We are constantly improving our technology platform to be able to offer you state of the arts services in the future too. To this end, we need to analyze the available data and use the information gathered to design new services. It goes without saying that we do this in a way that does not present any risk for you. As our customer, you can be confident that all precautions have been taken to ensure your security during connection, active remote access to your machinery, data transfer, and data storage.
Here is a selection of our most popular cloud-based services:
Heidelberg Assistant is the digital interface for our customers to real-time data as well as comprehensive analyses from the Heidelberg Cloud. Heidelberg Assistant is a web application protected with technical and organizational security measures at the highest level (e. g. Web Application Firewall, DMZ, virus check of attachments in a sandbox). Access to the Heidelberg Assistant is controlled over a finegrained user rights and roles concept with individual login and password protection (Heidelberg ID). The master administrator is defined and managed on customers’ side. All security measures are checked regularly with internal and external penetration tests and brought up to date with the latest technology.
The Heidelberg production systems (machinery and software) are connected to the Heidelberg Cloud via a secure, web-based communication channel. We use this channel to access the customer system directly or to send relevant data for the various applications. Almost all print shops have their own web sites, receive job data via the Internet, or offer their customers a web-to-print service. These Internet connections are normally protected by means of central access control on the customer side. The Heidelberg Cloud does not affect this protection in any way. The Heidelberg Cloud offers an extremely high level of security with the following measures:
The machinery and Prinect servers come preinstalled with a so-called service agent for the Heidelberg Remote Services. This software is designed to prevent contact being established with the machine from the outside. All connections to the preset Heidelberg Service center are initiated by the machine.
The Heidelberg Cloud is strictly based on Internet standards that use encrypted communication. This accomplishes two goals:
The Internet addresses of the Heidelberg Cloud are already stored in the machines on delivery. Both communication partners are uniquely identified when contact is established. The machine contains a globally unique ID and a password that are already preinstalled on delivery. The Heidelberg Cloud is equipped with digital certificates that verify that the addresses are actually those of the Heidelberg Service center and not a third party purporting to act on its behalf.
Machines and Prinect servers connected to the Heidelberg Cloud only establish contact with the Heidelberg Cloud if the customer wants and expressly permits this. There are various forms of contact, depending on the service product purchased as part of a service agreement:
This concept allows customers to decide in detail what level of communication they want. All of these functions can be enabled or disabled at any time. If none of these functions are enabled, the Heidelberg Cloud communication software remains disabled completely.
With the Heidelberg Cloud, all transactions (e.g. file transfers) are logged both on the machine and in the cloud: this makes it possible for customers to prove at all times what exactly happened in the system. By comparison, other conventional systems only use a central logging and require customers to prove themselves all transactions in the event of damage.
In addition to approving individual Remote Services, individual confirmation is required for each and every remote access operation. The “Remote Service button” (telephone handset symbol) must be pressed to enable an authorized Heidelberg SystemService technician to directly access the user interface for a limited period in order to analyze faults interactively with the user on site or provide assistance. This active status is shown on the screen, ensuring that the operator has full transparency at all times. The operator can also precisely track the menu steps being performed by the technician, and the screen views visible to the technician. The customer can, of course, terminate this remote access at any time.
Access to the Heidelberg Cloud via a portal is reserved for Heidelberg staff with Remote Service authorization. In accessing the platform, they follow a defined and secure authentication procedure based on modern standards. This ensures reliable identification of the Heidelberg SystemService technician, since the concept only permits personal user accounts. There are no anonymous users within a Remote Service connection and no group accounts. Our SystemService technicians personally vouch for the service provided, as with Remote Services. The technician’s name is therefore shown on the display during all interactive remote access operations. We generally also send a photo of the technician, since a personal relationship is also important to us with Remote Services.
Before a technician gains access to the Heidelberg Cloud, he or she receives instruction on matters related to IT security and data privacy and signs an undertaking. In particular, this undertaking confirms that all data to which the technician has access by virtue of its user account in the service center will be handled in confidence. Information will only be collected by SystemService technicians for the purpose of providing services or improving products. In addition, the data will only be used by the local SSU or Heidelberg Druckmaschinen AG for improving quality management and continued refinement of machinery and service products as well as for innovations and the purpose of customer relation management. This staff will also receive appropriate instruction in matters related to IT security and data privacy and sign the undertaking.
Access to information in connection with the personal account for authorized technicians is limited to the bare minimum. Machinery connected to the Heidelberg Cloud is only visible in the portal for technicians with responsibility for the respective region where the machine is installed, with access permission, and with training in the respective product line.
All Heidelberg SystemService technicians use standardized service PCs with the latest virus protection and modern security features installed by the central IT departments. This ensures that all systems involved in the Heidelberg Remote Service, from the machine to the service PC, feature effective protection.
IT security is constantly evolving and facing new challenges, whether as a result of new threats or ever changing technological capabilities. To address this, Heidelberger Druckmaschinen AG set up an IT Security Council–Remote Services in which IT security specialists together with data protection officers and product managers track current developments with the aim of continuously optimizing the security measures for our products.
PTC is the market leader in Internet of Things technology. Heidelberg is currently using the European PTC Machine Cloud located in the data center in Frankfurt/Main in Germany. The Cloud data center is certified to ISO27001 and TRUSTe Privacy and is subject to the strict data protection guidelines of the EU due to its location. This offers Heidelberg and its customers a very high level of security.
We look forward to your message. In order to be able to react quickly to your request, we need some information.
*These fields are required.