Cloud-based apps mitigate water management risk

With cloud-based applications providing water utilities with more resilient and flexible network management options, many are finally moving away from legacy systems. Craig Abbott, channel sales manager for Asia-Pacific at Ovarro, discusses the latest developments in as-a-service models.

Ovarro’s AlarmVision.

What are as-a-service models, and how do they fit with water?
Craig Abbott:
As-a-service models are subscription-based applications, with infrastructure that is entirely managed and maintained by an external supplier. XaaS – anything-as-a-service – is the collective term that encompasses software-as-a-service (SaaS), data-as-a-service (DaaS), and information-as-a-service (IaaS), among many others.

Many water authorities would already be familiar with DaaS, for the collection of flow and pressure data for network management. With the full XaaS model, rather than just supply software, the contract agreements include secure data collection and storage, server hardware, and ongoing updates and new features. All end-users need is a device and connection to the network.

An annual subscription gives organisations the latest software version, removing the costly task of maintaining systems that may rapidly become obsolete. Under the XaaS model, software patches including the latest features, improved algorithms, defences against a new virus and even upgrades to ageing hardware can all be part of the service.

These services allow the water authority to focus on their core responsibility of water system management, and leave the data chain to external IT and analyst specialists.

How can utilities’ security concerns be addressed:
Every water authority considering an XaaS application should challenge their providers to answer to any security concerns. The good news is, there is an applicable standard to confirm to – ISO 27001. This is internationally recognised as the best practice framework for information security management.

Another consideration raised by security experts is to have an active defence strategy. Older systems would be developed, commissioned and then isolated to remove any cyberattack vectors. Unfortunately, we frequently see this type of production fail. Defending against external attacks requires ongoing discipline. This means continuous improvement of the application software, antivirus software, and operating systems.

Under the traditional model, updates would require a rollout to every machine, which takes time. Under a SaaS model, with could managed systems, everyday can be upgraded before their next login to the system. This means that if a new attack method is uncovered, a systemwide update can be performed before the new method can be taken advantage of.

The full article is published on the latest Water & Wastewater Asia Sep/Oct 2021 issue. To continue reading, click here.