Data Security, the Cloud and National Interests: Lessons from Indonesia

Martin Richards

Martin Richards

EMC Corporation’s Information Intelligence Group Senior Director of Energy Industry Solutions

Road Warrior Journal

Road Warrior Martin Richards visits Indonesia and discusses cloud solutions and data security.

Road Warrior Martin Richards visits Indonesia

The security of cloud-based data has been front and center of the news recently. A continuing stream of highly personal celebrity photographs, taken from Apple’s iCloud service and published on the public internet, has grabbed the world’s attention. This event serves to intensify the fears that big companies have when trusting their data and intellectual property to the public cloud. My travels around the world meeting with energy organizations give me the opportunity to see how this issue is viewed from a national perspective and highlight the many inconsistencies and misperceptions.

Ensuring Data Security with Legislation

On a recent trip to Indonesia, I met with a number of companies involved in running major capital projects and operating assets  in oil & gas, and energy production. Indonesian law states that data relating to these activities must reside on a data server in Indonesia. The same is true for many other countries including Brazil, Egypt, and China.

The apparent reasons for this restriction are twofold:

  • When participating in joint ventures, Indonesia wants to gain control over the asset data.
  • When dealing with data relating to energy assets, there is a data security risk, especially in a part of the world that is subject to regular terrorist attacks.

Indonesia believes that having this data within its boundaries and control lessens the risk of the data being accessed by unauthorized parties.  From the Indonesian government’s perspective, this makes sense and serves to protect Indonesian assets and intellectual property.

Global Teams Increase Quality, Efficiency and Complexity

Working with a network of suppliers ensures quality equipment, maximum efficiency and cost control on projects and operations.

However, the problem is that the increasing globalization of business, especially the energy industries, works counter to this logic. Companies such as Chevron and INPEX – both of which are deeply invested in Indonesia – operate as global organizations. Working with a network of suppliers that are sourced from all parts of the globe ensures they get the best quality equipment and the maximum efficiency and cost control on their projects and operations. Improved quality and efficiency benefits Indonesia. In fact, joint ventures with companies from more developed countries are driving projects in Indonesia and other developing nations.

A report produced by the Business RoundTable, a US-based association of leading CEO’s, neatly summed up the paradox in Indonesia’s position:

“When governments impose blanket restrictions on trade such as local data server requirements, they fight the battle for economic growth with one hand tied behind their backs. … When trade barriers disrupt the free flow of lawful information, they can result in a slowing of technological innovation and prevent companies from offering certain products and services, consequently dampening economic growth.”

During a recent trip, I was fortunate to be able to discuss these issues with representatives from the Indonesian government. It appears there are now grey areas that may allow data to be more effectively managed. The scenario we discussed was using a secure, public cloud, hosted service for supplier collaboration, EMC Supplier Exchange, which integrates with a system to manage their project documentation and processes, EMC Documentum Capital Projects. The master project documents would be stored in the management system within Indonesia; however, documents that need to be shared with the global suppliers would be transferred to the supplier collaboration space. These documents are available in the public cloud, but they remain accessible only by designated companies and individuals. Because documents are encrypted while being transferred and encrypted when stored within the cloud solution, the security risk of storing documents outside of the corporate firewall (and, in fact, the country) is minimized. To assure all parties of that the proper processes and precautions are being followed, all activities performed within the cloud solution are fully audited.

So the question to the Indonesian authorities is, “Does the use of this public cloud solution constitute an illegal act?”

Using a secure cloud solution provides improved protection compared to email, while fostering extended collaboration between project teams.

The current practice is to email documents from Indonesia to suppliers. This happens hundreds, if not thousands of times each day on a major project. Using email, data clearly leaves Indonesia, has very little security or audit control, and can be emailed to anyone anywhere in the world. It was clear to everyone involved in our discussion that using a secure cloud solution actually provides improved protection for Indonesian data and interests compared to email, while fostering extended collaboration between project teams.

Going forward, it is essential that the very real concerns of data governance and national laws are reconciled before the benefits of the cloud can be fully realized.

Has your organization reconciled data governance and the desire to collaborate using cloud solutions? Share your thoughts and experiences below.

Intrigued with this road warrior? Catch up on his other journal entries:

Smarter Containers

Jeroen VanRotterdam

Jeroen VanRotterdam

CTO and VP of Engineering in the Information Intelligence Group at EMC

In this blog entry I would like to explain our new container model of the SaaS platform used by our new SaaS solution, EMC Supplier Exchange. Before I do that let me share what I SupplierExchangemean by a container. A container is a collection of objects and/or other containers. It is a logical boundary for a set of objects which can be an input for, for instance, computational purposes, validation and/or visualization. Simple containers are, for instance, a selection of a few objects. More complex containers are e.g. a (virtual) folder structure, a virtual document for a drug submission or an entire construction project.

Documentum has a long tradition of “smart” containers which offer powerful capabilities. A good example is a virtual document with the ability to build a hierarchical structure with references to objects with snapshot capability, versioning capabilities, export or publish capabilities etc. There are a lot of successful examples of virtual documents in a wide variety of industries such as Energy & Engineering, Life Sciences, Tech Pubs, etc.

For the SaaS platform, we have built a new container model with quite a few advanced capabilities beyond the Documentum smart container model. The title of the blog says “smarter containers” suggesting that they are Continue reading

When Information becomes an Information Asset

Joe Morray

Joe Morray

EMC Information Intelligence Group Worldwide Energy and Engineering Practice

For a number of years, I have observed the successes and challenges in applying information management to the capital projects and operations worlds. It is important to WordCloud EErecognize the value of project and plant information. I frequently refer to creating the Information Asset™. [Since my time with Trinity Technologies and now with EMC, the lawyers urge me to include that little trademark symbol.] The question frequently comes up, when is information an asset?

The concept of the “Information Asset” came about many years ago as a way to raise awareness that information being created through our systems contains considerable value. It needs to be managed just like the corresponding physical assets which it describes.

INFORMATION ASSET: It’s more than data

This is both an opportunity and a challenge. As designers, technologists, and process engineers, we need to describe the information that we create not just as “data”. To make a point, would you describe a physical asset as just concrete or steel?

Like a physical asset, information needs to be maintained, improved, and further extended

Instead, we must think of this information as its own system that supports design, maintenance, and retrofitting, and thus representing huge business value. We need to go from the “cost line” to the “investment line”. Like a physical asset, information needs to be maintained, improved, and further extended as new business requirements are identified. It must be thought of as “living.” This reinforces the need to create work practices to keep information current, to assure the safety and viability of the two other assets: the physical and the human.

Measuring Value and ROI for an Information Asset

Our challenge is to clearly demonstrate that the Information Asset has a return on investment related to the plant or project. Data becomes an asset only when it is  Continue reading

Managing Change, Ready or Not

Howard Savin

Howard Savin

Product Manager, Energy and Engineering Solutions

In a recent blog, I shared thoughts about the importance of change management best practices, particularly the role of PAS-1192 standards in managing major and minor works projects.

I discussed planned projects: Minor works, which can include ongoing maintenance of mature assets, and major works, such as brownfield projects where a plant is expanded or upgraded through add-on construction. For these, change management is critical for cost containment, compliance and meeting broad business objectives. Of course, it’s also crucial for the safety of people and the environment.

But what about those other situations? I’m talking about projects that are thrust upon us in spite of the best possible planning. Or, how about the implications of a system that’s good, but maybe not as great as it could be?

So What If Our Information is a Little Out of Date?

As I was working on this blog, a colleague emailed me with an illustration of how quickly information gets out of date. He, like others in his industry, has parallel projects in motion at all times. To support their large enterprise, maintenance and operations activities are contracted out to a series of vendors.

He described his central challenge as getting as-built drawings and documentation safely 13915545_mback into his “asset vault” as each vendor completes each project. If change management procedures aren’t followed correctly by every contractor, the business experiences a setback: extra follow-up is required to hunt down the information from the contractor and the as-builts have to always be recreated before new work can proceed. His agency was incurring significant extra costs because they not only paid the original contractor, but also paid the next one to recreate documents before they could start the next phase of work.

On top of the budget strain and inaccurate documentation, the lack of a process to keep documents up to date also became a possible safety concern. Projects couldn’t move forward without a clear map of the work that was already completed.

Fortunately, there’s a way to overcome this challenge. These days, all as-built documentation can go back into the “asset vault” through automation. The key is a new way to exchange information with suppliers that automatically saves changes as they are made. And they’ll benefit from better risk management and cost control too.

Now, This is Major

And while energy industry professionals can probably relate to the intricacies of the standards, all of us have seen emergencies in the news that necessitate major works projects—surprise!

A 100-foot-high geyser caused by a broken 30-inch water main under Sunset Boulevard floods the street and the nearby UCLA campus. (Jay L. Clendenin / Los Angeles Times)

A 100-foot-high geyser caused by a broken 30-inch water main under Sunset Boulevard floods the street and the nearby UCLA campus. (Jay L. Clendenin / Los Angeles Times)

The recent pipe rupture in Los Angeles springs to mind. Who can forget the pictures and video of cascading waterfalls flooding the Pauley Pavilion gym and a nearby parking structure? Luckily, no one was seriously hurt, but about 400 cars were ruined, and about 20 million gallons of water went down the drain. The warped floor of the sports facility is being replaced at substantial cost.

Turns out, the pipes that failed were over 90 years old and in desperate need of maintenance. Now, the Los Angeles Department of Water and Power (DWP) must accelerate replacement in parallel with daily operations and maintenance activities. It’s a major project that will span several decades.

This situation reflects the change management challenge of supporting major and minor works simultaneously. LA DWP officials have a big job on their hands—and it will be an even larger task if their operating documents and drawings are not up to date!

Prepare for the Inevitable

One thing is clear from these examples: energy and utility companies have much to gain from adhering to best practices for change management, regardless of a project’s size, whether it was planned, or brought on by an unforeseen occurrence. A solution that offers a structured approach can help you manage the changes that are sure to come your way.

Has change management helped you more easily respond to an unexpected situation? Share your experience below.

When it Comes to Your Assets, The Only Thing Constant is Change (Management)

Howard Savin

Howard Savin

Product Manager, Energy and Engineering Solutions

On the list of things that are certain in life, change is near the top, especially for those who manage operating assets in the energy industry. Over the lifetime of your asset portfolio, you’ll encounter major projects and minor projects, and sometimes both at once.

The important thing is to have a strategy for handling this reality. The principal challenge of change management is collecting the right information for every project, every time, including every revision, in one place. It’s not just a necessity for the success of your business; it has critical implications for the well-being of employees, the public and our environment.

The good news is, standards exist that can bring discipline to the process. I’m talking, of course, about PAS-1192, which provides specifications for asset information management, including the need for “a single source of information” in exchanging project information. (PAS-1192-2)

PAS-1192 defines minor and major works: Continue reading