“Staying Evergreen” key to Cyber Security Strategy!!!

This week I spoke at SCADA Australia conference, where many of the leading companies in the SCADA, geographical industry, such as water, power distribution, rail etc. While the increased awareness of the empowering real-time analysis and decisions was discussed. The major discussions were around Cyber Security strategies and threats and virtualization. The surprise to me was the fact that the debates did not link these two discussions, and there was very gradual take up on virtualization.

This is very different to what we have seen elsewhere in the world especially North America and Western Europe where virtualization has become the default approach to the industrial architecture. People discussed the reason why people go to virtualization is a cost of servers, yes this is a factor but in most cases this is only a side benefit. The big advantage is the abstraction of the software application from the hardware and infrastructure.

Speaking with customers the linkage between Cyber Security and the need to stay current, not just patching etc, is becoming a main stay of their “sustaining” strategy. Many of the security fixes and improvements do not happen in patches,  but in point and major releases, this is with infrastructure software such as Operating Systems, and databases, as well as industrial software. So many leading companies are looking at architectures and deployments that enable their systems to stay “evergreen” eg on the current releases. The advantages happen in security but also in general cost of sustaining the system so you do not end up with major application jumps.

So I ask myself why you would not employ standard architectures on a virtualized platform, allowing hardware to evolved and for high availability architectures to allow upgrades of software and minimal time to switch over from the running version to new version, plus providing an environment for testing. Many of you will say that is what we doing, but within the last 6 weeks in eastern / central Europe, ASEAN and Australia I have seen a reluctance to adopt virtualization this I would understand if we turned back the clock 4 to 5 years ago, but the technology is very mature today, and well proven.

The other trend happening is the move away from customization and everything to configured, using standard tools and capability. This is key to enabling applications to stay evergreen, the advantage of customization vs cost to sustain is just not worth it. A solution architecture decision should not an event, it must be a journey, with the key consideration of operational continuity will be sustained which maintaining the systems in an “evergreen” state.