Clouded Judgment

Cloud computing is being widely touted as the next big thing in supply chain information technology, but I have strong doubts about its ability to deliver what everyone is hoping for without creating additional problems for electronics manufacturers.

Let's face it: These days, Internet security is as much an oxymoron as “government intelligence.” Within the US, hackers have penetrated ultra-high security systems, including those at the Pentagon and defense contractor Lockheed Martin, while internationally, major incidences have been reported in the Iranian nuclear development program, the United Kingdom’s 2011 Census, and the International Monetary Fund. I can't imagine there are many sites with more layers of security or tighter loss-prevention measures than these, yet they were compromised.

Despite these high-profile events, attempts to extol the virtues of the cloud continue. These arguments include eliminating costly software expenses, avoiding the expense and hassle of software updates and maintenance, and the ability to access programs and files from any system anywhere in the world. (See: Are We Ready for Cloud Manufacturing?)

None of these benefits can be disputed, but are they enough to counter the very real threat of cybersabotage? Electronics companies have spent years and millions of dollars establishing their supply chains as strategic competitive differentiators. I believe this IP should be just as closely guarded as the specs for a revolutionary new chip design. I can't imagine that companies like {complink 2657|Intel Corp.} or {complink 103|Advanced Micro Devices Inc. (AMD)} keep their product development blueprints in the cloud. Maybe they do, but I doubt it.

Maybe I am just paranoid, but to me, putting confidential and strategic supply chain information on a hosted server network is like leaving the keys in a brand new Ferrari. You might as well just put up a sign that says “Steal Me,” because you know that these networks are going to be prime targets for hackers.

And while I have no doubt that no expense will be spared to try to secure these networks, I also have no doubt that before long, hackers will find their way around them. Look at the sophistication and scope of the measures taken by electronic component counterfeiters. The sad reality is, today's bad guys are smart.

Don't get me wrong: I am a huge fan of technology, and as a writer and journalist, the Internet has become an essential part of my toolkit. However, I truly believe that there is a point where the benefits of convenience and productivity are far outweighed by the risks. Taking supply chain technology to the cloud crosses that line.

So, I would caution members of the electronics supply chain to carefully consider this move. Remember what they say in Vegas — don't bet what you can't afford to lose.

12 comments on “Clouded Judgment

  1. AnalyzeThis
    June 22, 2011

    I think you're voicing a very common concern about the transition to cloud-based solutions.

    But here's the thing: first of all, moving to the cloud is nearly inevitable because it's cheaper. In some cases, MASSIVELY cheaper than traditional solutions. And you tend to get more features. It's easier to inter-operate with others. It requires less IT resources on your end. The advantages go on and on…

    As far as the security concern goes, you're not wrong, but it's not as if information NOT in the cloud is somehow inherently less secure. If you have internet-facing data, you basically have similar security concerns as cloud-based solutions. And depending on your current IT situation, a move to the cloud could actually IMPROVE your security by a huge margin.

    Security is a valid concern, but no matter what you do it's going to be an issue. Even if you somehow stored all your data on a device that was not connected to a network of any kind, somebody could walk into your office and steal it.

    In a way, these concerns over cloud security remind me of how people felt about banks around the turn of the century: why put your money in the bank where you can't see it? What if the bank turns out not to be trustworthy? Isn't it safer to keep your money buried in a yard, so that way you know where it is? Of course now we know such attitudes are silly.

  2. hwong
    June 22, 2011

    I have worked in the chip industry for quite a few years. My understanding is that Intel will never put their fabrication manufacturing process online into cloud. It's like putting out your secret recipe for thievs to  take it. It would jeopardize the whole company. Again, I am not convinced that type of information will be going into the cloud

  3. eemom
    June 22, 2011

    I agree with Dennis that Cloud computing is inevitable.  Perhaps its not ready for full proliferation now due to the security concerns but eventually security in cloud won't be better or worse than on a customer's server.  Like you mentioned, if someone wants to hack the information, they will find a way to do it, no matter which server the information is on.

  4. Anand
    June 22, 2011

    “Taking supply chain technology to the cloud crosses that line”

    But the big question is whether you want push all the data on the cloud or keepout sensitive data and push rest of the data to cloud. For this we must ensure that the senisitive data, applications and systems are properly secured so that the cloud infrastructure won't expose organization to risk.

  5. Hawk
    June 22, 2011

    @DennisQ, The plunge into the unknown is always scary but risks are not to be avoided simply because of the likelihood of dangers, otherwise people will not walk (for fear of getting hit by a car) or fly (for fear of a plane crash), eat (for fear of choking) or open a business (for fear of failing.)


    I understand the writer's concerns but you don't win by being timid and much more than corporate IP is already online. Let's identify the potential risks as she has done in the article, then, as you correctly noted, let's manage the risks as efficiently as possible. Yes, hackers will score the occasional wins but in the end the larger society's respect for the rule of law will prevail.

  6. Daniel
    June 23, 2011

    Diane everywhere, everybody is projecting cloud as the next level of big implementations. Even I have the similar doubt, whether cloud can cater the requirement and need from the supply chain networks. Quite some time back, the same happens for virtual machines (VM) too. When VM is introduced, a similar thought came that it can help the marketing side for inventory data access and tracking. But later came to know that it’s not up to the expectations and a flop. So my expectation about cloud role in supply chain is minimal.

  7. prabhakar_deosthali
    June 23, 2011

    The cost advantage of going to the cloud is no doubt going to pull many a business to this transition. If the cost advantage is outweighing the underlying risks then the push will be always to go for it.  There will be security breaches somewhere but solutions will be found to bridge those security holes. Today most of the world's stock exchanges are operating on-line and billions of dollars worth transactions are happening totally paperless and with all your data on line ( and you never know on which server it lies ). Yes there happen a few cases where your internet passwords are stolen and misused to transfer your money to some unknown account. But the percenatge of such cases has been  very very small compared to the valid transactions that are handled by the system.

    Similarly  all the apprehensions about Cloud will die out soon. One must remember that in this  world nothing is 100 % secure and risk free and it never was. Keeping your strategic data on your private stoarge is also not without any risk.

  8. Diane Trommer
    June 23, 2011

    @Hawk, thanks for your feedback. I certainly agree that no business can succeed and grow by being timid, but I also believe that there is a degree of prudence that is necessary as well. I admire your confidence in society's “respect for the rule of law,” but in today's global business environment, you have to remember that many other nation's don't have the same standard of fair play that we expect from US corporations. I have to again point to component counterfeiting as a prime example. There are clearly some regions where the U.S standard of copyright protection appears to be meaningless. Why should we expect anything more when it comes to information in the cloud.

    Finally, I would have to add that this discussion also assumes that the main motivation for hackers is corporate espionage. My fear is that our reliance on technology – for business processes, banking, etc, makes us increasingly more vulnerable to cyber terrorism. A coordinated attack on even just the top 50 CSPs could cripple corporations, and our society at large. 

  9. Diane Trommer
    June 23, 2011

    @anandvy, the idea of prioritizing what data gets pushed to the cloud is a good one. However, how long do you think it would take for companies to get complacent and start pushing the boundaries until its all out there?

  10. Diane Trommer
    June 23, 2011

    @DennisQ, I appreciate your comments. I agree that no data is absolutely secure. However, I believe that over time the number of CSPs will consolidate to a select few giants. Already I see Top 50, Top 100 CSP listings and there are some common names at the top of the list: Amazon Web Services, EC2, Virtual Private Cloud and are a few. The bigger these providers become, the more of a target they will be. Sure, basic ISP server farms could be a target as well, but they don't have the high profile the CSPs will have. 


  11. hwong
    August 19, 2011

    I think we are missing the finer elements here. I am assuming in this article we are just talking about “public clouds” where information is kept at someone else's data centers.  However, we should probably understand that there are 3 types of cloud computing environment: private, public and hybrid.  Actually we are dealing with cloud computing everyday and we don't even realize it. For example, when you log on to your gmail account, that's application via cloud computing. We are accessing our mailboxes and saved messages on someone else's server.

    But sensitive information from a company is not likely to be put onto the public cloud in the near future. THe reason is exactly what this thread is talking about. Security. However, there is a trend today that companies are starting to move their standardized applications onto the public cloud. The most commonly deployed workloads on public clouds have been CRM applications , test clouds and web portals

  12. Anand
    August 20, 2011

    But sensitive information from a company is not likely to be put onto the public cloud in the near future.

    @hwong , thanks for the reply. How long will it take for the cloud providers to provide secure cloud so that users can store sensitive information on cloud ? Will it ever be possible to provide secure clouds ?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.