Today’s industry sees a strong trend towards digital technology. Assembly lines are working autonomously – from the delivery of materials up to finding a storage location. The latest developments in industrial production are based on state-of-the-art technologies such as Cloud computing, predictive analytics or artificial intelligence which are continually creating new areas of application. Nevertheless, many organisations are still reluctant to implement Cloud applications or to actively incorporate them into their production and business processes
Cloud and Industry 4.0
Cloud resources are increasingly considered as an essential prerequisite to the use of Industry 4.0 applications. Together with their benefits towards scalable capacities for applications in storage, computing, network and analytics for Big Data, Cloud resources are also of advantage on a higher logical level by providing a secured and certified platform for process control. This requires appropriately designed Cloud applications using open standards for the administration of interoperable processes. However, Industry 4.0 must be particularly concerned with data security in order to avoid uncontrollable operative risks of access on sensitive data pertaining to products, production processes or customer data by unauthorised persons. Digital interconnection is also creating new potential lines of attack with regard to data theft, espionage and sabotage. A survey published by BITKOM in April 2016(link is external) showed that 69 percent of German industrial companies had been affected by these problems in the course of the previous two years. (The survey is only available in German.)
In these circumstances, industrial companies must find solutions to minimise the risk of potential points of attack. The challenge now lies in choosing the right product from among the multitude of Cloud offerings. Besides traditional Public Clouds where applications and data are hosted at the provider’s data centre, “Private Clouds” are rising in importance.
Private Clouds are like swimming pools in your own back yard
A Private Cloud can be compared to a swimming pool in your own back yard, while a Public Cloud corresponds to a public pool area. In terms of IT this means that Private Clouds may be implemented in the form of appliance solutions where the required computer hardware and the optimally installed software are integrated into a company’s own data centre. As a result, a basic package of applications is instantly available which consists of document management with workflows, a BPM solution based on BPMN 2.0 (Business Process Modeling Notation 2.0), a web-based graphical process editor as well as a BPMN 2.0-capable workflow engine. It is up to the customer to decide who may use the Private Cloud, what data will be stored, which applications will be available and which data sources will be linked with the Private Cloud. This environment makes it possible to model business processes digitally and to integrate the organisation’s IT environment via standards such as SOAP, CMIS, WebDAV or CalDAV, which eliminates the need for lengthy integration projects. Depending on the level of integration and linking with production, suppliers can for example be managed via the Cloud. Provided that the inventory is linked with the respective software system, it can be processed for presentation to management via dashboards. Customers of the Fabasoft Cloud can choose between the following services: Public Cloud, Private Cloud or Hybrid Cloud.
Managing certificates in the Cloud
In a global market it is essential for producers as well as for suppliers that product certificates are well managed. If a type of tyre or a spotlight has no valid certificate, this may for example lead to a ban on imports with unpredictable consequences on important markets of the automobile industry. By managing certificates in a Cloud solution, data exchange via email can be minimised globally. Security is one of the key issues. The certificates are administered in working areas (Teamrooms) that have been defined specifically for that purpose and are restricted to authorised persons. Users have access to these Teamrooms via two factor authentication (password, mobile PIN, etc.) and can upload, edit or check certificates there. Automatic notifications are informing process participants of any modification or event such as the expiry of a certificate’s validity. Once the collection of certificates is complete, a workflow forwards them to the respective participants for release or to production. Changes to the release process are depicted with BPMN 2.0. A BPMN 2.0 process model describes the flow and sequence of the required activities. Thanks to this easy and logical modeling, processes can be designed quickly, intuitively and attractively, and can furthermore be executed directly from within the workflow engine. In addition, dashboards provide a graphical overview of the current projects and workflow activities.
Industrial companies that decide on a Public Cloud should put their focus of attention on the way the service provider is handling transmission and storage and especially on the way he is processing the data. Certificates for data security according to ISO 27001 as well as for IT operations according to ISO 2718 are of great importance in the assessment of a Cloud provider. Articles 40 to 43 of the recently adopted General Data Protection Regulation (GDPR) deal not only with rules of conduct but also with certifications. Independent organisations such as the German Federal Office for Information (BSI), TÜV Rheinland or international organisations such as EuroCloud carry out the audits and award the certificates. These organisations all disclose the methods and objects of their audits on the Internet. So far only one European company has succeeded in obtaining all of the five stars of the EuroCloud Star Audit. Every player should appreciate that data security is a non-negotiable prerequisite of Industry 4.0. Which company would risk that their assembly lines be halted by unauthorised parties or, even worse, that their production of goods be manipulated? And which electricity group would risk that its power plants be connected to the Internet with the doors open to cyber criminals? Critical infrastructure such as this has recently been covered by the German IT Security Act which comprises the KRITIS implementation plan.
The industry’s need for higher automation in the Cloud is a matter of fact.
According to a study conducted by market researcher IDC in February 2016, many organisations are facing numerous obstacles that slow down implementation, for example concerns about losing control over data and documents, lack of internal know-how or insufficient transparency regarding different providers. Meanwhile, Europe already has proven Cloud solutions that offer certified security standards, local data storage, customer-specific adaptations and easy installation. ICT lobbies are called upon to raise awareness. According to an independent IDC study, more than 50 percent of German companies with more than 100 employees plan to implement a Cloud solution for the automation of data exchange within the next two years.