cloud, lock, sky, blue

If you’re in manufacturing and responsible for your organization’s computing infrastructure, you may have been asked to provide three pillars of business value to satisfy a variety of very active stakeholders:

  • Your users expect availability and high performance.
  • Your operations teams need greater flexibility and efficiency and lower total cost.
  • Everyone in your organization expects you to address the risks of security, privacy and regulatory compliance. At a minimum, this includes the risks to the availability of your business-critical systems, applications and data. In many cases, it also includes risks to confidentiality and integrity of your most sensitive data – including your intellectual property.

If this is true for you, you’re definitely not alone. When asked about the drivers behind current investments to improve their computing infrastructures, respondents to a recent Aberdeen research study indicated that all three of these areas are of similarly high importance.

Keeping up with all three of these at the same time is a pretty tall order, however, especially given the incredible complexity of today’s infrastructure, applications, data, user devices and the surrounding threat environment. How complex? In its analysis, Aberdeen found that more than 17,000 manufacturing companies in the US and Canada were running more than 165,000 enterprise applications installed from a total of 60 selected vendors – with an overage of over 10 operational sites per company. Enterprise Resource Planning (ERP) is by far the single biggest application category, accounting for 51% of all installations in this market snapshot.

Cloud Deployment Trends

With respect to how these applications are deployed, the pattern over the past few years has been that application workloads are first virtualized and then executed on the infrastructure that best addresses the organization’s requirements for performance – which is increasingly in the cloud. Reliability, cost, geographic location, trust level, security and compliance are key factors behind this decision. In general, the research has consistently shown that the more business-critical the application, the more cautious the approach in terms of moving virtualized workloads from the enterprise-managed infrastructure (aka on-premise) to the infrastructure of cloud service providers. For example:

  • Enterprise application categories in the vanguard of moving predominantly to cloud providers include Web applications, CRM, enterprise email and file sync/share.
  • Meanwhile, enterprise application categories that have remained more predominant on the enterprise-managed infrastructure include finance / accounting, and ERP for manufacturing.

But these trends are rapidly changing, and here’s why.

For the vast majority of organizations, simply rolling up your sleeves and allocating limited IT resources – in an attempt to integrate, optimize, and maintain the exponentially growing complexity of computing infrastructure and security – by themselves would not be considered strategic. Important, yes – but strategic, not so much. Leveraging your applications and data to serve your business and differentiate from your competitors is what’s strategic for manufacturing companies, not managing the underlying technology stack.

Merging Strategy with Security

Concerns about data security, data privacy and regulatory compliance have traditionally given organizations pause about moving their business-critical applications from on-premise implementations to the cloud – but there’s growing evidence that cloud-based services are actually more secure. In a service provider / enterprise subscriber relationship, each party is focusing its resources and expertise on doing what it does best:

  • Cloud providers deliver the architecture, integration, optimization, security and operational aspects of the essential lower levels of the computing infrastructure stack at large scale. They can justify an investment in achieving, sustaining and certifying compliance with security and privacy requirements over a large subscriber base. Critical applications like flexible ERP (SaaS) are increasingly included in this mix.
  • Enterprise subscribers focus their own resources on the most strategic aspects of the computing infrastructure stack: their own applications and data.
  • Both parties share responsibilities for security operations – and for most organizations, moving to cloud providers will likely drive net improvements in data security, data privacy and regulatory compliance when compared to their existing practices for traditional IT or private clouds.

This is especially true for small and mid-size organizations (up to $500 million in revenue). It may be counter-intuitive, but Aberdeen’s research shows that SMBs actually have higher risk. At organizations of all sizes, there’s an ever-increasing demand for:

  • Keeping IT infrastructure properly configured, patched and up-to-date
  • Achieving and sustaining compliance requirements for security and privacy
  • Keeping up with the latest security threats and vulnerabilities landscapes
  • Ensuring that IT infrastructure and sensitive data are well-protected
  • Monitoring, detecting, investigating and responding to security incidents in a timely manner

Less Risk, More Reward

Small and mid-size businesses often lack the resources (both in bandwidth of existing personnel and specialized technical expertise) and the tactical focus to perform well at these activities. This is because their primary, strategic focus is naturally on running and growing their business – not on security, compliance, privacy and risk. These factors combine to contribute to SMBs being an attractive target for attackers with a correspondingly higher likelihood of success.

In addition, SMB leaders often make false assumptions about risk, e.g., “data breaches won’t happen to us,” and “we don’t have anything of value that attackers would want.” In truth, however, small businesses may represent extremely high-value targets for attackers, as they represent a much easier beachhead and conduit for attackers to gain access to larger organizations in the supply chain. Sometimes businesses will experience data breaches after underestimating the resolve of attackers and so will not put anything in place to prevent this from happening. They will also then fail to report the incident to their customers, leaving it in the hands of whistleblowers in their employ to reveal the problem to the world. 

For SMBs, Aberdeen’s analysis shows that the risk of a single data breach is significantly higher than it is for larger organizations – by about 63% across all industries. The manufacturing sector is near the top of this list:

Given all of the above, it’s not surprising that virtually all planned growth among SMBs is based on moving away from in-house implementations, in favor of using service providers and particularly cloud. It’s worth asking, “what am I waiting for?”

For more information about cloud security for manufacturing and ERP, read this recent white paper.

Derek Brink
Derek Brink is a Vice President and Research Fellow at Aberdeen where he helps end-user organizations and information technology suppliers improve their security and compliance initiatives. Before joining Aberdeen in 2007, Derek worked for more than 20 years in technology strategy development and execution, corporate and business development, product management and product marketing at RSA Security, IBM, Sun Microsystems and Hewlett-Packard. Derek earned an MBA with honors from the Harvard Business School and a BS in Applied Mathematics with highest honors from the Rochester Institute of Technology. In addition to creating high-quality, fact-based research at Aberdeen, Derek helps students improve their critical thinking, leadership skills and communication skills by teaching graduate courses in information security. Derek is adjunct faculty at Brandeis University and Harvard University.

RELATED ARTICLESMORE FROM AUTHOR

LEAVE A REPLY