As we move into the fourth industrial age and companies adopt IoT technology, RS’s Mike Brojak believes that investing in data security should be a business’s top priority
When asked how important data security is for modern businesses, RS Vice President Innovation Labs Mike Brojak gives a one-word answer: “Critical.”
Brojak, however, doesn’t believe that every organisation fully understands this fact or, in some cases, is not putting together a coherent security strategy to protect its data.
To explain why he feels data security is a huge priority for businesses, Brojak first talks about why data itself should be at the forefront of every organisation’s long-term strategy. “Before you think about the importance of security, you need to understand the value of data itself. We are at the beginning of a shift in economic power away from capital (which itself replaced land after the Industrial Revolution) towards a data economy, where data is the most important asset a business has,” he says. “Most companies still look at data as part of what they do, but don’t see how important it will be in the long term.
“These companies look at the likes of Google, Amazon and Uber and wonder why they are so successful, and the answer is that these companies were born in the data age and they understand how to use that data effectively,” Brojak adds. “A company that has a traditional industrial business model, but has realised the need to shift towards being data-centric, is GE. This is a company that is investing in data, and its security, and they are doing very well as a result.”
The data age
These examples, and the many others around the world, are just the tip of the iceberg according to Brojak, as business moves into the data age. “Eventually every business will realise that data is the future,” he says. “So if data is the most important thing your organisation has, it would be crazy not to take effective measures to secure that asset.”
" If data is the most important thing your organisation has, it would be crazy not to take effective measures to secure this asset” Mike Brojak, Vice President Innovation Labs, RS
One of the biggest priorities relating to data at the moment is privacy, according to Colin Forrester, Business Development Manager at safety and security company UL. “Any company holding data about people has to be extremely careful when it comes to privacy and protecting that data. GDPR [new regulations governing data protection that come into force across the EU including the UK in 2018] will go much further than previous data protection laws, making organisations much more accountable,” Forrester explains. “This will be backed up by punitive fines for firms that don’t protect data effectively – punishment could include 4% of annual turnover or €20 million, whichever is higher.
“While there will be reputational damage due to data leaks for organisations, the potential for severe fines is likely to be the biggest driver for change this year and next,” he adds.
Brojak also believes that GDPR is pushing data up the corporate agenda: “It’s a shame that regulatory change and threats of fines are the catalyst, but in some cases that’s what it takes, and any resulting investment and improvement will benefit companies in the longer term.”
Another driver for businesses is the growing shift towards more internet-enabled devices, known as the Industrial Internet of Things (IIoT). The connectivity and automation that IIoT create can drive significant efficiencies for businesses (see our in-depth article), and the data that is created from these devices that is particularly valuable.
Many manufacturers are taking steps towards IIoT as part of their MRO strategy, for example, by investing in technology that allows them to predict maintenance needs before machines fail – this sort of data is hugely valuable, and can save significant amounts for organisations using it correctly, it also needs to be protected.
“One of the biggest benefits of IoT is the fact it generates data for your organisation to analyse,” says Forrester. “This is incredibly valuable, but it’s also essential that you take the right steps to protect those devices and the data they generate.”
For some companies, the potential risks have put them off even contemplating introducing IIoT, but to Mike Brojak this is akin to sticking your head in the sand. “Fear of risk is an understandable human reaction,” he says. “Thirty years ago, businesses could adopt a ‘wait and see’ strategy when it came to innovations – it was quite effective to let others take the risks and then follow behind once success was proven, but now technology and change is happening so quickly it’s very easy to be left behind.
“IIoT is coming to every industry, so there is no point in ignoring it,” he adds. “The key is to take some risk, mitigate that by having a good security strategy and gain the benefits of adopting IIoT while your rivals may be holding back. All of the big companies that base their business on data – from Amazon to Netflix – are always at risk of having their data hacked, but those risks are far outweighed by the rewards. They take all possible steps to protect themselves and they are growing at an incredible rate.”
Data security strategy
So what is a good data security strategy? Forrester believes that it comes down to understanding the implications of new technology: “Individual computers, company networks and personal work devices are usually well protected, but IIoT devices are often more limited in terms of what protection can be applied. He explains “Nevertheless, every single new device that is IoT-enabled needs to be appropriately protected, which includes avoiding the use of common, default passwords through to ensuring any embedded software can be updated to fix vulnerabilities that may be identified during the product’s lifecycle.”
While Brojak acknowledges that companies should all have strong security measures, he believes that a key area that is sometimes ignored is internal co-operation. “I often see companies that separate out data and physical security – in many cases, they invest lots of money into digital security to put firewalls and anti-hacking software in place (which is good), but then ignore physical risks in terms of basic employee training or access to their premises or devices.
“There was one instance when a large corporation had great digital security, but the ethernet ports in their reception allowed people to plug straight into their corporate network rather than the guest one,” he adds. “Often this sort of thing happens because the IT department and the facilities department are operating separately, when they should be working together to reduce the chance of a security breach.”
" Connected devices should be seen as an extension of conventional IT. After all, they are embedded computers subject to the same IT security rules as any server or a laptop.” Mike Brojak, Vice President Innovation Labs, RS
“This principle of digital and physical security especially applies to IIoT as it bridges physical spaces and IT systems. Connected devices should be seen as an extension of the conventional IT. After all, they are embedded computers subject to the same IT security rules as any server or a laptop.”
When it comes to introducing IIoT the initial set-up phase is crucial, which is why RS has been helping its customers make the transition. “Here at RS we’re also in the middle of a digital transformation where we have gone from being a physical catalogue-based distributor to the point where a large amount of our sales come through ecommerce,” explains Brojak. “As such, there is a great deal of understanding in our business of the sort of challenges our customers are facing as they move towards a more data-focused operation.
“This puts us in a strong position to assist our customers,” he adds. “While we provide the hardware to make IIoT possible, we have also recently helped customers (either through our own team, or via partnerships with the likes of UL) in a more holistic way to set up IIoT to boost their productivity, while also achieving security levels that are appropriate to their specific needs.”