Most Tulip customers use frontline operations apps to capture data from their production lines. This means that many devices running Tulip software need to communicate with your company’s network to store and potentially retrieve data.
This opens up many new security considerations since both operators and manufacturing engineers will be using Tulip. These security considerations occur across multiple levels of the Tulip platform and your network:
Server-level: Where are the servers that are running Tulip and storing your data?
Network-level: How can individual tablets, laptops and machines communicate with servers running Tulip?
Account-level: Who can access and modify data in a Tulip account?
IO Gateway-level: How do your IO Gateways share data with the Tulip Platform?
Tulip app-level: Who can access and modify each Tulip app?
Device-level: Who is allowed to access Tulip on a laptop or tablet that is running Tulip software?
Here is a quick guide to the ways that Tulip addresses each of the above categories.
These strategies will cover both security and compliance requirements.
There are four ways to deploy Tulip software: in the Amazon Web Services (AWS) cloud, in the Amazon Web Services GovCloud, in the Azure web services cloud and private cloud (on premises option is reaching its end of life on April 2022).
The default method for deploying Tulip is a cloud deployment either in Amazon Web Services or Azure. In a cloud-based deployment, the technical support team at Tulip will be able to monitor your account and alert you when Tulip fails to connect to your network due to an internal IT change or another reason.
One other, less common option is a private cloud deployment. Although this provides the same security measures as a normal cloud environment, it provides additional compliance benefits for companies that operate in highly-regulated industries.
In order to allow devices running Tulip software to communicate with a server that is hosting the Tulip platform, your network must meet certain requirements. Please review this IT requirements guide to see if your network meets these standards.
In an on-premises deployment, your IT team will be responsible for the security of your network. In a cloud-based deployment, you will be covered by the security policies of Amazon Web Services.
Tulip has 4 levels of user roles on "standard" and "professional" plans, and 8 levels of roles on enterprise plans. Read more about managing user roles here.
Access can be grouped into three distinct categories:
"Users", which can access both Tulip and the Tulip Player
"Viewers", which can only view assets in Tulip
"Operators", which can only access the Tulip Player
Let’s imagine that you want to deploy Tulip across multiple factories and departments, and you want to restrict user permissions based on each factory.
Since Tulip’s current permission system allows any user to build and edit apps, you can use multiple Tulip accounts to control permissions. For example, if the name of your company is “Acme” and you have factories in New York and Boston, you could use two accounts:
Edge Devices Level
Your company may be considering an Edge Device to either monitor machines on your shop floor or integrate devices at operator workstations.
Tulip has a few requirements to allow your IO Gateway to connect to Tulip servers. Please review the “Edge Devices” section of our IT requirements guide for more details.
Tulip App Level
Although all administrators can create and update apps, an app creator can restrict the editing privileges around their specific app.
The Permissions tab on the App Summary View on each app allows the creator to decide the privileges of all other administrators for that particular app. And, they can give specific permissions to individual administrators.
Additionally, Tulip offers an Approvals feature at the account level. This prevents new versions of apps from being released until a certain set of pre-defined administrators indicate their approval. This ensures that apps will not be used on the shop floor until a member of the quality or compliance department approves, for example.
You may want to control which apps are available on each laptop or tablet on your shop floor.
Tulip’s Shop Floor tab allows you to create virtual “Stations” that allow you to restrict the ways that specific laptops and tablets can use Tulip. It also allows you to monitor which apps are being used by operators in real time.
Although all the features listed above will help you comply with regulatory requirements, you will also need to provide data to show the history of your operators’ usage of Tulip.
Tulip makes data readily available in order to comply with GxP standards. The data is created by all of the features listed in the sections above, and then tracked in one centralized location. It is accessible by any administrator of your Tulip account.
For more details, please use the chat tool in the bottom right of this page to reach out to a Tulip representative.