Common Concerns About Running a Manufacturing Business in the Cloud—What is the Reality? (Part 1)
By Bill McBeath, Chief Research Officer, ChainLink Research
Many people assume that high performance real-time manufacturing processes require an on-premise solution and are not a natural fit for the cloud.
In a manufacturing firm, everything starts from the plant floor – so the core Manufacturing Execution System, well integrated into the rest of the enterprise solution(s), is critical.
But the reality is that many high performance processes, including financial networks, monitoring and control systems, and, yes, manufacturing systems, can and do thrive in the cloud.
As a result of sometimes incorrect assumptions, some manufacturers dismiss cloud solutions out of hand, rather than doing a full analysis of the pros and cons of a cloud vs. on-premise solution.
Our research on SaaS has uncovered some of the key concerns that buyers have about cloud. Here are seven of the most common key concerns and the reality behind them for manufacturing firms.
Concern #1 – Security
Considering the sensitivity of the confidential data we will be storing in the cloud, is the security of cloud-based systems strong enough to ensure protection?
Reality: Merely having physical control over your systems on your own property does not necessarily provide strong security.
Strong security takes a substantial investment in technology, expertise, processes and policies, which the vast majority of small and medium businesses – and even some large firms – do not make. Some of the types of investments needed to create strong security for critical enterprise systems and data include:
- Strong physical security at the data center with multiple layers of protection: perimeter fencing, guards at every access point, automated authentication into the perimeter and at every door and interior doors of sensitive areas, CCTV surveillance, windowless computer rooms, etc.
- Rigorous background checks, security training and ongoing security testing for all employees.
- Strong technology infrastructure security, such as multiple layers of protection and firewalls, audit trails, intrusion detection, secure OS and “secure-by-design” application.
A successful cloud solution provider has many clients, creating economies of scale and the ability to invest in robust security capabilities, the cost of which is spread across their many customers. In fact, a cloud provider’s reputation and survival as a business depends on making those investments in very strong security.
Most small to mid-sized companies cannot make anywhere near that level of investment. Nor do they have the expertise. As a result, cloud systems are usually much more secure than a firm’s own on-premise systems. This includes internal security within the SaaS application and virtualization infrastructure to prevent clients from accessing each other’s data.
One note of caution: Selecting a cloud provider with strong security does not absolve manufacturers from their own security responsibilities, such as training their employees not to fall for phishing messages, or putting controls on the types of devices and data that can be connected to the employees’ PCs, tablets and phones.
Assessing a Cloud Provider: Ask what type of security audits the provider has done, how often and whether or not they are SSAE 16 Type 2 certified. Hire an experienced independent security consultant, representing you, to assess the cloud provider’s security on your behalf. An excellent set of resources can be found at the Cloud Security Alliance website, including guidance on assessing and ensuring cloud security (free registration required).
Concern #2: Availability
Can we reliably run our critical manufacturing systems in the cloud? What happens if the network goes down?
Reality: As with security, high availability requires an investment, both in the systems and the network. Many cloud providers have made substantial investments in redundant systems and data stores, warm or hot failover capabilities, multiple data centers, ongoing monitoring, and robust backup and restore capabilities.
Many use multiple telecommunications service providers with diverse lines (different physical entrances points) into their data center. Some solution providers will help design or actually provide similar redundant telecommunications arrangements at each customer’s critical facility. As with security, the typical enterprise will not go nearly this far.
The typical on-premise system for a small or medium company has limited or no failover, sometimes spotty or untested backup processes, and is still dependent on the Internet or wide area connection to centralized systems for continued operation (unless all the systems, manufacturing plants and offices are housed in the same building or campus). A typical on-premise setup (i.e., lacking compute or network redundancy) may have considerably higher downtime than a cloud system with redundant network connections.
Of course, there is an added cost to redundant network connections, which needs to be factored into any decision. The cost of redundant network services may be moderated by using lower-cost alternatives for the backup/failover line.
Assessing a Cloud Provider: Ask what type of availability guarantees (e.g., percentage of up-time, maximum recovery time and maximum data loss) the solution provider offers within their SLA (Service Level Agreement) for the end-to-end service to your shop floor. Verify how those levels of availability are achieved, including redundancy and failover of systems and networks, backup and recovery policies and practices, and so forth.
Concern #3: Large Enterprise Support
SaaS applications are often geared for use by smaller companies. Can a multi-division, F500 manufacturing firm really be run on a cloud solution?
Reality: Currently, there are no 100% cloud solutions that could truly serve as the backbone, central ERP for an entire multi-site F500 manufacturer. However, there are examples of divisions of F500 running in the cloud. Some of the advantages that a cloud-based solution brings for a large multi-division company include standardization among the plants, speed and agility in the rollout of new facilities, and easier roll-up for central reporting.
Assessing a Cloud Provider: If you are a large enterprise, get a demo of the solutions’ multi-site capabilities. Find out about integration to your backbone ERP(s) and other systems (e.g., purchasing, CAD, etc.). Ask what support is provided for internationalization and localization (multi-currency, date/time formats, languages supported) and get a demo of how it’s done. In part two of this post, I’ll talk about four other common concerns with cloud-based manufacturing solutions: Performance, Functionality, Customizability and Scalability.
Bill McBeath leads ChainLink's research efforts, as well as the procurement, strategic sourcing, design collaboration and online marketplaces practices. With more than 20 years of experience in a variety of roles as a business and technology researcher and consultant, high tech executive, and software architect, Mr. McBeath is recognized as a leading expert in extended-enterprise business models.