Network Communications News (NCN) October 2016 | Page 21

cloud security

F E AT U R E

malicious intentions. However, there
is a significant distinction to be made.
Validated software and cloud computing
providers help ensure that their cloud
is protected at the physical, network,
application and data layers so that their
services are as resilient to attack as
possible and client data remains safe.
The problem arises when users
store or access company data through
alternative devices or consumer cloud
solutions. The most common ones
are personal smartphones, tablets or
email addresses.
Bring-your-own-device (BYOD) was
an industry trend five years ago – today
it is a reality. Employees everywhere use
their own devices to access work emails,
remote monitoring applications, CAD
designs and other sensitive information.
Unfortunately, this practice exponentially
multiplies the risks of a cyber attack.
However, manufacturers can’t afford
to hide their heads in the sand and
hope BYOD will go away. Your best bet
is to train your employees on the best
practice use of BYOD and reduce the
number of devices and applications
used to access company data. BYOD is
not a replacement of corporate devices;
it should be a controlled strategy to
enable mobility.

Industry standards

The practice of bring-your-own-device exponentially multiplies the risks of a cyber attack.

Identify and protect
valuable data
From intellectual property (IP) to trade
secrets or critical production data,
most departments in your organisation
have sensitive information that could
be the target of cyber attacks. The first
step is to identify these valuable data
assets and restrict access to them by
‘hiding’ them behind additional layers of
protection and encryption.
Manufacturers can protect
valuable production data using
industrial automation software that
has comprehensive security features,
such as strong encryption, secure user

administration and digital file signatures to
recognise bogus programs. Software that
allows you to allocate password protected
access to individual users is particularly
beneficial because it empowers
manufacturers to create individually
configured access levels for different users.
This means only authorised users gain
access to valuable information.

Best practice
One of the biggest concerns many
people have about cloud computing is
that once data is in the cloud, it can be
accessed by unauthorised users with

Slowly, but surely, industry is starting to
outline and implement cyber security
standards to make industrial networks,
devices, software, processes and data
more secure. For example, the NIST
Cyber Security Framework published in
the US compiles leading practices from
several standard bodies. There is no
such thing as a foolproof formula, but
NIST is a good place to start.
For Industrial Automation and
Control Systems (IACS), IEC-62443
offers industry guidance that allows
end users, systems integrators, security
practitioners and the designers and
manufacturers of industrial automation
and control systems to work to the
s