Cloud deployment model risks for manufacturers

It's important for manufacturing organizations to know what to expect in terms of controls and security risks with cloud deployment models.
By Goran Novkovic May 19, 2018

There is a wide range of technical and business risks associated with the adoption of cloud computing by manufacturing organizations. In cloud computing, operation and resources are outsourced to the cloud; but the risk is not. The responsibility for securing sensitive business data and software applications in the cloud still resides with the manufacturing organizations.

The good thing is, many of the security strategies manufacturing organizations might adopt in a cloud environment can also be applied to an on-premises environment. Manufacturers should use what they already have. This can be very helpful and can also save some time in protecting critical assets in the cloud.

With cloud deployment models, it’s important for manufacturing organizations to know what to expect in terms of controls and security risks in the cloud. The cloud service provider (CSP) is taking a lot of control over critical assets of the manufacturing organization. This also means manufacturing organizations should evaluate the CSP’s business continuity mechanisms and failover procedures as a part of CSP selection process. The CSP must meet all specific business needs of the manufacturing organization. 

Private cloud offers services are consumed exclusively by one cloud service customer (CSC), and resources are controlled by the same manufacturing organization. Private cloud is the most similar to traditional on-premises architecture, and it provides the greatest control over resources, which means the least security risk for the manufacturing organization.

The diagram shows the relationship between the service and deployment models and their cumulative risk. Courtesy: MESA InternationalCommunity cloud is where cloud services are used exclusively by a specific collection of CSCs (manufacturing organizations) with the same interests and requirements in terms of security and regulatory compliance. Community cloud can be private cloud, or it can be public cloud provided by the CSP. It means less control over resources and higher security risk for manufacturing organization.

Hybrid cloud can be a combination of at least two cloud deployment models (private, community, or public), and this can lead to less control and higher security risk for the manufacturing organization.

Public cloud is where cloud services are available to and consumed by all CSCs such as customers over the internet, whether they are individual or organizations. However, all resources are under control of the CSP. Since manufacturing organizations have no control over cloud resources, this means the greatest security risks for the organization.

If one takes into account both characteristics of cloud service models and cloud deployment models, the manufacturing organization loses more control, and eventually more of the risk is assumed by the CSP. In cloud computing (cloud service vs cloud deployment models), security risk is directly proportional to the amount of control the manufacturing organization loses over the computing resources, which is highlighted in the featured diagram. 

Goran Novkovic, MESA International. This article originally appeared on MESA International’s blog. MESA International is a CFE Media content partner. Edited by Chris Vavra, production editor, CFE Media, cvavra@cfemedia.com.

ONLINE extra

See additional articles from the author linked below.