How to make the cloud an engine for manufacturing success

As the manufacturing sector rapidly modernizes to tap into the benefits of the cloud, it also must address the new, complex cybersecurity challenges that are compounding legacy security issues. Manufacturing faces both decades-old and modern threats, impacting systems from mainframes to AI. The coexistence of a virtual and physical presence is essential, as the core purpose lies in transforming ideas into tangible products.

"As the CISO of a semiconductor manufacturing company, I have observed the transformative benefits of cloud adoption firsthand — enhancing not only our security posture but also our operational efficiency and agility. The cloud's ability to provide architectural redundancy is vital for minimizing downtime, a direct financial risk in our industry,” said Greg Kim, vice-president and CISO, Skyworks Solutions.

The manufacturing sector is already among the most-targeted by cyber-criminals globally, and threat actors continue to evolve their tactics that can cripple operations and cause significant financial losses. While malicious actors pose risk, these operational technology (OT) environments are also prone to significant inherent risks, such as technical debt and complicated manual processes prone to mishap.

Consequently, relying on traditional failsafes such as air gaps as a risk mitigation strategy is no longer viable or effective for three key reasons:

1. The entire supply chain is embracing cloud-based software-as-a-service offerings that make isolation increasingly difficult.
2. Businesses are facing relentless pressure to optimize production and delivery. These demanding, data-driven insights require connectivity and integration.
3. Attackers are constantly developing new techniques to breach ostensibly isolated networks.

CISOs in this sector are under immense pressure to balance the needed controls for and associated risks of integrating legacy systems with the need for cloud and AI innovation, which is compounded by the dynamic regulatory environment and business demands. In spite of these amplified challenges and the explosive global growth of threat actors, at the Office of the CISO we also see significant causes for optimism in cybersecurity, digital resilience, and bottom-line growth across our transforming global manufacturing economy.

Across many industries, secure cloud solutions are enabling better business decisions by tapping into supply chain, operational, enterprise, and consumer data to bridge silos, identify opportunities, and deploy easy-to-use AI to support employees and increase automation.

Properly configured clouds are delivering the security posture essential for manufacturing and industrial companies, built on reliable, resilient infrastructure. With increasing inter-connectedness across the supply chain, and the pressure to meet demand, resiliency during a disruptive cybersecurity event is critical to maintaining revenue and competitiveness.

Cloud innovations across key industries

Balancing operational excellence with stringent security measures is vital to the modernization of manufacturing. In the following four industries, we see this dynamism driving the adoption of more secure technology, including Google Cloud’s secure by design, secure by default technology.

Aviation leans into cybersecurity cooperation

Cybersecurity leaders in the aviation industry are looking past outdated risk methodologies and using secure cloud technology to confront the reality of the cyber poverty line and the downstream vulnerabilities that it induces. Cooperation in this space among major aircraft manufacturers is driven by an understanding that an attack on one is an attack on all.

Aircraft manufacturers are also increasing their agility with cloud technology to address changing compliance requirements such as the European Union’s General Data Protection Regulation and Network and Information Systems Directive 2.0, and the Cybersecurity Maturity Model Certification (CMMC) 2.0 in the United States. Secure cloud solutions offer visibility and control through accessible dashboards, robust identity and access management, code repositories and automated vulnerability scanning.

Aviation industry CISOs are using cloud to manage the complex security and compliance requirements of global operations, meet customer expectations for data privacy, and protect mission-critical systems from evolving cyber threats.

Car makers turn to the cloud for secure data processing

The automotive industry is a prime example of a generational leap forward in manufacturing. Interconnected vehicles with intertwined digital twins that act as endpoints are part of the Internet of Things (IoT). Autonomous vehicles, enabled by mass data collection, processing, and storage, rely on the high volume data exchange rates that modern 5G networks can support.

We are seeing automotive manufacturers turn to the cloud to meet enterprise processing and security requirements at scale. Improved cybersecurity for connected car data and secure over-the-air (OTA) updates are exacting a toll on would-be criminals seeking to breach the digital-physical security divide.

Cloud technology is a key component to improving their manufacturing processes, as it can remove many of the risks formally presented through on-premise technologies. For example, while local storage may seem safer and less exposed, it actually provides a false sense of security because it can introduce several challenges including a lack of redundancy, limited scalability, and operational burden. Cloud technology can rapidly simplify the design and use of technologies such as digital twins for real-time emulation and forecasting of vehicle-to-world interactions.

Energy sector security on cloud technology

The energy sector is increasingly embracing cloud technology to secure critical infrastructure and optimize delivery to customers. Physical security remains crucial, but the greatest risk for service disruption comes from cyber threats. Public testimony by energy sector leaders has revealed well-resourced nation-state actors targeting the energy sector.

To protect their organizations, energy sector CISOs and ISACs are partnering with cloud service providers to optimize power generation and distribution, implement disaster recovery solutions that ensure redundancy, and minimize downtime. The convergence of IT and OT, coupled with the growing adoption of cloud computing, has led to a paradigm shift in the management of and secure remote access to Supervisory Control and Data Acquisition (SCADA) systems and Energy Management Systems (EMS).

Historically, SCADA systems and EMS, segmented via demilitarized zones (DMZs) for remote access, have been deployed on-premise. These systems are beginning to migrate to the cloud, offering benefits such as scalability and cost efficiency. While this transition raises significant cybersecurity concerns, it also creates an opportunity for more risk-informed decisions.

Intrusion and threat detection, rapid response and recovery, and data loss prevention tools are protecting more data in a sector that is both interconnected and a prime target. As more organizations in the sector improve their understanding of the benefits of cloud computing, these concerns are gradually being alleviated.

Cloud defenses for the defense industrial base

Creative solutions are made possible through cloud platform tools, even for sensitive workloads. The defense industrial base (DIB) is using more public cloud computing than ever before because of advances in logical separation techniques and their ability to facilitate U.S. government certifications.

Because some cloud service providers (CSPs) have invested resources to meet Impact Level (IL) and FedRAMP requirements, DIB manufacturers are moving to modern cloud platforms without having to turn to a bespoke private cloud built to government specifications, or “GovClouds.” This has helped DIBs get the “best of” a CSP immediately without having to wait on a migration to a GovCloud.

The GovCloud model presents several disadvantages for organizations, as they often lag behind commercial clouds in terms of new feature releases including security updates, hindering organizations that require cutting-edge technology. Maintaining separate environments for classified and unclassified data in government clouds can result in higher costs and administrative burdens. This slower pace of innovation and bureaucratic processes make it challenging for government organizations to access the latest cloud technologies.

Building manufacturing optimism in the cloud

The cloud holds the key to faster innovation and heightened resilience, no matter your industry or sector. We’re seeing each of these industries derive substantial benefit from cloud’s secure scalability. As cloud-first security extends to the factory floor and processes, it can reduce the risk of disruption and also help pave the way to industry 5.0.

“We are already living in a completely interconnected world. To tackle cybersecurity holistically requires cloud-based solutions that allow for interconnected, cross-system threat detection. The Landis+Gyr cybersecurity division is working with Google to provide exactly that to our customers in the energy and industry sectors,” said Todd Wiedman, global CSO, Landys+Gyr.

CISOs need to understand how cloud migration will impact security and compliance requirements and whether it will improve cybersecurity hygiene. Additionally, CISOs should harvest available data to understand the adequacy of controls, and should support secure remote operational support and maintenance.

As organizations move more workloads to the cloud, it’s important to plan a methodical migration of select compute segments while ensuring the security of the existing environment. We recommend approaching digital transformation across four pillars:

• Enterprise information technology: Safeguarding the digital, data, and network infrastructure.
• Industrial and operational technology: Protecting the industrial operations from cyber threats.
• Products and engineering technology: Building security into products throughout the lifecycle.
• Supply chain and logistics: Managing risks from third party vendors and supplier ecosystems.

CISOs and their teams, by designing security into the cloud adoption process, can deliver the resiliency that ensures technology meets business goals. Crucially for manufacturing, cloud can allow what was once a physically-constrained environment — the factory — to be extended. It allows for more effective threat detection, new system and device modeling, better resiliency, and better response times. Improved speed and scale with infrastructure-as-code and global data center footprints are a mouse click away.

For more security leadership guidance from Google Cloud experts, please see our CISO Insights hub.