Security at Every Layer
Simplinx is built on a zero-trust architecture. Every connection is authenticated, encrypted end-to-end, and firewall-protected — your industrial data never passes through our servers.
The Simplinx Security Model
Four interlocking layers of protection — designed specifically for industrial environments where safety and uptime are non-negotiable.
End-to-End Encrypted P2P
Industrial data flows directly between the device and the client — never through Simplinx servers. DTLS encryption on the P2P data channel; TLS 1.2/1.3 on the signal layer.
Certificate-Based Authentication
4096-bit RSA X.509 certificates with SHA-256. Hardware dongles store certificates at the chip level — impossible to copy as a file. Software certificates also available.
Integrated Stateful Firewall
Every Simplinx device includes a built-in stateful firewall. OT devices have no direct internet exposure. IT and OT networks are isolated by default.
Granular Access Control & Audit
Role-based permissions restrict which users can reach which devices. Every connection event is logged: user, device, timestamp, duration. Full audit trail at all times.
Why Your Data Never Touches Our Servers
When you connect to a machine via SX-Client, a Signal Server coordinates the connection handshake. Once established, the data channel is peer-to-peer — direct between your PC and the SMX device, DTLS encrypted. The Signal Server sees only that a connection was made, not the data that flows.
- Signal Server: session start/end metadata only — zero industrial data
- Industrial data: direct P2P tunnel, end-to-end DTLS encrypted
- No proxy, no cloud relay — even if our servers go offline, active sessions stay up
Security for Every Stakeholder
Simplinx security is designed for two distinct groups with different — and sometimes conflicting — needs. Both are fully protected.
Secure Remote Access
to Your Installed Base
- P2P DTLS encryption — your machine data never passes through Simplinx servers
- Certificate-based authentication — no password-only access
- Hardware dongle option: certificate cannot be extracted or copied
- Integrated firewall blocks all unrequested inbound traffic
- OT network is isolated from office LAN by default
- Role-based user management: restrict per-employee machine access
- Revoke lost or stolen certificates instantly from the management portal
- Automatic firmware updates with digital signature verification
Full Control Over Who
Accesses Your Network
- Only outbound TCP 443 required — no inbound ports, no VPN concentrator
- Firewall blocks unauthorized connections automatically
- X.509 certificates mandatory — no anonymous or password-only sessions
- PLCs, drives, and field PCs have no direct internet exposure
- IT/OT network separation enforced at device level
- Full audit log of all remote sessions via simplinx.net portal
- Dual root filesystem: failed firmware update auto-rolls back to last stable version
- ISO 27001 certified server infrastructure — your data is handled with care
Enterprise-Grade Encryption
Standards We Hold and Pursue
Active certifications reflect our current compliance. Planned certifications show our commitment to the IEC 62443 industrial cybersecurity standard.
Information Security Management System — server infrastructure and development processes.
EMC Directive 2014/30/EU + LVD Directive 2014/35/EU. Tested to EN 55032, EN 55035, EN 62368-1.
Component-level cybersecurity requirements: authentication, access control, encryption, integrity. Independent third-party assessment planned Q3–Q4 2026.
Secure product development lifecycle requirements. Development lifecycle assessment planned 2026–2027.
IEC 62443 is the international standard for industrial automation and control system security. For machine builders and plant operators, it is increasingly required by EU Machinery Regulation 2023/1230 and demanded by major industry buyers.
Tests our products against defined technical security requirements: authentication, access control, encryption, integrity, and availability.
Certifies our software development lifecycle incorporates security by design from requirements through maintenance.
Security Support You Can Count On
Industrial equipment has long lifecycles. Our security support policy matches that reality.
Security patches continue for 5 years after last sale date — even after active development ends.
End-of-life announced at least 12 months in advance. Upgrade path and documentation provided.
Firmware updates are digitally signed and deployed automatically. Dual root filesystem ensures automatic rollback if a boot fails.
The simplinx.net connection infrastructure is managed under ISO 27001 with 24/7 automated monitoring.
Supporting Your CE Compliance
EU Machinery Regulation 2023/1230 requires machine builders to address cybersecurity in their CE technical file. As a remote access component, SMX-RNS20 directly supports your compliance documentation — our complete technical package is ready to reference in your own CE process.
Simplinx provides a full technical documentation package — Declaration of Conformity, Cybersecurity Statement, Risk Assessment — which machine builders can reference in their own CE process.
Request Documentation Package