Data Forecast: Partly Cloudy

Let Somebody Else Handle the Data Flow? It's Tempting, but Are the Controls and Safeguards Convincing Enough to Tie the Plant to Cloud-Based Services?

By Dan Hebert

The cloud has arrived for commercial and personal applications, and the benefits in those business spaces are real. Cloud use is already widespread in many corporate functional areas and is becoming ever more present. A recent report from the Economist Intelligence Unit and IBM indicates that 90% of corporate America expects to adopt the cloud in its organizations during the next three years. The uses include data storage, transfer of large data files like software downloads to customers, and web mail services such as Gmail.

Taking cloud use to another level, many companies outsourced entire functions such as customer relationship management, letting others provide this type of software as a service, typically accessed through a web browser.

Employees at industrial firms certainly are becoming familiar with the cloud through personal use. Companies involved in commercial enterprise, particularly those selling business-to-consumer, are using the cloud, and we'll see that there are good reasons why.

Though the cloud is doing well in commercial and personal applications, industrial manufacturing users are few and far between. The challenges are significant for real-time, critical operations such as manufacturing.

In Cloud We Don't Yet Trust

Popular uses for the most part are not directly related to manufacturing. Leave it to an end user to get right to the heart of the matter: concerns about how cloud reliability and security could threaten manufacturing stability.

"Although cloud-based data storage might be beneficial for process automation systems, no one in a petroleum processing plant trusts its integrity due to its immaturity," says Rick Hakimioun, senior instrument/electrical and control systems engineer at Paramount Petroleum. "It took a while for us to trust the integrity of data from fieldbus instrumentation, and it will take a while for the cloud to catch on. I'm not against taking advantage of cloud-based data sharing for monitoring process control systems. But due to lack of a published standard practice developed by engineering society experts, I'm not sure about its utilization at this time. I say, in cloud we don't trust, at least for now."

Richard McCormick, automation engineer with system integrator Mick Automation in Levis, Quebec, has similar concerns. "My main concern would of course be linked to the security aspect of using the cloud," he says. "There is absolutely no Internet connection allowed from the process control network DMZ at all of the places we work, so the standard cloud couldn't be used."

More Than Hype

As with many new software and information system technologies, the hype surrounding the cloud is omnipresent and often overwhelming. But benefits are real. Virtually any service provided by the cloud also can be provided by in-house IT, so benefits of the cloud generally must be expressed by comparing them to the in-house IT alternative.

For example, data storage and backup often are provided in-house, but cloud providers often can do it cheaper and more reliably. Economies of scale let cloud providers store data for extremely low prices, most of these providers have elaborate data backup plans in place, and support is 24/7.

For many firms, the costs to buy software and pay renewal fees to maintain it are a significant expense. Paying a cloud provider for software-as-a-service (SaaS) is much cheaper, particularly when the full costs of IT personnel and infrastructure are factored in.

Deployment can also be quicker. SaaS applications can be put into use within hours, as opposed to weeks or even months for an in-house product that performs a similar function.

For remote data access, the cloud can provide many more paths than an in-house solution. If a plant stores its data in an on-premises server, all users must connect to this server for data access. If the data can be moved onto the cloud, multiple access paths are enabled, increasing reliability and access speed as remote user connections now can become local.

For vendors with a worldwide presence, the cloud can be the best way to distribute software. "Our company uses cloud-based products internally to provide services to our customers, such as downloads of our software products," says Marcia Gadbois, president of InduSoft, a company that provides SCADA and HMI software to industrial firms. "Using a cloud provider allows our users to download from local servers wherever they are in the world, increasing download speeds through a reliable high-speed data connection. We use Amazon and Rackspace to provide this service, and we've found both providers to be very reliable, providing the performance and uptime our customers need at very low cost to us."

Can Manufacturing Benefit?

In terms of applications, it's hard to envision any tasks directly associated with real-time control of manufacturing moving to the cloud. That won't do a thing to lessen the concerns of the Hakimiouns and McCormicks out there. Instead, the cloud will perform tasks that support manufacturing, particularly data storage and remote access.

Manufacturing-related tasks will be performed in one of two methods. With one method, the cloud will be used to host a service provided to the manufacturer by a system integrator or an automation vendor. This service then will be sold to the manufacturer, typically on a monthly subscription basis. In the second method, manufacturers will run their own applications in the cloud, using hardware and other associated infrastructure provided by others.

For now, most applications are of the first variety, with end users purchasing remote access and other services from others for a monthly fee. For example, system integrator Vipond Controls in Calgary, Alberta, has developed a cloud-based SCADA.

"Critically for our customers, our solution eliminates the expense, time and manpower required to purchase, install and maintain local SCADA hardware and software at each site," says Darryl Vipond, president. For more detail on this application, see "HMI in the Sky."

ECXSystems in Tyler, Texas, is another system integrator and services firm providing cloud-based remote access, in this case via its own cloud-based data center that ECXSystems manages for its customers.

In a recently deployed application, its data center pulls information from SoftPLC controllers, and makes this data available to remote users for a periodic fee. For more information, see "Data for All."

Most cloud-based industrial applications, including the two described above, don't provide access to the controller, but this functionality will come soon. "We're working with an OEM to design a cloud-based access and control system with automated two-way communications so in the event of an alarm, they could instruct the SoftPLC to correct the problem, if possible," says Cindy Hollenbeck, vice president of SoftPLC.

This two-way access via the cloud will be significant, says Erik Goode, technology leader for strategic manufacturing solutions at system integrator Maverick Technologies in Columbia, Ill. "In some situations, the cloud will become part of the critical path between the end user making a decision and the control system receiving it," he argues. "This controversial milestone will be as significant as when control systems first moved to non-proprietary networks."

Where's My Data?

For many industrial companies, their data is precious—it could contain intellectual property that puts them ahead of their competitors. Using the cloud to store and distribute this data could make these companies nervous for a number of reasons.

For others, using the cloud in their production and manufacturing processes seems to add a layer of dependence on Internet connectivity and outside service suppliers that didn't exist before, raising legitimate concerns about reliability.

In terms of data security, using a cloud provider is a double-edged sword. On one hand, the cloud provider likely has much stronger security and encryption in place than a typical in-house IT department, with 24/7 support to foil any intruders.

On the other hand, there are many more hackers looking to earn street creds by breaking into the Amazon cloud vault as opposed to a typical industrial company. And the collective data in the Amazon cloud is worth much more than the data in a single industrial company, further increasing temptation.

Another major concern for many is near total dependency on the selected cloud provider, with this dependency increasing with the length of time the provider is used. For example, a company could rely on a cloud provider to store all of its key manufacturing data. Initial costs would be very low, but the selected provider would control the data and be free to raise prices at any time.

Switching to another provider would require cooperation from the cloud provider to transfer the data, and it's questionable how forthcoming this cooperation would be, especially if asked to transfer data to a competitor. In the financial services and telecommunications industry, regulations exist in the U.S. and other countries that require transfer of money and/or data from one provider to another. But no such regulations exist in the cloud yet, increasing dependence on the vendor, and with it the risk to the cloud user.

There are ways to mitigate these risks, albeit with some cost and inconvenience to the user. "Many cloud firms will provide backups to ensure user data is redundantly secure, and it's industry protocol for cloud providers to contractually ensure user data is always available, regardless of what happens to the provider," notes Siamak Farah, CEO of InfoStreet, a cloud software provider.

Finally, many industrial users are concerned with replacing dependency on an in-house corporate network with dependency on an Internet connection. For example, a company could use the cloud to store and provide access to data, both to in-plant and remote personnel. If the connection from the plant to the cloud were to be lost, then so would the access.

Alternate access paths can be provided from the plant to the cloud, and from the cloud to each user, but at least one of the paths from the plant to the cloud would have to be up and running. For many, an in-plant communications network is perceived as more reliable than any practical number of cloud connections.

Back on the Plant Floor…

The only way McCormick can envision something similar for automation would be through a dedicated and very secure link to a vendor-specific site for remote vendor applications. "But again, it would be very hard to guarantee 100% security at all times, and that means the plant system not being affected by anything bad happening at the vendor site," he cautions. "And imagine using many links like this for different vendors, which would be a nightmare to maintain security in all cases."

An end user at a water utility says he would consider using the cloud for data storage, but voices his concerns when it comes to other areas. "Hosting actual applications remotely vs. just storing data is a concern for automation/real-time control where applications need to be running as part of a plant or treatment facility," explains Dave Mazzarella, PE, senior electrical engineer at Irvine Ranch Water District in California. "The link to remote servers could be lost, but the plant still needs to operate. The cloud adds a failure mode that doesn't exist in our current systems."

The Killer Apps

Remote access appears to be at least one of the killer apps for the cloud in terms of functionality. But what will convince end users like Hakimioun, McCormick and Mazzarella to use and trust the cloud for this and other applications?

"If one of our DCS vendors—Emerson or Honeywell—offered cloud-based data storage and access, we would consider it," Hakimioun says. "These vendors perform lots of testing to ensure the integrity of their systems meets our requirements."

The Talk2M service from eWon uses virtual private networks (VPNs) and tunneling to provide remote access, notes Francis Vanderghinst, sales manager. "Talk2M accepts connections from users as well as their machines, so both parties can exchange data using this technology," he says. "The end connection to the machine is in reality made through an eWon industrial router that connects to the heart of this machine, the controller. The only requirement is that the eWon router should be connected to the customer LAN, and it should be possible to browse on the web from this LAN."

Asset management could be another killer app, and it appears to be particularly well-suited to the cloud. A manufacturer would only have to provide a high-speed, two-way data connection to the control and information system, and the vendor could immediately begin to collect and analyze data. Once this data was analyzed, the vendor could provide specific recommendations for improving asset utilization. This service could be provided for a monthly fee on a relatively short-term basis, reducing risk and encouraging use.

All manufacturers want to improve asset utilization, and vendors promise this and other benefits to those who buy and install their asset management software. But with in-house deployment, the manufacturer must first invest large sums in software, servers, networks, and IT and asset management experts.

Buying asset management through SaaS models could allow virtually instant deployment with very low upfront costs, allowing manufacturers to try the service and assess benefits with very low risk.