To cloud or not to cloud?

To understand the evolution of data in manufacturing, it is important to consider why data collection systems have become so critical. Supervisory Control and Data Acquisition (SCADA) software has long been used to monitor operations in industrial facilities. Having been introduced a few decades ago, advanced versions of this software are now used to collect, archive and analyse data from the factory floor, allowing manufacturers to make more informed decisions on how to optimise operations. 

Outside of the factory walls however, applications are becoming increasingly reliant on accessing information through the Internet, as opposed to archiving data on site. As a result, storing data in the cloud has become increasingly commonplace, and the manufacturing industry is no exception. 

Cloud-based SCADA allows production data to be stored and accessed using the Internet, rather than storing data within a manufacturers own infrastructure.  Along with the promise of fewer overheads, lower prices and easier installation, it is unsurprising that cloud-based options are attractive. That said, moving to the cloud can also pose some challenges. 

A common criticism of cloud-based SCADA is the potential security risks of this model. choosing to store information in the cloud may leave information at risk of being exposed. 

From a risk analysis perspective, it is important to consider the repercussions of data being accessed and decide whether storing this information in the cloud is worth the potential risk. It is also important to understand that not every cloud platform is as vulnerable as the next so it is important to thoroughly research which cloud provider will provide security measures that best suit your needs. 

Consider Microsoft Azure as an example. Like many other large cloud providers, Microsoft has invested heavily in the security of its platform. Azure provides users with an array of configurable security options, giving users the option to customise and control security to meet specific requirements. As standard, the platform is also ISO 27001 certified, the international standard for best practice of an information security management system (ISMS). 

ISO 27001 certification also ensures that the cloud will provide disaster recovery as a service (DRaaS). This means that the cloud will provide an automated replica of the data in the unlikely event that information is lost. 

While choosing a secure cloud platform is important, responsibility for maintaining cyber security should not lie entirely in the cloud. 

In today’s manufacturing environment almost everything and everyone is linked to the IT network. As a result, humans, hardware and software alike all have responsibility for upholding security standards. Software used in industrial facilities, for example, requires substantial protection of data collected from machinery on the factory floor, as well as the data shared from other enterprise software, such as enterprise resource planning (ERP) systems. 

When choosing industrial software, certifications can provide a useful starting point to determine a product’s level of security. IEC 62443, for example, is a standard that confirms the software’s development, quality assurance and support processes are in line with industrial IT security guidelines. IEC 62443 compliance requires recertification annually, meaning that software providers are constantly under scrutiny. 

Also consider how the software might adapt to your changing security needs. As cyber threats continue to evolve and develop, it is important that industrial software is consistently upgraded to meet these requirements. However, this should not necessitate a complete software overhaul whenever a new type of cyber threat emerges. 

Data collection in manufacturing has come a long way. Today, it is possible to collect masses of information from facilities to inform decision making and improve operations. However, with greater volumes of data comes greater risk. The challenge today is determining the safest ways to collect and store this information – with or without the cloud.