Trading Off Security for Cloud Benefits

Companies need to know how to make a logical trade-off between the value of the cloud and the increased risk it brings.

Why are some manufacturers still uneasy about adopting cloud software for product innovation and engineering? The benefits are clear, as we discussed in our prior articles, "The Subtle Shift to 'Why not Cloud?'" and "Cloud Engineering Software: More Than Engineering Software on the Cloud." But the transition started out slowly.

For a while, one of the most significant inhibitors to cloud adoption was a lack of "apples to apples" capabilities between traditional applications and those available on the cloud. But that disparity is no longer the issue, as we discussed in "Why Not to Justify Buying Cloud Engineering Software." So what’s leaving manufacturers hesitant about cloud migration?

For some companies we speak to, security still makes them uncomfortable about starting their cloud transformation. It’s an important issue, and one that they must consider carefully. Let’s take a look at how companies perceive the trade-off between security and cloud benefits, the reality of the situation, and what they can do to objectively evaluate risks and rewards.

Security Is a Scary Topic

Security is a challenging topic. No company wants to put their critical product data at risk. Stories about intellectual property theft and hacking are common occurrences, and manufacturers are rightly concerned. The threat is real, whether company data resides inside their firewall or with a web services provider. There is always risk, regardless of the deployment approach. But risk is something that can be managed by taking a thoughtful approach to it.

Evaluating the Trade-off

Companies need to know how to make a logical trade-off between the value of the cloud and the increased risk it brings. But is that the question to be asking? Is the risk higher on the cloud? It depends on many factors, but in most cases, that’s not the appropriate question.

It’s true that the cloud is a more attractive target, particularly when data is consolidated from multiple companies. Similar to a bank, it’s a more attractive target because there is typically more to steal in one location. But, also like a bank, it’s likely to have better protection than one person or company could provide on their own. Web services companies can afford dedicated resources that many companies could never attract, afford, and retain. They also have specialists to cover various security disciplines, such as encryption or intrusion detection. In addition, web service providers give companies someone to turn to in the unfortunate event something does happen. Many companies we speak to consider security to be a positive feature of the cloud, as opposed to an issue.

Managing Risk

Whether or not the risk is greater or not, the cloud changes the risk profile and must be managed. Fortunately, the IT community has gained significant experience in procuring and operating cloud solutions. Companies today can leverage best practices developed from experience.

Some best practices are general, while others are more specific to product IP. One common approach to protect design data is to store only partial data in one place. It’s not uncommon for companies to keep some very special trade secrets in a separate location, or undocumented. For example, they may choose to share the 3D specifications for a part but not share the manufacturing techniques required to achieve the desired quality. Or, they may choose to store tolerances at lower precision.

Other security best practices work across multiple types of solutions. These include practices such as using industry standards and audit procedures. In some cases, customers or industries mandate specific techniques. Our research shows that although companies are concerned about the risk, those companies that have implemented standards and audits see the security risk as less critical than those that haven’t implemented them (see the graph below). These companies don’t face lower risk, necessarily, but they have chosen to mitigate the risk proactively.




The Bottom Line 

Companies are beginning to realize that their critical product data is probably just as safe, if not safer, on the cloud due to the enhanced security measures afforded by shared resources. But security is an important issue, and companies should evaluate it carefully. To be more comfortable making the cloud transition and take advantage of the available benefits, manufacturers should:

• Educate themselves on the reality of the security-cloud benefits trade-off
   
• Include standards in the supplier evaluation process
   
• Ensure that the partner allows security audits
   
• Follow best-practice standards and audit processes

In the end, the important things are to work with a trusted supplier and be smart about it. What does this look like from your perspective?

¹Source: Additional analysis of data from Adopting Cloud Innovation Platforms survey of over 200


This concludes the fourth part of Tech-Clarity and Siemens Digital Industries Software’s series on the benefits of the cloud in business; watch for additional articles on this topic. For more information, visit the Siemens Digital Industries Software cloud page.