May 9, 2023 Identifying Industrial Cloud Risks

As the manufacturing sector migrates to the cloud, it’s critical to understand the security challenges and how to overcome them.

By Willi Nelson, field CISO for OT, Fortinet

Technology advancements and market dynamics are driving the need for industrial organizations to transform and innovate like never before. To enable transformation and support the operational priorities of safety, availability and security, three major technologies and architectures are being considered: cloud, IoT/IIoT and mobility/5G. 

This is demonstrated through the number and type of devices connecting to the industrial network – smart sensors, valves and gauges – expanding the attack surface and making industrial environments low-hanging fruit for an attack. Cloud adoption has also increased to improve data analytics and support the growing need for remote access. 

Yet concerns about security persist as a significant barrier to cloud adoption. And there are several other challenges that keep organizations from embracing the cloud: multiplying compliance requirements, the ongoing dearth of professionals with cloud security skills and – particularly in multi-cloud and hybrid environments – very poor visibility and control.

It’s important to understand the challenges of cloud security in order to overcome these challenges and design a strong cybersecurity approach.

Security challenges in the cloud

Cloud security issues are a continuing worry, despite rising cloud adoption. 95% of the firms surveyed for the 2023 Cloud Security Report said they were either extremely or moderately concerned about their security stance in public cloud environments. And 35% of firms expressed extreme anxiety about public cloud security.

Protecting cloud workloads presents a number of operational problems for cybersecurity professionals. Again, the people aspect – a lack of qualified security personnel (43%) – tops the list, followed by compliance (37%). The challenge of delivering consistent security rules (32%) is likely caused by the rise of multi-cloud services.

Cloud workload security becomes more difficult and complex in multi-cloud scenarios. Three of the top four issues are connected to having the proper skills and a thorough grasp of each cloud platform, underscoring the importance of the right staff and the expertise that multi-cloud systems require.

Which cloud security risks worry cybersecurity experts? The top four remain the same as the previous year’s report. Misconfiguration is first, according to 59% of cybersecurity experts. Insecure interfaces/APIs (51%), sensitive data exfiltration (51%) and unauthorized access (49%) all follow closely behind.

Cloud-based security: Key drivers

Manufacturers can benefit from the same advantages of the cloud for their security services as they get for their workloads and apps. This includes increased scalability (56%), shorter deployment times (48%), less effort required for software fixes and upgrades (43%), and lower costs (40%).

Due to the difficulties with security visibility and the shortage of cyber talent, 44% of companies are searching for solutions to improve visibility and control in safeguarding hybrid and multi-cloud networks. It’s not surprising that a preponderance of respondents (90%) find having a single cloud security platform and dashboard to be moderately to extremely beneficial for consistently and thoroughly protecting data throughout their cloud footprint.

The modern-day manufacturer can’t fulfill their cybersecurity objectives without taking into account three things: cloud adoption, use of automation in terms of the cybersecurity apparatus, and then subsequently adoption of zero trust principles within the organization. 

All three of those will ultimately benefit and strengthen the cybersecurity apparatus of any organization. But it requires organizations to think more broadly about how they protect the enterprise and the various pieces of data that may exist in the various nooks and crannies of an enterprise.

Manufacturers may overcome several of these obstacles by using a holistic cybersecurity platform approach that offers centralized visibility, administration and automation across cloud platforms. With this approach, security teams can share intelligence more quickly and provide better response times. Consequently, leaders can improve efficiency, lessen the effects of the skills gap, and boost the efficacy of their team as a whole.

Investing in a more secure cloud

When you consider the cost of a production line going down for hours or even days, it puts risks into perspective and highlights the reality that investing in cloud security upfront is almost always a much less expensive option. Migrating to the cloud is about identifying the pieces that you can move quickly and securely and then dedicating resources to the areas of the enterprise that might pose a greater risk in movement. Then, realize that you may need to do some enablement for staff who need to be upskilled.

When security becomes a priority, you begin to think differently about how you secure your enterprise. Cloud adoption, use of automation and adoption of zero trust principles are three critical components. If you think strategically about how these components become a part of your security roadmaps and how they can significantly reduce your risk over time, it makes sense to include them in a roadmap of security investments that you can make over time.

Willi Nelson joined Fortinet as the CISO for Operational Technology in August 2022. He brings more than 25 years of experience in information security working across industry verticals such as healthcare, telecom, financials, manufacturing, and life Sciences.

Most recently with GlaxoSmithKline (GSK), he established and directed the Global OT Infrastructure Security team charged with monitoring and protecting the OT assets for GSK. Willi relies on a pragmatic and systematic approach to achieve company goals while also maturing the organizations and teams he leads.

Willi is a graduate of Rockhurst University in Kansas City, MO, USA and holds a CISSP (Certified Information Security Professional) certification in good standing. Willi lives in NW Arkansas with his family. He’s an avid outdoorsman, cyclist, woodworker, and veteran.

Subscribe to Industry Today