MFA for
Energy and Utilities

   Right-sized and right-priced
   Air-gapped MFA specialists
   99.999% availability

From small water and wastewater utilities to large energy producers and distributors, SurePassID secures them all.

Energy and Utilities Circle

SurePassID secures OT and critical infrastructure like no other MFA vendor

Protection of critical infrastructure has become a global security emergency. Federal agencies like the Transportation Security Administration (TSA) and Environmental Protection Agency (EPA) are mandating Zero Trust architectures to secure users and applications that control infrastructure. But cloud-based cybersecurity solutions developed for information technology (IT) are not appropriate for operational technology (OT).

SurePassID is a universal cybersecurity platform that seamlessly secures users, data, and applications across IT and OT while maintaining their physical/logical separation and meeting the latest Zero Trust mandates. SurePassID enables phishing-resistant, passwordless user authentication to be deployed natively and wherever it is needed, while simultaneously delivering the global scalability and 99.999% availability that government agencies and large enterprises require.


Don't secure critical infrastructure with public cloud MFA and gateways

Don't create new risks

  • New holes in firewall
  • New attack vector endpoints
  • New software components to maintain, patch, and upgrade

Don't lose control

  • Shared SaaS instance 
  • Authentication data is in public cloud
  • 100% dependent on MFA vendor

Don't lack capability

  • Can't lock down air-gapped networks
  • Can't run in private clouds
  • Can't integrate with SIEM/SOAR platforms

Don't add costs

  • Extra monitoring and patching processes
  • Vendor-required upgrades that don’t meet planned IT infrastructure improvements

Right-sized, right-priced MFA for OT and critical infrastructure

SurePassID knows that OT environments are smaller scale by nature than IT environments and lack the budgets, technical staff, and need for “enterprise” level solutions. A majority of our energy and utility customers have a single site and fewer than fifty operators.

We provide an easy and cost-effective MFA solution for their air-gapped environments that won't burden their administrators - who are usually one of them, not a dedicated cybersecurity sysadmin.

SurePassID also provides unmatched technical support - we pick up the phone when you call. 99.999% availability is vital, but so is helping you when you have questions or issues.

MFA is mission-critical to your operations, safety, and security. Our MFA platform may be right-sized and right-priced for OT, but that doesn't mean we skimp on what matters.

Address online and offline use cases

Energy and utilities field personnel must often work in situations where a network connection is not available:

  • Travel
  • Geographic remoteness
  • Lack of high-availability infrastructure
  • Lack of satellite connectivity

If the SurePassID MFA platform is unreachable, work can't stop. Instead we automatically fall back to a compliant HMAC-based one-time password (HOTP) authentication method without any interruption to the user experience.

  • Windows MFA with Offline 2FA
    • Available with Event-Based OTP tokens (OATH HOTP)
    • Automatically falls back to using the locally encrypted cache of preloaded OTP codes on device, which are automatically refreshed whenever user logs in while online
    • This is also present when using a combo token (FIDO2/OTP passkeys and mobile authenticator apps)
  • Generic OTP token that can be assigned to someone onsite, shared to all admins
  • Master passcode override
    • Must be changed whenever used – requires policy/procedure for pushing out a new master passcode

Powerful benefits in a right-sized, right-priced MFA solution

Outstanding ROI

Unbeatable price. Administrative automation. User self-service. Unrivaled technical support. Everything about SurePassID maximizes your ROI.

Zero Trust everywhere

SurePassID makes it easy to achieve Zero Trust. Deploy MFA for IT in the cloud, MFA for OT in air-gapped or cloud-gapped deployments.

Regulatory compliance

No matter what your cybersecurity mandate, SurePassID has the air-gapped MFA solution you need for OT and critical infrastructure compliance.

Five 9s availability

MFA is mission critical for OT. SurePassID has the Five 9s (99.999%) availability, redundancy, and automatic failover you need.

Phishing resistance

FIDO2/WebAuthn and CAC/PIV are the forms of phishing-resistant MFA that exist today. SurePassID enables you to make the most of both.

Cyber liability insurance

Securing remote access and privileged accounts with MFA is a foundational requirement of CLI. Achieve it rapidly and cost-effectively with SurePassID.

360° view of user access

SurePassID delivers a 360 degree view of user access across your IT/OT apps and integrates it with your SIEM or SOAR solution.

AI-based access monitoring

SurePassID's AI-based monitoring automates the alerting and interventions for lateral movement and unauthorized access.

What our customers say about us

SurePassID is a valued partner for helping our clients achieve NIST 800-171 and CMMC 2.0 compliance. They meet requirements other MFA providers cannot and deliver outstanding support. We would recommend them to any company looking for a multi-factor authentication solution with a knowledgeable, committed team standing behind it.

SurePassID provided us with exceptional technical support during a major IT infrastructure transition that spanned two continents and our global satellite system, going above and beyond the call of duty to ensure that we achieved success and MFA continuity. They understand the mission-critical nature of our business like few other vendors.

In terms of support responsiveness, I have nothing but good things to say about SurePassID. Their team has always given us great support and responded to our issues and inquiries in a timely manner.

Frequently asked questions about SurePassID MFA for Energy and Utilities

Can you help me comply with NERC CIP, TSA, EPA, and other MFA mandates?

Yes. MFA for remote access and privileged (i.e. administrator) accounts is commonly mandated. We provide multiple ways of addressing that requirement, as well as any additional requirements like phishing-resistant MFA, IT/OT network microsegmentation for zero trust, etc.

Does SurePassID protect against hostile state actors targeting critical infrastructure?

Yes. Unsecured user access is the leading cause of critical infrastructure cybersecurity breaches. We provide air-gapped MFA to deal with insider threats,  secure remote access solutions to deal with outsider threats, and industry-leading hardening for maximal security.

We are also a USA company with multiple high assurance certifications and a Secure Software Bill of Materials (Secure SBOM or SSBOM).

MFA is in our DNA. So is security in all its aspects.

Has SurePassID ever dealt with (your scenario here) before?

Most likely. We have served enough energy and utility organizations to have dealt with many different scenarios that required overcoming technical hurdles to successfully deploy MFA.

Even if we haven't dealt with your specific scenario, we can draw on our deep domain expertise and highly extensible SurePassID MFA platform to create a solution for you.

Can SurePassID integrate with my SCADA system?

Probably. We have pre-built integrations for many popular SCADA systems, such as EcoStruxure Geo SCADA Expert. We also have a wide range of authentication tools to lock down SCADA systems:

  • SAML2
  • RADIUS (and FreeRADIUS)
  • Proxy server MFA

But there are thousands of different SCADA systems out there, including legacy software applications running on legacy hardware with challenging limitations. It's not always possible - or cost-effective - to add MFA.

Check with us to see if we can integrate with your SCADA system.


What if I have old applications and equipment to lock down?

Usually not a problem. We have many integrations and authentication tools to add MFA to legacy applications and devices. We also support Windows 7, Raspberry PI, and other "problematic" operating systems that are found in OT and critical infrastructure environments.

An MFA solution built to protect critical infrastructure

Find out how SurePassID is locking down user access for energy and utilities just like yours.