Within the mining, oil and gas, utilities, and manufacturing industries you will find two distinct environments:
When we talk about cloud enabling an organisation, most of the content has been focused on the IT environment, which we know and understand quite well. When we talk about cloud enabling OT or about delivering cloud services into the OT, the room tends to go very quiet and with good reason. The OT is the crown jewels of an organisation, and its operational performance is key to an organisation’s revenue. Anything that could impact the OT will have an increased level of scrutiny and unless all the check boxes have been ticked won’t happen.
In this post we are going to explore how does one cloud enable the OT environment and at the same time be true to the standards and controls that are in place to protect it. Throughout our journey we will be covering:
The Purdue Enterprise Reference Architecture (PERA) is a model that was established in the 1990s to protect identities, information, and assets within the OT environment. This model has come along way and has served the industry in many ways. The following diagram provides a high-level view of the Purdue Model.
The Purdue Model has six functional levels from 0 to 5. Each functional level is only allowed to communicate with the adjacent north and south layers:
With the advent of Industry 4.0 and the Internet of Things (IoT), there have been a lot of challenges to the continuation of the Purdue Model in the industry. One of the main gaps in the model is the lack of cloud integration. In fairness, the cloud didn’t exist when the model was founded as the technology was a lot different those days. Industry 4.0 has resulted in an exponential transformation of the process control network.
We recently worked with an organisation that was looking to gain a competitive edge within its industry by enabling its OT environment to leverage the benefits that could be realised by extending it into Azure. Some of the potential benefits included:
The organisation was particularly interested in being able leverage Azure IoT, Azure IoT Edge, Azure Machine Learning, Azure Stack Edge and Azure Stack Hub within the OT environment. However, it was unsure of how this would be achieved under the Purdue Model, which it wanted to continue to utilise for the security aspects offered. In order to reduce risk, the organisation was willing to accept the additional complexities and costs incurred by this model. In the following segment we will cover the elements that were introduced to the Purdue Model to extend the OT environment into Azure.
Through a series of workshops with the organisation, the following high-level changes were implemented to extend the Purdue Model to the Azure:
To accelerate the enablement of the OT environment for Azure, the Microsoft Cloud Adoption Framework for Azure and Azure Well Architected Framework were utilised. These were the same frameworks that were utilised to enable Azure in the organisation’s IT environment. This resulted in the revised Purdue Model.
Some of the key benefits the revised model provided included:
Since the initial introduction of the Purdue Model in the early 1990s, Information Technology and Operational Technology environments have changed significantly. A common industry trend is to now see IT and OT environments converge, however, not all organisations are embracing this. Security, safety, and uptime are important factors in the OT world, therefore, some organisations prefer to continue with the traditional segregation between IT and OT as part of their risk-mitigation approach. For these organisations we can cloud enable their OT environment so that they can leverage the benefits that Azure has to offer. The high-level approach that was discussed is applicable to most organisations, however, each organisations journey to the cloud will be unique due to their varied requirements.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.