Updated: 13 Apr 2026
It is 11 PM in Hamburg. A field service engineer is logged into a production diagnostic system at a customer site in Pune. The laptop is the company's. The VPN is active. The login is a username and a password that have not changed since the engineer joined three years ago.
Nobody in Pune knows the session is open.
Capital goods manufacturers maintain global field service networks. Engineers travel to customer sites across Europe, Southeast Asia, and the Middle East, accessing diagnostic tools, service management platforms, and ERP systems remotely to support equipment installations, maintenance cycles, and warranty claims. This access was built for operational necessity. It was not built with an adversary in mind.
CERT-In CISG-2025-02 requires MFA for all remote access connections without exception, covering field service engineers accessing production diagnostic systems, ERP platforms, and customer site management tools from international locations. The framework does not distinguish between a branch employee in Delhi and a service engineer in Hamburg. Both require a second factor.
In capital goods manufacturing environments, remote service access credentials are among the least frequently reviewed: issued for specific customer engagements, rarely rotated, and frequently shared across service teams when individual provisioning was never implemented.
A compromised service engineer credential in a capital goods environment provides access to diagnostic platforms with write capability, service history records, ERP integrations with customer plant data, and, in some cases, remote monitoring access to equipment running in production environments.
In Proactive's Cisco Duo deployments across capital goods manufacturing environments in Pune and Mumbai, credential audits consistently find service access credentials not reviewed since the customer engagement began: engineers who changed roles, engagements that closed, and shared team accounts that give broad access with no individual accountability.
The CERT-In auditor will ask for 180 days of remote access logs attributed to named individuals. Shared team credentials cannot satisfy that requirement regardless of the MFA layer deployed on top of them.
Cisco Duo, Cisco's identity security platform, enforces named individual MFA across remote service access from any location: VPN connections, remote desktop sessions to diagnostic platforms, and cloud-based service management tools. The session log names the individual engineer, the system accessed, the location, and the authentication factor used. Exportable for CERT-In audit. Visible from the Cisco Duo admin console in Pune while the engineer is in Hamburg.
Proactive is a Cisco Preferred Security Partner deploying Cisco Duo for capital goods and industrial manufacturing companies in Pune and Mumbai. The credential audit is the first step. It finds the service credentials nobody reviewed and the shared accounts the CERT-In auditor will flag.
Your engineer is in Hamburg.
Do you know what they have access to?
Talk to a Proactive Cisco Duo specialist. Write to [email protected].
We'll get back to you shortly.
