Xylem’s progress to improve access security with MFA

Cybersecurity is not a one-time implementation, it’s an ongoing commitment to safeguarding data and infrastructure against evolving threats. At Xylem, we recognize that protecting critical water infrastructure requires a proactive approach that extends from design to deployment and beyond. As part of our continuous dedication to cybersecurity, we proudly joined other leading technology vendors in May 2024 to be the first water technology company to sign CISA's Secure-by-Design Pledge.

This pledge is a public commitment to embed security into every aspect of our digital technology, reinforcing our promise to prioritize cybersecurity at every stage of the product lifecycle. One of the critical ways we are achieving this is through the robust implementation of Multi-Factor Authentication (MFA), a cornerstone of access security that strengthens our defenses against unauthorized access.  

Driving improved access security with MFA

Pledge: Within one year of signing the pledge, demonstrate actions taken to measurably increase the deployment of Multi-Factor Authentication (MFA) for customers and internal systems.

At Xylem, our commitment to secure water infrastructure extends beyond software solutions - we take a proactive approach that integrates robust security measures from design to deployment. Protecting critical infrastructure means taking ownership of security outcomes, and MFA serves as a key layer in preventing unauthorized access and safeguarding data integrity across our platforms.

Our progress:

• Xylem has adopted mandatory MFA for employees to be able to access internal applications, and Single Sign-On (SSO) with MFA is enabled by default for all partner applications.
• Xylem is phasing out email-based and SMS-based MFA, which, while useful, does not offer the highest level of protection.
• All Xylem-hosted software products use an Identity Access Management (IAM) solution that provides support for MFA enablement as well as allowing customers to enforce MFA through their identity provider. 

Progression milestones:

• Since 2020, TOTP (Time-based One-Time Password) MFA has been available for Xylem applications’ customers that connect to one of our IAM services.
• Integration has been available for Identity Federation since 2024, enabling customers to use their company-specific authentication processes, including any MFA company requirements.
• We ensure that MFA is implemented internally across all cloud services or our tools that connect to cloud services and require logins. 

We recognize that simply deploying MFA is not enough; it must be seamless, user-friendly, and integrated into every facet of our product and service offerings. All Xylem cloud-hosted products now feature MFA as a standard option, with integration pathways that simplify activation for customers. Our hosted environments are protected through multiple layers of authentication, reducing the risk of unauthorized access while maintaining an intuitive user experience.

This shared responsibility model empowers customers to enhance their security posture while leveraging Xylem's expertise in cybersecurity best practices.

A long-term commitment to access security

CISA’s Secure by Design pledge is more than a checkbox for Xylem, it’s an extension of our philosophy, aiming to embed cybersecurity at every level of our organization and extend that security to our customers. By prioritizing MFA for our external and internal customers, Xylem demonstrates its commitment to protecting water infrastructure and critical data assets against evolving cyber threats.

We invite our customers, partners, and industry peers to join us in making water infrastructure safer, smarter, and more secure.

Together, we help protect our most precious resources.

Learn more about Xylem’s cybersecurity stance and services.