By Goran Novkovic, MESA Member, CQA, CSQE, ITIL, APM, PMP, PEng
This blog is part of a series called Manufacturing in the Cloud. This series aims to assist manufacturing organizations to evaluate how they can overcome challenges and maximize cloud computing benefits. As cloud computing services mature both commercially and technologically, this is likely to become relatively easier to achieve.
There is a wide range of technical and business risks associated with the adoption of cloud computing by manufacturing organizations. In cloud computing, operation and resources are outsourced to the cloud; but the risk is not! The responsibility for securing sensitive business data and software applications in the cloud still resides with the manufacturing organizations. Please, never forget that!
The good thing is, many of the security strategies that manufacturing organizations might adopt in a cloud environment can also be applied to an on-premises environment. So, please use what you already have. This can be very helpful and can also save some time in protecting critical assets in the cloud.
Let's look into cloud deployment models and discuss what manufacturing organizations can expect in terms of controls and security risks in the cloud. As we already mentioned in previous blogs, the Cloud Service Provider (CSP) is taking a lot of control over critical assets of the manufacturing organization. This also means that manufacturing organizations should evaluate the CSP's business continuity mechanisms and failover procedures as a part of CSP selection process. CSP must meet all specific business needs of the manufacturing organization. Again, please select your CSP carefully! And still, don't forget to have your exit strategy. You might need it if things go wrong.
Private cloud offers services that are consumed exclusively by one Cloud Service Customer (i.e. manufacturing organization), and resources are controlled by the same manufacturing organization. Private cloud is the most similar to traditional on-premises architecture, and it provides the greatest control over resources, which means the least security risk for the manufacturing organization.
Hybrid cloud can be a combination of at least 2 cloud deployment models (private, community, or public), and this can lead to less control and higher security risk for the manufacturing organization. P
Public cloud is where cloud services are available to and consumed by all CSCs such as customers over the Internet, whether they are individual or organizations. However, all resources are under control of the CSP. Since manufacturing organizations have no control over cloud resources, this means the greatest security risks for the organization.
If one takes into account both characteristics of cloud service models and cloud deployment models, the manufacturing organization loses more control, and eventually more of the risk is assumed by the Cloud Service Provider (CSP). In cloud computing (cloud service vs cloud deployment models), security risk is directly proportional to the amount of control the manufacturing organization loses over the computing resources. Picture shows the relationship between the service and deployment models and their cumulative risk.
E-mail contact: firstname.lastname@example.org