It's more than just the cloud
Before companies decide about moving to the Industrial Internet, they first need to be clear on what it is. They need to understand that it is more than just the cloud. Instead, it is an entire ecosystem—of end users, partners, industrial assets, sensors, connectivity mechanisms, and more—that works together to collect and send data from sensors and controllers and other embedded devices sitting in an OT environment at a remote site all the way to the cloud.
With an understanding of this edge-to-cloud concept, the search can begin for the right Industrial Internet platform. Fortunately, there are resources available to help a company get started, including the Cloud Security Alliance (CSA). A non-profit organization whose mission is to promote the use of best practices for securing cloud computing environments, CSA offers an entire framework on how to adopt the cloud, including objective guidance on cloud standards, certifications, training, and more. With such heavy scrutiny around cloud adoption, it’s important for organizations to have a place to go for advice on how to assess public clouds against industry-established security best practices and learn what “tough” questions they should be asking providers.
To facilitate Compliance, GE Digital set out to build a platform on a common infrastructure governance model based on ISO 27001/2, NIST 800-53 and FIPS 140-2. This common “matrix” on controls would then mapped to Cloud Security Alliance Cloud Controls Matrix which would enable it to support compliance to over 60 national, international and governing body regulations with the effort of a single one.
It’s also important for industrial companies to realize that a move to the cloud doesn’t happen overnight. It’s not a one-and-done conversation with a cloud provider. Rather, it’s a journey. This is the industrial sector, after all, where implications are much different from those in enterprise IT environments. To build the level of trust and confidence necessary to move sensitive, often mission-critical data to a public cloud takes time, many meetings, and full transparency into a provider’s strategy, especially when it comes to multi-tenancy and data security.