CISO Conversations: Moving OT Development to the Cloud
OT development hasn’t kept pace with advances in IT development. The key issue: how to securely connect industrial control systems to a cloud environment.
Part 4 of a 4-part series.
By shifting to a modern OT development environment, manufacturers can leverage current IT best practices. Virtual environments, for example, are already helping companies achieve more efficient collaboration, greater scalability and speed in the middle of the pandemic.
In the final installment in our four-part series Dawn is joined by Edna Conway, vice president of global security, risk and compliance for Azure at Microsoft, and John Zepecki, vice president of enterprise software at Rockwell Automation. The topic: how to securely reap the benefits of the cloud in OT development.
Cappelli: The cloud is at the center of a modern OT development environment, but many companies question if they can connect their OT environment to the cloud securely.
Conway: The need for a layered approach to security is well established in IT, OT and the cloud. It includes capabilities such as cutting-edge chip security, data-flow monitoring and quantum-ready encryption. At Azure, we adhere to a robust secure development lifecycle combined with a comprehensive third-party security architecture to enable enhanced productivity without additional security risk.
A chief area of concern in OT environments is availability. Real-time demand management offered by the cloud enables a new degree of fidelity and reliability. Also, coordinating with your cloud provider on your specific needs can help you not only ensure success but also achieve mission-focused simplicity.
Cappelli: How has COVID-19 impacted cloud platforms and the global ecosystem that’s required to support it?
Conway: The rapid transition to a workforce operating from home and the many ways enterprises are weaving the cloud into the fabric of their business has spurred even greater cloud resilience. COVID-19 has cemented that we’ve moved to a platform economy. And the foundation of that economy is the cloud and mobility.
My focus at Microsoft is to continuously enhance and deploy an architecture for security and resilience across our entire Azure infrastructure. We’re leveraging not only international standards, but hundreds of Microsoft-customized security and resiliency requirements to ensure the integrity of the cloud. This is what you should expect from your cloud service provider, and COVID just forced us to move faster.
Cappelli: COVID-19 has also forced companies to minimize people on the plant floor while still keeping operations running. How has that impacted the OT development environment from an operational perspective?
Zepecki: A number of OT tasks have historically relied on people walking plant floors and doing tasks at stations or plugging machines into plant networks to troubleshoot. The ability to go remote and have layers of security in place reduces that need. Some companies are also using connected services, where remote management and monitoring are embedded as part of a system.
Once you have that connectivity, you can do more remotely and leverage capabilities like digital twins that don’t require hardware. So, you can leverage the power of the cloud to scale some of those things in a secure environment and shorten the time you spend in physical environments, which can help you be more productive.
Cappelli: For anyone considering starting down this path, how can they get started?
Zepecki: The first step is to get comfortable with connectivity and the security around it. Many companies have already started down this path by using Microsoft Teams to enable employees to work from home.
Next, you can begin to look for other opportunities to solve problems with the highest value, also with drivers around safety. You can also look at opportunities for using cloud-based digital engineering capabilities to drive speed and efficiency.
Augmented reality, for example, can help employees better understand root cause by leveraging analytics and providing visual cues. Virtual operator training has also proven valuable during the pandemic by speeding the learning cycle and creating more opportunities to learn.
Cappelli: What are some low-risk areas that companies can start with to support digitization using a cloud environment?
Conway: It’s a journey. Start with storage, which is low risk and high return. Next, test your networking with a segment of your OT environment. IT has used network segmentation for years. Apply that concept to the OT environment by leveraging the cloud in a segment of your OT environment to start. From there you can begin leveraging compute capacity, which is the true power of the cloud.
The beauty is, you can set the parameters in today’s cloud environment to move as swiftly or as slowly as you wish. The right cloud provider is going to give you a route that provides infrastructure that meets your specific configuration needs. Then you’re off and running with exciting new capabilities for your OT environment.
With the right cloud platform provider and collaboration from leadership, you can securely, sustainably and resiliently innovate and deliver consistent excellence.
Read Part 1: CISO Conversations: Engaging Leadership
Read Part 2: CISO Conversations: Securing IT/OT Infrastructures
Read Part 3: CISO Conversations: Understanding ISA/IEC 62443
About the Author:
Dawn Cappelli is Vice President of Global Security and CISO for Rockwell Automation. She is a member of the RSA Conference Advisory Board and RSA Conference Program Committee, and co-founder of the Open Source Insider Threat information sharing group.
About the Author
You May Also Like
Cybersecurity Day: How to Automate Security Analytics with AI and ML
Dec 17, 2024The Dirt on ROT Data
Dec 18, 2024