Friday, February 2, 2018


This blog is a MESA Member Point of View.

By Goran Novkovic, MESA Member, CQA, CSQE, ITIL, APM, PMP, PEng

This blog is part of a series called Manufacturing in the Cloud. This series aims to assist manufacturing organizations to evaluate how they can overcome challenges and maximize cloud computing benefits. As cloud computing services mature both commercially and technologically, this is likely to become relatively easier to achieve.

Cloud computing is shaping up the world of manufacturing. It is causing a transformational shift in the way manufacturing organizations do business, manage software applications and pursue data security in an increasingly complex regulatory environment.

As we discussed in previous blogs, cloud computing offers multiple benefits for manufacturing organizations. However, these benefits incorporate unique technical and business challenges. Cloud computing raises many security concerns, which, if not well understood and managed by manufacturing organizations, can increase fear and turn the cloud experience into an information security disaster.

In my experience I’ve noticed the same fear stopping manufacturers from using the cloud. And that fear is visibility.

This fear is two-fold. One, it creates a new type of digital visibility. Not every enterprise is comfortable moving critical operation data and resources from on-premises infrastructure to the cloud. Having everything at your facility and under the key in your pocket makes you feel good and gives you that extra peace of mind, right? Well, with cloud computing this is not the case anymore! It is all gone to the cloud and not physically accessible.

The other side of this fear is loss of visibility. A loss of visibility could come from security issues, from the Cloud Service Provider (CSP) or even the Internet Service Provider (ISP). If this happens then the loss of visibility means less control over regulatory compliance, the software and data assets, as well as security integration with existing infrastructures.


On a positive note, CSPs are offering various software tools and features that support cloud visibility. Manufacturing organizations should use these tools for cloud monitoring and auditing purposes.

Cloud computing brings a significant change to the traditional platforms upon which manufacturing and operational services are translated, used and managed. Thus, every manufacturing organization needs to evaluate risks and opportunities and decide whether cloud computing is an appropriate solution for its business. The adoption of cloud computing should always be subject to careful evaluation, and in particular, be aligned and integrated with risk management processes and information security governance of the organization.

One of the main tasks for a manufacturing organization to act as a Cloud Service Customer (CSC) is to rigorously protect software applications and data assets while satisfying regulatory compliance. Even without cloud computing, most manufacturing organizations already manage their compliances with multiple laws and regulations.

So, in general, there is no difference in managing software and data regulatory compliance in the cloud versus on-premises, it is just different environment. The only difference is that with cloud computing, the manufacturing organizations heavily depend on infrastructure and services provided by CSPs and Internet Service Providers ISPs.

Goran Novkovic, CQA, CSQE, ITIL, APM, PMP, PEng
Goran Novkovic has over 15 years of experience in various regulated industry sectors. His expertise is in industrial control systems (ICS) cybersecurity, control systems engineering, computer systems validation, software security and test management, cloud security and regulatory compliance. Goran has a formal education in Electrical Engineering and Project Management and possesses a master's degree in Information Technology. He has number of professional licenses and designations. He is holder of CQA (Certified Quality Auditor) and CSQE (Certified Software Quality Engineer) certifications with ASQ (American Society for Quality). Goran is certified ITIL, certified Agile Project Manager and Project Management Professional with PMI (Project Management Institute). He is licensed Professional Engineer with PEO (Professional Engineers Ontario). Goran is focused on ICS cybersecurity and he is helping organizations to establish ICS cybersecurity governance and develop effective ICS cybersecurity programs from scratch. 
E-mail contact: 

No comments: