Cloud technology has taken the world by storm in the past several years. Think of how often you use some type of cloud solution on a daily basis – to store your photos, to save your documents, to back up your data, to communicate with your friends and family – and you may not even think about it.
In a business environment, when cloud solutions are brought to the table, sometimes concerns are raised. These usually have to do with security – one may be unsure if a cloud solution’s security is robust enough for their organization or industry. Or, they may simply believe that their IT team will not allow their organization to purchase or utilize cloud technologies. However, in most cases, both of these assumptions are false.
Most cloud solutions have extremely robust security, which are managed by the cloud provider, rather than needing to be managed on-premise by individual organizations. Additionally, while a few years ago your IT team may have been wary of the Cloud, most IT experts have changed their tune. In fact, your organization may have a Cloud Strategy you’re not even aware of.
When it comes to energy, we of course need to be particularly cautious about cloud security. In the past several years, there have been many cyber and physical attacks on energy infrastructure. It’s also known that these threats are very, very real – when we lose electricity, or can’t transport fuel, the results can be catastrophic and sometimes result in loss of life. However, taking that all into consideration, the industry is starting to call for change when it comes to the use (or lack thereof) of cloud technology.
FERC Annual Reliability Conference Demands Change
As reported by Utility Dive, at the recently held annual FERC Reliability Conference there was consensus that cost, security and reliability benefits can be provided to the grid with cloud technology - but current NERC Critical Infrastructure Protection (CIP) rules are precluding the industry from taking full advantage. Current CIP rules prevent high-medium grid assets from utilizing cloud resources. However, it is worth noting that current rules were drafted and implemented before cloud technologies were fully developed, and they simply lacked vision into what the future might look like. At the meeting, Tom Alrich, security consultant, stated that “One can definitely make the argument that the grid is less secure today than it would be (if cloud solutions were allowed) and that gap is growing every day.”
As mentioned above, cyber threats to the grid are growing every day – The National Institute of Standards and Technology’s Database is set to report over 27,000 vulnerabilities in 2023. This is a 25% increase over those reported in 2022, and many of the issues are critical. When these threats are combined with the large quantities of smaller generators connecting to the grid, the threat increases further – many experts at the meeting warned that traditional security tools and on-premise solutions are no longer adequate – new technologies are required.
ISO New England shared that some of its most robust security tools are not currently allowed to be used to protect certain electric system assets - simply because they use cloud technology. Maggy Powell, Security Assurance Principal for the Power and Utility Sector at Amazon Web Services stated that cloud technologies are “key at augmenting security teams’ abilities with increased visualization, automation and resilience”. Powell also noted that in addition, the demands being placed on the industry by decarbonization, decentralization, and digitalization “translate to more than 100 times increase in data volumes to reliably operate the grid, making computing capacity essential.”
PLEXOS Cloud Security
The innovative team at Energy Exemplar has clearly seen the benefits that cloud technologies can provide. Which is why we expanded our PLEXOS solution into a full SaaS platform, combining the capabilities of the most powerful engine in the industry, with a modern and advanced SaaS platform. PLEXOS Cloud provides limitless, flexible compute, offers features and functionality for collaboration, and also offers best-in-class security. We take the security of your data extremely seriously – here are some of the details:
- ISO 27001 Certified - SOC 2 Type II Certified - Data center operations conducted with best-in-class infrastructure services from top-tier public cloud providers - Operate in geographically dispersed SOC 2 Type II and ISO 27001 certified facilities - Data is transferred securely with Windows Communication Foundation, which uses a TLS 1.2 encryption - All data is encrypted at rest, by default - Energy Exemplar operations establish a standard and secure tenant network for each customer - Securely housing data in separate network ensures tenant data confidentiality - All access to PLEXOS Cloud is authenticated and authorized - Energy Exemplar does not have access to customer data (unless granted by the customer for support purposes) - Backups are replicated in multizone, which enables data resiliency - Business Continuity Plan covers Disaster Recovery
While as a society and industry we may not have realized the importance of cloud technologies when the CIP rules were drafted in 2006/2007, industry experts are now calling for change. Cloud technologies aren’t going anywhere. In fact, they offer security and computing benefits that may be critical to an industry moving forward with ambitious decarbonization goals.
If you're ready to learn about the numerous benefits PLEXOS Cloud can offer to your organization, speak to an expert!