Cloud computing and mobile are well-entrenched tools for typical enterprise-based businesses, but uptake for plant and distributed manufacturing and process applications has been slower. Nevertheless, the tailwinds and potential benefits of leveraging cloud and mobile systems are undeniably pushing industry toward more widespread adoption. Security, however, is a looming obstacle that technologists are struggling to address in a way that will truly unleash the potential of cloud and mobile for plant and field-based applications.
Obstacles vs. Opportunities
“Many companies we advise are under constant threat—both malicious, from hackers and viruses, and accidental, from uneducated employees and well-meaning contractors, among others,” says Brad Hegrat, business manager for Industrial Security at Rockwell Automation. “A breach at a critical moment could trigger a cascade of negative events, and nobody wants that on their watch.” At the same time, Hegrat says many manufacturers and industrial process organizations are looking to cloud and mobile solutions as cost-effective enablers of information access and productivity. Ultimately, he says the emergence of cloud and mobile solutions will likely improve the security of data, as it will force manufacturers and industrial process organizations to bolster their methods for protecting data, whether it be accessible via the cloud, a mobile device, or more traditional means.
Muthuraman Ramasamy, industry analyst for Industrial Automation & Process Control at Frost & Sullivan, says that while process and discrete manufacturers have traditionally been laggards when it comes to new technology adoption, there is significant pressure on such organizations to be more nimble, agile and flexible, which is causing them to look at cloud and mobile solutions as potential game-changers for the efficiency of their business. But with more connected devices and systems comes more potential points of vulnerability, an issue that demand improvement going forward, according to Ramasamy. He says, “While [Secure Sockets Layer] certification continues to make inroads across a variety of applications, industry still needs to adopt high-profile security standards to facilitate easier transition of mainstream applications to move to the cloud.”
RELATED VIDEO: Case Study In Industrial Cloud Computing
As manufacturers and process organizations become more data and information-technology driven, Hegrat says systems will need to be secure by design. He says manufacturers need to account for security from the beginning so it touches on all layers within the organization—device, controller, process, mobile devices, enterprise, and the cloud. “Applications will be in clouds, either on-premise or off, public or private,” says Hegrat. “The data must be delivered to be valuable, so validating the data and managing its access becomes the real concern, rather than focusing only on which devices or platforms it sits on and who has access.”
A Technological Advantage
According to Ramasamy, the move toward mobile workforce solutions is the most significant trend within the industrial automation sector today. He says the potential benefits of connectivity include operational efficiency, increased performance optimization, and anywhere-anytime access. “As margins become wafer-thin, investments will definitely continue to happen in technologies that provide end-users the competitive edge,” says Ramasamy.
Hegrat says cloud and mobile solutions are particularly well suited for organizations that have distributed assets over wider geographies or those hamstrung by cost constraints that make it difficult to justify investment in traditional on-premise computing hardware. Since cloud computing platforms are shared, they come at a fraction of the price of bringing similar capability in-house. They also offer the benefit of streamlining the technology upgrade process, making system scalability an inherent part of the process rather than having to weigh the cost-benefit of each and every possible upgrade.
“These new technologies will enhance manufacturers’ abilities to drive greater productivity and quality, significantly enhance their ability to collaborate (within the four walls of a plant and beyond), and enable new, services-based business models for their customers,” says Hegrat. “And when integrated with GPS, [Radio Frequency Identification] and barcode technology, for example, these technologies also offer entirely new capabilities in quality and asset management.”
Despite the clear benefits of cloud and mobile solutions outlined here, the security concerns remain. As such, end-users need to consider the pros of such new technologies as cloud computing and mobility against the cons of potential new security vulnerabilities. Whether it is worth it for manufacturers to leverage these technologies will vary by company or even plant. Before rolling out either cloud-based or mobile solutions, Hegrat says companies should perform a full risk assessment. “Some producers might be wary of enabling mobile users with full read-write functionality in the control system,” he says. “Plants must have robust security for a legacy environment if they expect their cloud and mobile data to be secure—if employing technologies in either area forces a company to improve security overall, that’s a good thing.”
For most end-users, the first logical step when employing cloud and/or mobile solutions is to focus on information-centric applications rather than more sophisticated control-based uses. Hegrat says this tends to allay much of the concern end-users have around intellectual property and allows them to concentrate on new, high value-add solutions that enhance their current capability.
Still, whatever the focus, security must remain a priority, and end-users must design their security program in a thoughtful way. “A balanced security program should have rules for devices, technology and people, following the ISA 99 standards,” says Hegrat. “Manufacturers may be able to tell employees they aren’t allowed to surf the Web from an HMI, but in order to effectively prevent them, companies need to put a technical control in place.”
Hegrat says most plants are concerned with stolen phones and IP leaks. To prevent this, he says some companies bar mobile devices from the plant floor. It is also possible to prevent access to the system by removing mechanisms that allow mobile device plug-ins to the system—blocking wireless access and USB ports or requiring certificates to get on to the system environment will accomplish this.
The root concern most end-users have with mobile and cloud-based solutions is the lack of control. BYOD (Bring Your Own Device), whereby employees are bringing personal mobile devices into the workplace is one example of the complicated issues that need to be addressed when employing mobile solutions. “BYOD by its very nature requires that IT relinquish some level of control, which can be frightening,” says Hegrat. “Unless the device becomes a supported IT asset and implements all virus/theft/security protocols, this device is inherently less controlled, and less secure.”
While security is an issue to be considered when implementing cloud and/or mobility solutions, Ramasamy says it should not be used as an excuse not to move forward, as the larger realities of doing business in the modern world will force movement in this direction one way or another. “The traditional way of doing things within manufacturing is notoriously conservative, which hampers the developmental process of adopting new technologies,” he says. “As the skilled workforce retires, the industry will be forced to adopt next-generation solutions such as cloud and mobility for the digital natives.”
Hybrid Cloud Computing