Keeping Doors Open and Closed at the Same Time
Engines are able contact a service desk directly if they expect failure. Ships are able to communicate with ports during their voyage on what repairs they need. Even elevators, made by Finnish manufacturer Kone, are communicating in plain English on how the latest trip upstairs went, and if the system recognised anything notable. All this is already happening today!
One of the key benefits of digitization and the industrial Internet is the improved access to, and availability of, information. Many organizations already offer programmable interfaces called APIs to external parties hoping to strengthen their ecosystems or facilitate the building of new services that would benefit them.
The availability and sharing of information is increasing, as are the interactions between companies. Information that would in earlier times have been kept confidential is nowadays available to partners or other external resources through digital means. Flat organizational structures further create a need and possibility for companies to share and utilize information in the organization more effectively.
To those in charge of corporate information security the open availability of information is a nightmare in the making. The counterpoint to free information sharing is regulation, which is trying to keep up to speed with the development. An example of this is the EU General Data Protection Regulation (GDPR in short), becoming effective in spring 2018, which seeks to protect the personal privacy of individual citizens with comprehensive limitations and large fines to organizations. Although there is a lot of talk about the regulation and its effects to companies, the compliance requirements and the extent of changes required will take many companies by surprise.
There is a great need for companies to step up their game in security. Viruses and phishing attacks are a constant problem in almost every organization, and the more precious the information handled, the stronger and more advanced are the threats. Flame, a very advanced malware program was found at the beginning of the decade after it had been secretly infecting the factories and political organizations in the Middle East for two years prior. Stuxnet, another advanced malware, successfully sabotaged the production in a specific Iranian factory by changing the programming logic for the centrifuges in the production line.
To summarize, companies are currently in a situation where they should open up all information channels, but at the same time limit and protect that same information from various threats. If the companies want to stay onboard the digital transformation wave, the people responsible for the information assets need to build capabilities to advance both these objectives. Below are three important requirements for any company wanting to be digitally secure:
The continuously and rapidly evolving malware programs and hacking methods will open the doors of any company, regardless of the security precautions. Rather than putting all the money on building thicker walls and stricter controls, it pays to improve the speed of detecting and reacting to threats. The longer the company is exposed to the attack, the greater the havoc caused.
Train your people
Extensive communication and training to increase security awareness, especially for the employees in information intensive roles, plays a critical part in the protection scheme. When the company employees learn to recognize and react correctly to threats and understand how to handle confidential information, the risks of information thefts are radically diminished. Positive, non-threatening and fact-based messages about security processes and common policies ensure that harmful events like virus infections are not covered up, but rather reported and reacted to.
Protect end to end
Regardless of the transport medium, the information channel needs to be secure from every angle, both technically and contractually. If a company shares information about customers to a partner, the transfer of information must be done securely; the contract between the parties needs to protect the information and only the information needed to complete the tasks should be transferred. If the transfer is done technically, the transfer route needs to be encrypted the whole way to the end point.
The future is intelligent
The need for information protection, but also for open and flexible information sharing are going to increase dramatically in the future. With the Internet of Things becoming more commonplace, the amount of available information is going to explode, when everything from a toaster to a power station is connected to the Internet. New technologies are on their way however, to also protect information in the future as well. Blockchain is expected to radically change the reliability of digital information by e.g. registering the maintenance data of an object to a special database where the records can be seen but not altered. Artificial intelligence will be taught to learn, understand and monitor normal information handling events of an organization, and alert or defend the system if something out of the ordinary is taking place.
Free access to information will have a great impact on the interaction of people, organizations or even nations. At the same time we are seeing how the misuse or falsification of information in politics is causing great harm to everyone. Corporations have a duty to show the way in open, but secure data utilization by keeping their doors open, but closing them rapidly when the need arises.
Writer of this blog post for Maintworld-magazine: Reko Lehti
Lehti is a partner in Taival Advisory Inc, who specializes in digital transformation, ecosystems and future business architectures. Reko has previously worked in a security, architecture and strategy leadership role in retail as well as in management consultant.
Siemens’ Process Industries and Drives and Digital Factories divisions are teaming up with Bentley Systems’ Bentley Institute to establish aProcess Industries Academy that will support the companies’ joint vision for cloud services and digital workflows in engineering and operations. The Process Industries Academy will help organizations to better understand and develop an effective digital strategy across all aspects of the asset lifecycle, based on the practical experience and knowledge of the industry’s leading experts.
Companies offering annual aftermarket service contracts 24% more likely to report profitability than those doing reactive field service work, as study conducted by IFS shows.