Manufacturers have understood the benefits of using data: collection, analysis and transformation into actions, particularly optimization. But what about security issues? What should you check with your digital solution provider?
We spoke with Mickael Labit, Chief Technical Officer at METRON since 2017. He explains the stakes of industrial IT security and the solutions to protect yourself.
How can you understand the challenges of data security when implementing a digital solution?
The first obstacle in implementing a digital solution is the apprehension of manufacturers regarding security issues (data loss, confidentiality, etc.). Developments have been so rapid that in some fields it is difficult to insource know-how.
If they want to be more competitive and take advantage of the digital transformation of their industries, manufacturers must open up to the outside world: they outsource and use third-party solutions without having direct control over security. In this context, IT security is no longer purely an in-house matter. It is a shared responsibility between the company’s departments and the various service providers involved.
The major challenge is selecting a trusted supplier, but also being aware of the risks associated with a solution. Just because a tool is well known does not mean it is the most secure! It is therefore essential to find out about the risks in order to make the right decisions.
Once the right digital solution is installed, it is important that you keep these risks in mind and maintain transparent communication with your supplier.
What points should you bear in mind? And how can you guarantee the security of a digital solution to reassure a manufacturer?
The sensitivity of the data is the first thing to integrate. When setting up an EMS (Energy Management System), we must constantly ensure the integrity, confidentiality and availability of the data used.
Sensitive data includes machine parameters or production data from sensors. This data can reveal trade secrets, company margins and other competitive advantages. It is therefore crucial that they are protected.
To do this, any good digital solution provider must:
- secure the transfer of incoming data (from the manufacturer’s sites) and outgoing data (sent by the client) through the implementation of protocols
- manage data processing, i.e. calculations, data aggregation and the creation of KPIs
- develop the front-end applications and ensure the stability of the solution
- maintain the infrastructure base in a DevOps approach, with the deployment of OVH, Amazon or other hosting providers’ cloud-based services
- constantly innovate to improve the performance and the robustness of the solution – in METRON’s case with regard to Data Science (statistical expertise and modeling for energy purposes), R&D (to remove mathematical and scientific barriers) – or to respond to new business issues and integrate specific machines.
The security of the system depends on these different points.
Audits performed by external companies can also be commissioned by the service provider to ensure the absence of flaws in its solution and to certify the reliability of the results. When answering technical questionnaires as a manufacturing client, do not hesitate to ask for the results of these audits.
What are the market trends and developments in this area?
The shift from on-premise to cloud is the major trend.
Having on-premise software deployed locally behind a firewall allows an organization’s security measures to be respected and promotes control of the data by the organization. But it also comes with a risk: the lack of flexibility. Indeed, any change in the system requires the intervention and involvement of resources on the client side.
It’s not just the loss of data that you need to consider: the integrity and availability of the data are key elements.
Regardless of the supplier chosen (Azure, Google, Amazon, etc.), the services provided by cloud technology are beneficial.
At group level, the cloud makes it possible to centralize and compare energy data from several separate, and potentially isolated, plants to improve performance and save energy.
However, a digital solution provider should not minimize the risks involved. It is their responsibility to make them known, to discuss them with their clients, to make them aware of IT security and to show them the best practices to adopt. External evaluations, such as security audits, also allow them to be identified as a trusted intermediary.
Understanding the client’s problems, finding convincing solutions and initiating a continuous improvement process is the role of the service provider!
Finally, a service provider should clearly explain the content of its service, so that you can measure the risks associated with the solution and weigh them against the opportunities offered. The integrity, confidentiality and availability of the data used depend on this collaboration, which must be based on transparency and trust!