Cloud Security FAQs for Manufacturers
Gartner predicts the current wave of cloud adoption is just beginning to pick up steam, forecasting cloud service industry growth at nearly three times the rate of IT services as a whole.
Quality management is no exception, with cloud-based quality management software projected to nearly double between 2018 and 2025, according to a recent report by Zion Market Research.
It’s not hard to see why when considering the benefits to both manufacturers and developers. Cloud infrastructure providers like Amazon Web Services (AWS) and Microsoft Azure operate on a vast scale, reducing maintenance and operating costs for software developers while enabling rapid development. The result for end-user customers is lower cost of ownership combined with faster access to innovation, all backed by a level of reliability that’s impossible with on-premise solutions.
While this may sound promising in theory, the potential risks to data and intellectual property raise important questions for manufacturers.
So, is the cloud less secure than on-premise software? What if the provider’s servers go down? Will unauthorized users be able to access sensitive data?
In today’s post, we’re answering these and other frequently asked questions, so you can make an informed decision about future software implementations.
- Download our free case study to learn how a top automotive manufacturer reduced PPM 73% with mobile audit software
Q: Isn’t On-Premise More Secure?
A: Not necessarily. In fact, data is often more secure when hosted in the cloud compared to on-premise solutions. Many manufacturing software developers choose to use Amazon Web Services (AWS), for example, because it guarantees all components of its cloud applications, including:
- Instruction processing
- Data storage and integrity
- DNS and network management in the cloud
- Operating systems
- Administration and maintenance
All things considered, security is often strengthened by outsourcing to experts like AWS as opposed to relying on your own internal IT department to manage an on-premise solution. When considering various software solutions for your plant, one that is hosted on a platform like AWS can save time and money while providing greater peace of mind.
Q: Are There Companies that Still Need to Keep Using On-Premise Software?
A: There are some situations where keeping data onsite may make sense, such as when companies have rigid compliance requirements that go beyond the controls provided by GovCloud and fedRAMP certification (more on those in a bit). Some companies may also have high-performance computing needs that demand dedicated hardware or physical access to servers.
Q: Is the Cloud Less Reliable?
A: No. In reality, the cloud is more reliable than maintaining data in onsite servers. For starters, many internet service providers (ISPs) provide internet availability greater than 99.5%.
Q: What Happens If the Server Goes Down?
A: Cloud computing provides seamless backups, meaning no single hardware failure can impact an application’s performance, and entire data warehouses can fail without putting data at risk. This isn’t the case with hosting applications and data onsite.
Q: Who Has Access to My Company’s Data?
A: If you’re worried that your data is vulnerable to the cloud provider, it’s important to know that cloud providers have multiple levels of internal security to protect your company. That means the provider is only allowed access to your data in order to provide support and management of the system within strict controls and processes that limit that access to designated authorized personnel, typically based on user roles.
Are Mobile Devices a Security Risk on the Plant Floor?
A: Mobile technology such as mobile audit software can provide huge efficiency gains, but manufacturers are justifiably concerned about the intellectual property risks. Mobile device management (MDM) solutions can sharply reduce these risks by providing:
- Encryption of sensitive data (such as photos) in a secure location, removing it from devices once uploaded to servers
- Geo-fencing features to automatically protect or delete data when a device is outside a pre-defined area (such as a manufacturing plant)
- Application and device controls such as additional data encryption, data deletion and user access controls
- Third-party mobile device management (MDM) applications to automatically manage access and security for employees’ mobile devices
Q: What Security Controls Should I Look For?
A: As you evaluate cloud applications, it’s important to ask about security features such as:
- GovCloud: Amazon’s GovCloud is a separate region within AWS dedicated for use by government agencies and customers (such as defense contractors) who want to move sensitive workloads to the cloud. GovCloud provides a higher level of security for physical data access and is FedRamp compliant, helping companies subject to the program meet its heightened security requirements.
- Built-in cloud security features: Software providers should leverage the cloud provider’s built-in features such as encryption of both stored data and data in transit.
- Multi-level security options: Any software under consideration should allow you to use your enterprise single sign-on procedures, configure advanced security settings and establish viewing and editing permissions for different users.
There’s no denying that a large-scale transition of mission-critical quality applications to the cloud is underway. And yet, many manufacturers—particularly those concerned about sensitive data—are hesitant to outsource data and application server management to third-party companies. With the right controls, however, manufacturers can leverage the efficiencies offered by cloud computing while enjoying even fewer security worries.
“It’s definitely a jump into the deep end, but that’s how you learn,” says Ease board member Casper Zublin on implementing new Quality 4.0 intiatives. “You can spend a lot of time strategizing where and how, but the important thing is just to start, because you’ll adjust.”
Achieving the benefits of Industry 4.0 requires a mindset shift away from the tools and status quo approaches of the past. Those that don’t are already being left behind, while those that take the leap continue to gain a competitive edge each day.
- Download our free case study on how an aerospace supplier cut defects in half with Layered Process Audits
Tim Reynolds is the Director of Information Technology and Development Operations for EASE. He has over 25 years in the technology industry as a CIO, CISO and Senior Technology leader responsible for the architecture and building, securing and supporting complex systems and infrastructures for Fortune 500 companies to early stage startups. He has designed the architecture and technology solutions for companies such as XO Communications, State Farm, Penson Worldwide, FOLIOfn, InvestLab, COR Clearing, and now Beacon Quality for Ease.