infrastructure and platform layers to ensure threat mitigation capabilities meet stringent requirements and are highly effective. ServiceMax understands that isolating environments is key to reducing blast radius and, therefore, risk to Customers. We leverage virtualization technologies at specific layers to ensure that application runtimes are separated from the operational and control elements in the network. This separation allows the user and application interactions to be monitored from the specific application instance and user, in and out of the Internet, and through all the services. ServiceMax regularly audits its network security posture and specific technologies to verify they are compliant with policies and technical standards and has implemented penetration testing procedures to further validate effectiveness of the applied controls.

Managing Identity and Access

At ServiceMax we believe security starts with establishing identities of things for objects of interest—including people, devices, applications, and data—defining relationships for those objects, and enforcing appropriate controls for how these identities access resources. ServiceMax applies this mindset to how we build our products, secure data, and manage customers. ServiceMax, therefore, supports sophisticated mechanisms to prove identities, create roles across the ecosystem, and effectively authenticate and authorize access while privileged accounts are further contained and managed.

Encryption and Key Management

Reliable encryption ensures that data is secure at rest and in transit. ServiceMax encrypts at different layers based on the product, to ensure that data is exposed on a need-to-know basis. ServiceMax supports key management systems, and public and private key infrastructures for effectively protecting and managing keys and certificates. Application and service accounts are vaulted to further protect them from illegitimate access.

Endpoint Security

End-user devices are protected by several layers of controls to ensure that the work that is conducted via these devices is done so in a safe and secure fashion. Controls such as endpoint threat detection, mitigation and response, malicious website protection and proper patching are maintained so that the end-user has a safe experience. Similarly, cloud endpoints that support ServiceMax products are built using secure configurations, undergo effective vulnerability management, and protected via cloud endpoint threat detection, mitigation and response tools.