Michael Buchenberg

Protecting Digital Products – Security Best Practices from XITASO

How secure are my digital products in the field? This is a question many manufacturers ask themselves—especially when it comes to connected machines, IoT platforms, or customer portals. That’s exactly what this episode with Michael Buchenberg, Head of IT Security at XITASO, dives into. Using a project with DMG MORI and the CELOS X platform as a practical example, the episode shows how penetration tests help identify real vulnerabilities at an early stage—whether in machines, cloud connections, or standard interfaces like OPC UA or MQTT. Testing is done under realistic conditions—directly on the machine, on the shop floor. Key challenges include: Legacy code (e.g., old PLC programs) not originally designed for connectivity Lack of transparency regarding system-wide risks—from machine to cloud Missing vulnerability management during product development End customers’ concerns when handling sensitive production data The solution: Beyond classical penetration testing, Michael introduces the DevSecOps approach—embedding security considerations early in software and product development. The key takeaway: Identifying potential vulnerabilities during the architecture phase can significantly reduce time and cost later on. Regulatory relevance: With the Cyber Resilience Act and the NIS-2 Directive, security is no longer optional. Manufacturers will be required to proactively search for vulnerabilities, provide regular updates, and ensure security throughout the entire product lifecycle. This episode delivers clear best practices and a reality check for anyone developing or operating IoT solutions—especially in mechanical and plant engineering, but also far beyond.