OR WAIT null SECS
The pressure to improve operational technology performance combined with the rapid pace of technology change is driving adoption of new automation models in pharmaceutical manufacturing.
During the past 10 years, new technologies have enabled data to be collected, analyzed, organized, aggregated, and made available to business needs. The adoption of the Industrial Internet of Things (IIoT) and Industry 4.0 have changed practices regarding data flow and increased the number of data sources, the type of real-time data, and the need for a centralized repository to collect, harmonize, and work on data.
In some industries such as banking, finance, retail, telecommunications and the media, systems architecture models are changing as well, leaving behind some well-known practices, such as managing business and process information with local data centers, the customization of software to local requirements, and small infrastructure networks with limited accessibility to the external world.
Against the backdrop of accelerating technology, companies need to think about how to keep their systems up-to-date, possibly with a five to ten-year view. Hardware infrastructure and software needs to be upgraded frequently, both to add functionalities and to solve bugs and vulnerabilities. All of this creates an increased need for skills to manage company systems.
In this scenario, the emerging market trend to move outside the organization systems-referred to as “XaaS” where “X” is a generic term and “aaS” is “as a service”-can provide advantages of efficiency, security, availability of best-in-class functionalities, and updated hardware.
Emerging technologies enable the main automation system vendor to offer the automation system (or part of it) as a service, using the cloud infrastructure. For example, the development and testing/validation environment can run remotely at the vendor’s cloud, while the production environment is on premises at the manufacturer’s site. This approach maximizes advantages offered by cloud solutions, such as the avoidance of hardware obsolescence and including operating systems and software infrastructure management/patching in the service, but minimizing having critical data located outside the company fences.
This article will examine how operational technology is moving towards an “as a service” model for pharmaceutical manufacturers.
XaaS is a classification of information technology (IT) services in which the supplier offers a robust and cost-efficient alternative to the traditional design/procure/test/install/own/operate/retire model. Common services include:
Infrastructure as a service (IaaS). IaaS provides the client access to in-house technology in servers, data storage, network infrastructure, and cyber-security, all managed and owned by third parties, which frees up capital required to secure hardware and
Platform as a service (PaaS). PaaS offers a remotely accessible platform that provides development and test capabilities, eliminating the need for an on-site system, which can be used to configure its own environment
Software as a service (SaaS). SaaS provides access to a ready-to-use application, either running on external/remote servers or deployed locally, completely managed and maintained by service providers.
Some important differences exist between the IT world, which is the original environment where the “as a service” paradigm evolved, and the industrial operational technology (OT) landscape. The first differentiator is the time scale: the OT landscape tends to be in real-time, while the IT world is not bound to response time.
As shown in Figure 1, IT and OT also differ in the priorities that are the basis of defining strategies for cyber-security and deployment planning of a system. In the IT world, data confidentiality is viewed as the maximum priority in the lifecycle of a system but in the industrial OT landscape, system availability is the most important priority.
The International Society of Automation (ISA)’s ISA95 standard categorizes systems into levels (1). As shown in Figure 2, the priority of data confidentiality shifts while moving up the ISA pyramid from Level 1 (field level) to Level 5 (enterprise level) as the type of systems shift from OT to IT.
Compared to some other industries, the pharmaceutical industry has a strong regulatory framework that puts great attention on system validation and data integrity. Thus, the XaaS model to be adapted to the pharmaceutical industry in the areas of IaaS, PaaS, and SaaS.
Working on the infrastructure remotely, it is now possible to design, test, and verify new network, computing, and storage capabilities before they arrive at the manufacturing site. Infrastructure can then be seen as an intra-company (i.e., within a company) “service”; remote data centers, server rooms, and network services are available today even at a geographical or wide-area-network (WAN) level with site-to-site intra-company communication. The service concept can be widely applied as something that an IT/OT infrastructure offers to the same company systems, with access to them from the same site or even other production sites through local area networks (LANs) and WANs.
The current trend is to deliver the service needed for OT architecture as an internal service, owned by the company and administrated by IT/OT company work groups. In this approach, infrastructure services such as network time protocol (NTP), back-up, anti-virus, access control, and archiving are available to any control systems and device that are connected to the same network/backbone infrastructure.
Advantages of internal ownership are standardization of software products (e.g., antivirus), easier internal software lifecycle management, and better control of infrastructure services. The main disadvantage is the need to align vendors to the proposed solution; it may be necessary to move some of the vendor systems’ lifecycle management to the infrastructure owner.
Due to internal procedures to guarantee data integrity, the pharma market needs more time compared to other industries to move internal functions to third parties. The actual approach is to create virtual ambient with infrastructure services based on physical hardware, all managed by internal IT/OT. Once this transition is completed and consolidated, the use of IaaS from third parties should be simple and easy to manage.
A good example of PaaS delivery in the pharmaceutical industry is the process control system engineering environment. Increasingly, remote development suites are available from process control system vendors, which allows for remote accessibility and sharing of engineering data and databases with different development groups.
Following the “intra-company” approach, PaaS provides testing and simulation capabilities across corporate sites, and the same environment can be developed, maintained and used by different teams. Further, the availability of a separate system environment for developing, testing (validation), and simulation (training) that does not have any impact on production can have benefits in terms of productivity and efficiency.
The benefits of using the PaaS approach include the easy availability of remote access to control systems from different locations and the ownership of one environment across different sites and corporate locations. A potential challenge is the necessity for a good level of control system standardization across different production plants and sites. Pharma companies may have control systems from different suppliers. Once the suppliers of these control systems use the available PaaS, pharma companies can also move in the same direction.
Data history and analytics, reporting, and label management are available as software services. SaaS can be seen as service on the cloud, where it is supplied by external software houses and providers of data analytical services and intra-company services (e.g., data historians). Data integrity and confidentiality are even more important in SaaS than in IaaS and PaaS.
The benefits of SaaS for pharmaceutical manufacturers include that the services are delivered by large software players with advanced technologies. These systems often require large amounts of calculation power, large databases, and the continuous upgrade of algorithms; with SaaS these concerns are the responsibility of the provider rather than the manufacturer.
The disadvantage of SaaS for pharma manufacturers is that these systems typically require restricted, confidential data access to maintain data integrity. SaaS can thus be seen as a risky practice. The general pharma industry culture uses the model of local segregated data storages owned and physically secured by the data owner. The authors expect, over the next years, to see an upgrading of cybersecurity and privacy concepts to increase safety levels. In parallel, service providers will develop specific tools for the pharma market to guarantee the data integrity and confidentiality needed for this market.
Pharmaceutical manufacturers can benefit from applying the concept of service not only to cloud solutions but also to intra-company services. IT/OT competencies can be centralized in a highly specialized team, delivering infrastructure services widely across the company. Centralizing data centers and servers may result in space optimization. Availability of development platforms as a service avoids ownership effort of such systems, while providing advantages in the availability of different environments for developing, testing, and simulation/training. At the application level, sophisticated software tools, which may be onerous to own from both a calculation power and financial standpoint, can be accessed as a service.
1. ISA, ISA95-01-2000, Enterprise Control System Integration (2000).
Matteo Pozzi, email@example.com, and Manrioc Zani, firstname.lastname@example.org, are automation engineers at Jacobs.
Vol. 43, No. 11
When referring to this article, please cite it as M. Pozzi and M. Zani, “The Emergence of Operational Technology as a Service,” Pharmaceutical Technology 43 (11) 2019.