The importance of cloud security

Moving to the cloud still provides many challenges for manufacturing organizations to overcome, but smooth transition is possible and definitely without fear provided companies take security seriously.
By Goran Novkovic March 3, 2018

In many cases, the most valuable asset of a manufacturing organization, besides its people, is its business data. Data assets in the cloud are under constant threats in the form of data breaches, data corruption and destruction, temporary or permanent loss of access, and temporary or permanent loss of data. 

Any of these issues can have serious consequences since they can cause failure to meet statutory, regulatory, or legal requirements. Cloud computing is about consolidating software and data resources and in this process manufacturing organizations are losing control over those resources. Moving to the cloud still provides many challenges for manufacturing organizations to overcome, but smooth transition is possible and definitely without fear. 

One of the most difficult challenges for both a manufacturing organization and a cloud service provider (CSP) is how to protect software applications and data. In many instances, it is not clear who is responsible for software and data security and regulatory compliance in the cloud; the manufacturing organization as the cloud service customer (CSC), the CSP, or both.

The most common and most critical question posed by manufacturing organizations evaluating the benefits of cloud computing and moving sensitive data and business critical software applications to the cloud is, "Who is responsible for software and data security and regulatory compliance in the cloud?" 

Let’s talk more and we can get the answer together. First of all, when considering software applications and data assets in the cloud, manufacturing organizations must understand a general concept of shared responsibility between CSPs and customers CSCs. While CSP manages "security of the cloud," "security in the cloud" is the responsibility of the manufacturing organization.

This means the manufacturing organization will retain control of what security they choose to implement to protect data and software applications no differently than they would manage it with on-premises infrastructures. This concept is critically important to remember. 

Manufacturing organizations that have chosen to outsource information technology (IT) services and critical resources to the cloud, should also be concerned about vendor lock-in. This situation is characterized as a dependency on the CSP to maintain the manufacturer’s business operations that includes data and software applications. Manufacturing organizations must define the clear exit strategy and avoid any proprietary technologies and standards wherever and whenever possible.

Don’t make any agreement with any CSP if the company is not clear what the exit strategy is. If things go wrong, the company might need to change the CSP, or realize cloud computing is not the best option for the manufacturing organization and decide to move IT services and resources back on-premises. 

Goran Novkovic, MESA International. This article originally appeared on MESA International’s blog. MESA International is a CFE Media content partner. Edited by Chris Vavra, production editor, CFE Media, cvavra@cfemedia.com.

ONLINE extra

See additional articles from the author linked below.