Apps and micro-services have considerable potential for automotive manufacturing, but are not always the first area of interest for software developers.


Experts worry apps may compromise quality and security in production (Illustration: Audi, Sabina Vogel)

There have been deep rumblings in the market for production IT. App developers want to break the hegemony of large monolithic systems and send their little helpers into battle by the thousands. There is no longer a way around the trend toward combined many. They have moved ahead with standardization and created workflow descriptions that have been demonstrated to work in practice, he said. But disquiet is suddenly spreading. To optimize time and costs as factors in their success, many companies are ready to compromise on quality. The fact that you cannot buy Industry 4.0 solutions off-the-shelf plays into the hands of those pushing apps.

Every company must configure and test its roadmap individually. After pressure from management, some IT departments are calling into question the world of manufacturing execution systems (MES) that has grown up over decades. They would prefer to convert functions en masse into stylish micro-services: machine and operating data, quality monitoring and even the services of various third-party providers are supposed to feed mobile apps that bring production-related data to tablets and smartphones.

But that’s not enough for many programmers. They clearly want to take their mini-programs beyond a purely descriptive function and conquer every last corner of the shop floor. The scenario for the future: It should be possible to use process-control data on mobile devices, whether the information comes out of the machines and installations themselves or from upstream systems.

Two problems

Two massive problems stand in the way of this goal. First of all, traditional company architectures continue to be structured monolithically and are thus poorly suited for the dynamic requirements of modern workloads. Secondly, security experts have vehement reactions when they examine the development of individual apps and see how they are documented and annotated. “We have already had experiences with some projects that had very liberal, not to say chaotic, programming organizations, where the app’s functionality was the highest priority. With a bit of hyperbole, you could say that the programmers just take the next Post-It note off the scrum board and start de-veloping,” said Wolfgang Strasser, managing director at @-yet Industrial IT Security GmbH in Leichlingen, north of Cologne.

Naturally, he is also seeing the widespread cross-industry trend: conversions to micro-services and cloud-based services. “But I would question whether this step makes sense in a complex and often heterogeneous production environment, where performance, stability and above all security must be the top priority,” he said. “From our daily work, we know that the more mobile apps come into use, the greater the exposure to attack and the opportunities for manipulation.”

And there is more: At many locations, there is very clearly the lack of a general consciousness of IT security. “For many companies, security is still not a core component of the software development process,” Strasser said.

Improvements often must be made as operations continue. But, especially in a manufacturing environment, the consequences can be devastating if factory-control apps do not provide traceability. Issues of liability have not been clarified and customer trust is in jeopardy. But many companies are not even aware of the risks that they are running. Otherwise they would give considerably more weight to the basic challenge of security when contracts are awarded.

Deaf ears

The words of warning are falling on deaf ears – at present, all that counts are the dynamic scaling of available applications and services and bringing the would-be innovations to market quickly. That’s why labs can crank out one app after another, programmed with nimble fingers during a two-week sprint. The hoodie-wearing hipsters have little interest in how their mini-programs will get along with manufacturing machinery and installations.

But there is no stopping the apps’ triumphant advance. To give the security aspect its due, representatives of operating divisions and software architects should do some joint brainstorming as early as possible and develop a common understanding of what the final outcome should be – with clarity about all the different ways to implement it and with built-in security right from the start. That would be the very least that they could do.