04/29/2021

“Cloud.” Ten years ago, this term was primarily used to describe a day in which one would get a mediocre tan or have their view of mountains obstructed. Today, it is often used to describe a technology trend that is changing the way IT departments operate. As more technology providers pivot towards cloud-based solutions, the utilities industry, typically a late adopter, is working towards catching up to this latest technology trend.

When evaluating a cloud transformation, utility companies must balance many competing priorities – the requirements of being an infrastructure provider, financial pressures, regulatory requirements, and the need to protect critical assets and customer data.

After a utility determines if its business drivers align with cloud, the focus should shift to the role data and cybersecurity will play in the cloud transformation. This step is critical in the cloud transformation journey for utilities as a recent report found that 85% of utilities surveyed listed cybersecurity as a worry with the cloud, with 81% listing privacy as an additional concern.

Data and cybersecurity must play a key role in the decision-making process for utilities as they must comply with state and federal regulations (e.g., FERC, NERC, CIP) and protect customer data. Below are three tips for a utility to consider to ensure their cloud transformation is cyber safe and compliant, with data protection top of mind.

Data and cybersecurity must play a key role in the decision-making process for utilities as they must comply with state and federal regulations and protect customer data.

Make Data-Driven Decisions

When approaching cybersecurity in the cloud it is important for utilities to review the application portfolio and determine the sensitivity of the data within each application. The data should be classified based on factors such as regulatory and operational impacts. For example, when reviewing an Advance Metering System (AMS) it is likely the data should be noted as having Personal Identifiable Information (PII). Once a utility understands the data within the environment and where it resides, this should drive the decision as to which applications are cloud candidates.

It is important to remember when determining cloud candidacy that the term “cloud” can take a variety of different forms such as Private Cloud, Public Cloud, and Hybrid Cloud.

Based on the utility’s risk profile, regulatory requirements, and existing cybersecurity posture, AMS may be determined not to be a candidate for Public Cloud. However, it could still be a candidate for Hybrid or Private Cloud.

The results of the data classification efforts should not only drive an application’s cloud candidacy but also the platform.

Integrate Cybersecurity into the Roadmap

As part of a cloud transformation, new tools, processes, and controls must be established to enable the new operating model. Many of these must be implemented before the first application is migrated to the cloud.

  • Tools: Invest in a cloud security tool, such as a Cloud Access Security Broker (CASB) which helps companies manage and protect data flow into a cloud environment and enforce cybersecurity policies. Additionally, evaluate how the current Identity and Access Management (IAM) solution can be extended to the cloud.
  • Processes: Develop processes to ensure new applications are deployed based on the classification of their data.
  • Controls: Establish a cloud policy and evaluate if other risk management policies need to be revised to accommodate cloud ways of working.

It is important to re-evaluate the overall cloud roadmap from a cybersecurity perspective and incorporate data protection measures that align with the company’s risk profile.

Source for Cybersecurity

When sourcing for a Cloud Service Provider (CSP), in addition to functional and technical requirements, cybersecurity requirements should be taken into consideration throughout the Request for Proposal (RFP) and procurement process. Some strategies to including this are:

  • Research: Prior to the sourcing process, evaluate which providers are considered market leaders in cloud security. Additionally, review prior data breaches by the CSP and how they were remediated.
  • Scorecard: When creating a scorecard to evaluate CSPs against, include cybersecurity as a point which bidders are evaluated on.
  • Info Session: In addition to the standard RFP bidder demonstration, conduct a deep-dive info session around cybersecurity. This will allow the utility’s cybersecurity SMEs to ask detailed questions and get a better understanding of the CSPs cybersecurity practices.

The cloud business drivers are going to look different company-to-company. However, the common thread Sendero has seen in the utilities industry is a hyper-focus on cybersecurity and data protection and ensuring that any application or piece of information that is moved to the cloud is protected and compliant with regulations. By having a defined cloud strategy that integrates data protection, cybersecurity, and a sourcing process with cybersecurity top of mind, it can serve as a strong foundation for a cloud transformation. This helps drive and further illuminate the value proposition for cloud while keeping cyber safety top of mind.

By Bryant Robinson and Taylor Warring

LEARN MORE ABOUT SENDERO EXPLORE OUR WORK

By having a defined cloud strategy that integrates data protection, cybersecurity, and a sourcing process with cybersecurity top of mind, it can serve as a strong foundation for a cloud transformation.

More Case Studies

Implementing a Disaster Recovery Solution for Major Utilities Company

A Fortune 500 utility company established an Enterprise Disaster Recovery program committed to enabling a solution that would ensure less than 59 minutes of downtime. The company then engaged Sendero to manage the entire life cycle of this program.

Leading an Agile Software Implementation for a Large Electrical T&D Provider

Given rapid growth and the desire to combine several legacy systems, a large electrical transmission and distribution company engaged Sendero to conduct a vendor selection for development teams.

Implementing A New Mobile Device Management Solution

A large electric utility company determined that their various digital workspace platforms were inefficient and costly to support across a wide range of assets. Sendero was asked to help with the implementation of the mobile component — a mobile device management (MDM) solution.

About the Authors

Bryant Robinson

Bryant is a Principal on our Senior Leadership Team, bringing expertise in cloud computing, agile methodology, PMO, IT strategy, and more.

LinkedIn LinkLink to LinkedIn
Connect On LinkedIn

Related Practice Areas

Systems Implementation
Systems Implementation
Project Management Office
Project Management Office

RELATED POSTS

The Chess Moves of an Agile Transformation

When utilizing the Agile, it's important to set yourself up for success. Explore advice and lessons learned regarding the "game" of Agile transformations.

Continue Reading
Illuminating the Future of Mobile App Technologies in Utilities

Learn about the more intricate mobile app technologies your team can take advantage of to boost your workforce efficiency and user experience on-the-go, while highlighting innovations in the the utilities industry.

Continue Reading
GIS Location Data: Where Do I Start?

What's the significance of a GIS implementation for an electric utility? Learn more about how to take the administration of an existing GIS to the next level.

Continue Reading
Creating a Culture of Compliance

To manage compliance and exceed what most standards dictate are the minimum requirements, utilities must create a culture of compliance.

Continue Reading
Industry Insights: Why Self-Service is Crucial for Utilities Companies

The utilities industry and its customer expectations are evolving. Twenty-four hours before Winter Storm Uri hit Texas, we sat down with utilities insider and Senior Manager at Sendero, Scott Simari, to discuss the rapid shift towards self-service solutions in the utilities industry.

Continue Reading
Tough Times Inspire Digital Innovation in Utilities

The utilities industry is poised and ready for digital innovation on many levels. Learn more about how utilities companies are on the cusp of transformative change.

Continue Reading
The Customer Focused Mindset: Four Innovations for Utilities

The customer experience in the utility industry should take center stage. Learn how leveraging the correct tools can help utilities companies facilitate customer relationships with minimal investment.

Continue Reading

Drop Us A Line

Close Button