Surveys show that many IT managers are unhappy about breakdowns in data transfers to and from the cloud
Enthusiasm was high at the outset, but now a survey shows that companies are beginning to have second thoughts about relying on cloud-based architectures. Many experts, for example, are increasingly questioning whether cloud computing centers in fact can control production facilities or manage logistics centers without difficulties, as the providers promise.
IT managers are especially wary about an approach where the machines and devices still do not have “intelligence” built into them. Managers also have noted that there are no guarantees of secure data transmissions from the cloud computing centers to the devices and machines. That's because the applications and the users may be 10,000 km from one another. In the worst case, if the data transfer breaks down, production will shut down in just a few minutes.
Although no user will discuss problems openly, there are clear signs that everything is not working as planned. “One quarter of all European companies are dissatisfied with their respective cloud service providers,” wrote Camille Mendler, lead analyst, Enterprise Services Ovum, in a study called “Realizing possibilities in the cloud: The need for a trusted broker.”
Mendler says one company in three cites “breakdowns in data transfer” as the key, critical source of this dissatisfaction. Most cloud service providers offer poor or too narrowly defined service level agreements, Mendler said. In case of noncompliance with agreements, many providers pay no compensation whatsoever.
Many of the companies surveyed say that “mediocre" is the highest grade that most cloud services providers earn. But users’ expectations of cloud providers are much higher. They include end-to-end management and service level agreements on computing centers and data networks. This is precisely where the problem lies: Cloud providers’ expertise is often limited to computing centers. In fact, guaranteed data transfer seems to be the exposed flank of cloud computing. And cloud concepts apparently stumble when it comes to the infrastructure.
Two incidents show how susceptible this infrastructure is, and they have caught the attention of the security managers within companies. In the first event, on March 26, a blackout occurred in Amsterdam, of all places. According to the German high-tech industry association Bitkom, Amsterdam is one of the most important locations in Europe for data centers. There is no information on which or how many computing centers were directly or indirectly affected by the power failure. But the evidence suggests a very widespread and above all very expensive system breakdown: Schiphol Airport, one of Europe's biggest hubs, ceased operations, Dutch train traffic came to a halt, and companies sent their employees home because they could no longer work with computers.
The second incident raised even greater anxiety: In early April, Islamic State terrorists ”“ allegedly ”“ hacked into the French television broadcaster TV5 Monde, one of the five largest broadcasters in the world. Criminals impressively demonstrated to the industrial nations of Western Europe that they have the means to undertake cyber attacks that experts had not expected so far. “We are living in times in which data have become a currency ”“ and in which we are discussing new threats. Not just companies or individual criminals but rather entire states or political groups with a global reach,” said Ramses Gallego, vice president of Isaca. “As a consequence, companies should give very careful thought to the occasions when they convey data from continent to continent.”
Understanding data paths
Isaca represents roughly 115,000 members and advises them about cyber security and risk management. Every major country has legislation on cyber security and data privacy. These laws are also valid for data that merely travel through the country or remain at a specific location for a very short time. "As I see it, the risk management aspects cover a number of issues: Where is a company sending its data? Where is the starting point of my data flow? Who will handle the data during their transfer and why are they doing so?” Gallego asks.
Unfortunately, companies are not at all clear about the communication paths taken by their data. At the same time, to complete a risk analysis, risk managers would have to be familiar with the input and output channels of their organization, to understand which paths the information is following from the company. “This is not the case at many companies,,” Gallego said.
Cloud approaches are based on the idea that companies rely on a centralized machine intelligence that controls production, sales or logistics around the world. So far, managers have mainly used “dumb” sensors and equipment that send their data over the internet into the analysis and big data engines of cloud applications over the internet. These applications process the data and send control commands back to the machines. If the data arrives at an internet traffic jam due to a data center blackout, a criminal or terrorist hacker attack, or just a system malfunction at the cloud provider, the machines wait in vain for the next commands. The results could be catastrophic.
One survey of the German automotive industry indicated that decision-makers are definitely aware of the situation. To be sure, none wanted to make a statement to automotiveIT or be quoted directly. But there is an awareness of the issue’s explosiveness. "We naturally consider the issue
of security and the secure transfer of data over the internet to be an important issue,” one respondent said. “We have developed appropriate risk and security management measures. But for security reasons, we do not give out information about our security architecture externally.”
An official at another car manufacturer said: “Within the company, we are familiar with concepts for decentralized control. As part of industry 4.0 initiatives, we’re working on these kinds of architectural concepts ”“ but we estimate that their implementation will still take some time.”
At the same time, the maturity of these decentralized systems seems to vary within the industry. “We have already been using ”˜intelligent’ devices for several years,” an executive at another manufacturer said." The devices buffer data and can bridge a malfunction in the central IT for a certain period.”
As plants are increasingly becoming computer systems with mechanical devices attached, secure data transmissions to and from the cloud are even more crucial than before. Hence, considerable innovation can be expected in this area.
By Christian Raum
Illustrations by Sabina Vogel
(This story is from the automotiveIT international magazine. To subscribe, please go to www.automotiveIT.com/subscribe)