Monday, March 26, 2018

MANUFACTURING IN THE CLOUD: PART XII: CLOUD SERVICE MODELS AND RESPONSIBILITIES

This blog is a MESA Member Point of View.


By Goran Novkovic, MESA Member, CQA, CSQE, ITIL, APM, PMP, PEng

This blog is part of a series called Manufacturing in the Cloud. This series aims to assist manufacturing
organizations to evaluate how they can overcome challenges and maximize cloud computing benefits.
As cloud computing services mature both commercially and technologically, this is likely to become
relatively easier to achieve.

Cloud adoption is spreading rapidly and it represents a new opportunity that manufacturing organizations should not ignore given its profound impact. However, manufacturing organizations are taking cautious attitude toward cloud computing because of concerns that cloud solutions might not comply with their security policies and respective regulatory obligations.

Manufacturing organizations choosing to use cloud services must specify requirements for their software applications and data that satisfy the needs of their business processes. They must be able to use systems and resources in the cloud within reasonable tolerance levels, which may include responsiveness of the user interface, time taken to execute activities and overall availability of data and software applications in the cloud. 
These are critical factors to consider especially if you want to run some real-time applications because cloud solutions could very well NOT be the best option for your manufacturing operation. 

CLOUD EXPECTATIONS  

Manufacturing organizations naturally have strict expectations of cloud performances that they’ve gained from experience in managing their own on-premises systems and resources, and dealing with various suppliers of hardware, software and communications services. To meet these expectations when moving to cloud, manufacturing organizations must exercise due diligence because no consistent cloud security standards have been commonly accepted, but there are still so many standards*. 

It is important for each manufacturing organization to have its own, well-defined set of security requirements to be able to achieve the maximum benefits from cloud solutions. This is because the Cloud Service Provider (CSP) may have a different set of approaches, best practices, and most importantly, level or quality of security posture that might not stand up to the manufacturer’s requirements. 


Cloud computing, by its very nature, is about losing control over software applications and data assets, as well as the processes and procedures to protect them. According to CSA (Cloud Security Alliance) "Cloud computing is about gracefully losing control while maintaining accountability even if the operational responsibility falls upon one or more third parties." This means that as cloud solutions are adopted, manufacturing organizations are choosing to place a great deal of trust in the hands of Cloud Service Providers (CSPs). This level of trust and the degree to which critical control is shared or granted will depend on the cloud service model adopted (on premise, IaaS, PaaS or SaaS).


Do you have any best practices or expectations that you require of your CSP? Would you add any responsibilities to this image? Comment in the blog or email me to discuss. 
*Note: You can learn about the Importance of Standards in Smart Manufacturing in MESA’s latest White Paper.


Goran Novkovic, CQA, CSQE, ITIL, APM, PMP, PEng
Goran Novkovic has over 15 years of experience in various regulated industry sectors. His expertise is in industrial control systems (ICS) cybersecurity, IT/OT integration, IoT/IIoT solutions, industrial intelligence, control systems engineering, computer systems validation, secure and safe software development and test management, cloud security and regulatory compliance. Goran has a formal education in Electrical Engineering and Project Management and possesses a master's degree in Information Technology. He has number of professional licenses and designations. He is holder of CQA (Certified Quality Auditor) and CSQE (Certified Software Quality Engineer) certifications with ASQ (American Society for Quality). Goran is certified ITIL, certified Agile Project Manager and Project Management Professional with PMI (Project Management Institute). He is licensed Professional Engineer with PEO (Professional Engineers Ontario). Goran is focused on protecting critical infrastructure, IT/OT convergence, IoT/IIoT deployments, industrial analytics and ICS cybersecurity practices. He is promoting cybersecurity for critical infrastructure through public speaking, blogs and articles. Goran is helping manufacturing organizations to utilize new technology solutions in safe and secure manner, establish cybersecurity governance and develop effective ICS cybersecurity programs that will support business improvements and drive innovation. E-mail contact: goran@valiver.com

No comments: