Cloud computing service model, control, and security risks

Cloud computing is revolutionizing the way manufacturing organizations are implementing their information systems and using their critical assets. It promises better and more efficient usage of resources and virtually unlimited scalability and greater flexibility at an attractive cost.

However, adoption of cloud computing models carry a number of technical and business risks. Well, risks are nothing new even without clouds, and almost every manufacturing organization already has its own risk management methodology in place. Have they thought of a business impact analysis (BIA), though?

The manufacturing organizations should analyze negative impacts on their business. BIA is highly recommended for this because it represents the systematic process of determining and evaluating the potential effects of an interruption to business operation. The business impact analysis should be carried out as part of a cloud service adoption process by the manufacturing organization.

Cloud computing risks

When a manufacturing organization moves data and software applications to the cloud, they are placing a certain level of trust to cloud service providers (CSPs). Thus, manufacturing organizations lose a certain level of control over these critical assets and there is risk associated with that.

To mitigate risk, all security requirements must be clearly defined, analyzed and communicated to ensure if they move assets to the cloud, they still adhere to all applicable laws and regulations. There is no compromise about that.

For widespread adoption of cloud computing services, manufacturing organizations must assurance CSPs are trustworthy and they are doing everything in their power to protect data and software applications of the manufacturing organizations. CSP has to be carefully selected based on well-defined business requirements.

Adopting manufacturing organizations must be confident the services outsourced to the CSP, including any important assets, will not be disrupted and compromised. Even a small incident in the cloud can have a large impact on a manufacturing organization.

Cloud service model expectations

With cloud service models, each one has slightly different expectations in terms of controls and security risks related to critical data assets and software applications in the cloud.

Information as a service (IaaS): In terms of cloud service models, with IaaS model the CSP provides an underlying infrastructure (computational capabilities, storage, and network management) and the manufacturing organization uses these resources to manage its data and software applications. IaaS provides the greatest control over resources and triggers he least security risk for the manufacturing organization.

Platform as a service (PaaS): With the PaaS model, the CSP provides not only the infrastructure, but also the application development platform. The manufacturing organization has fewer infrastructure elements to manage, but still retains control over some system administration. This reduces the responsibility of the manufacturing organization, but translates into less control over resources, and thus higher security risk for the organization.

Software as a service (SaaS): Using the SaaS model, the CSP has total control over the infrastructure and development platforms, but also has control over administering the software applications. Even so, manufacturing organizations may still be responsible for securing the data produced by SaaS applications. Although this may help manufacturing organizations reduce costs and speed time to market, SaaS model is associated with least control over resources and the highest risk for the organization.

Goran Novkovic, MESA International. This article originally appeared on MESA International’s blog. MESA International is a CFE Media content partner. Edited by Chris Vavra, production editor, CFE Media, cvavra@cfemedia.com.

ONLINE extra

See additional articles from the author linked below.

Original content can be found at blog.mesa.org.

Do you have experience and expertise with the topics mentioned in this content? You should consider contributing to our CFE Media editorial team and getting the recognition you and your company deserve. Click here to start this process.