Cloud or edge in industry: what impact on cybersecurity and intelligent management?
.jpg)
Everything you wanted to know about the industrial cloud (but were afraid to ask your CTO)
In a world where even the most critical industrial installations are controlled by artificial intelligence, The cloud vs edge debate no longer makes anyone smile.
Should we keep intelligence on site? Is it safer, faster, more autonomous? Or should we centralize in the cloud, at the risk of being hacked by a connected fridge?
Spoiler: the answer is not that simple. Especially when we talk about real-time management, multi-site architecture or industrial cybersecurity.
To demystify all this, we asked our questions to Gautier Avril, CTO of Purecontrol. No filters, no jargon, but with a good dose of industrial common sense.
1. Cloud or EDGE: which model is the safest for industrial management?
Gautier Avril: EDGE computing has the big advantage of allowing local processing, while maintaining connectivity with external data (model updates, meteorological data, etc.), to limit the quantity of data reported, and to allow greater reactivity (for example for applications with calculations that have to be done every second or less). It is therefore a solution that can be more simple and more efficient and that is essential in certain cases of use.
However, these advantages require particular cybersecurity precautions. Each device on site becomes a point of vulnerability that will have to be patched, supervised, audited, protected. If a system is not maintained it is an open door to cyberattacks.
Although EDGE does its calculations locally, these calculations are no safer: it would be necessary to be able to analyze all the equipment's algorithms, and their reactions to falsified input data (for example by modifying the meteorological data). It's impossible with closed codes. And even with open codes, it is inconceivable to do this work again every time you update to check that the new algorithm does not contain a backdoor.
Paradoxically enough, EDGE computing sometimes has a more secure image than the cloud when it is completely the opposite: it is much easier to secure a single point than 150 remote sites.
We saw the same logic as in the 2010s: self-hosted email servers gave the impression of being more secure than cloud solutions such as Office365 or Gmail. It seems a long way off today, and some have learned it the hard way.
EDGE computing, which is of real technical interest for specific applications, requires additional precautions. In other cases, a cloud solution will be more reliable and easier to maintain. At Purecontrol, our servers are hosted in France, in ISO 27001 certified data centers, with regular security audits, strong authentication mechanisms, and a comprehensive activity log.
“If you have 150 edge sites, you have 150 systems to patch, to audit... and 150 risks to manage.”
2. What is the biggest cyber risk you see in the field?
G.A.: It's not necessarily the ultra-sophisticated attack that comes from the other side of the world. It is often The forgotten local fault line : a PC running Windows 7, an automaton exposed on the Internet, an admin password “1234", or a USB stick used “out of habit”.
The danger rarely comes from the technology itself. It comes from the complexity of poorly controlled systems, or the lack of resources to maintain them properly. We still see too many sites where industrial IS is documented by hand, where updates are delayed due to lack of resources, where operators bypass protections to save time. Hence our approach: The fewer doors there are, the fewer the risks. And the simpler the architectures are, the more they are followed.
While it is tempting to want to completely isolate sites, it seems more appropriate to us to properly secure useful communications. This makes it possible to keep the systems up to date, to supervise them properly and to avoid workarounds that can be potentially devastating.
“Spectacular cyberattacks are making the headlines. But in most cases, the flaw was already there, on site, and forgotten for years.”
3. Concretely, how does your cybersecurity approach work at Purecontrol?
G.A.: Our model is based on three clear pillars :
- A secure, sovereign and auditable infrastructure
All data is hosted on servers in France. All flows are encrypted and segmented, and accesses are secure. We let our customers do their own penetration tests to validate our architecture. - An indirect control of the AI
Our algorithms generate recommendations, such as modifying a speed setpoint, a level setpoint,... but never control automatons directly.
It's always The local automaton who checks and validates that the order remains within the authorized ranges. If there is any doubt, he rejects the order. - Instant reversibility
If the connection is lost or if an anomaly is detected, The site automatically switches back to local control. The architecture is designed for ensure business continuity without depending on the cloud connection.
A large part of the security of our solution is based on dedicated equipment (firewalls with application filtering), which are managed centrally by our customers' IT teams. These teams are much better aware of cyber risks, which makes it possible to ensure that their equipment is up to date and always secure.
Conversely, we have seen a lot of on-premise solutions that, on paper, offer very high levels of security, but whose protections are removed or misconfigured. When we ask operators about these choices, we are told that it is for”a test”,”That it was temporary but that it lasted”,”that it didn't work”,”That it was useless (sic!)”.
Therefore, we do not manage Never our customers' firewalls. This separation of roles is essential. The customer remains sovereign over his network environment. We provide intelligence, but control is local.
4. And on the performance side? Doesn't doing everything in the cloud create latency or a lot of data?
G.A.: It is indeed a legitimate question. For industrial processes such as wastewater treatment plants, boiler rooms, aeration processes..., reaction times are in the order of the minute, or even the hour. For these cases, data collection is therefore done by the minute, which represents a very limited volume of data: 6000 sensors read per minute represent less data volume than a single HD photo of a mobile phone.
For pump stations, times are shorter, and having data and control per second could be of real interest. In this case, the volume of data is a bit more significant and an Edge approach could have some advantages. However, in this specific case, Purecontrol does holistic management. That is to say that we no longer manage each station individually but networks them as a whole, synchronizing the stations with each other for better efficiency). Management is therefore centralized with a central node. who should know the situation of each post. The cloud solution is therefore naturally more suitable.
“There is no need for milliseconds to control a wastewater treatment plant. What is needed is foresight. And that's exactly what our AI does.”
5. What does Industry 4.0 change in terms of cybersecurity?
G.A.: Industry 4.0 is more intelligence, but also more exposure. Each sensor, each API, each automaton is an opportunity for optimization... but also a potential risk vector.
And what we often see is that projects get more complex as they evolve. We stack the layers: private cloud, local edge, VPN, IoT platforms, on-premise servers... Result: architectures that are too complex, difficult to audit, which end up being bypassed.
Our approach is to Mastering the base. A simple, supervised, documented architecture, designed from the start with the right principles: cybersecurity by design, separation of roles, traceability, local validation.
6. What if I really want EDGE? Can you adapt?
G.A.: From our point of view, choices should be technically informed and the risks posed by EDGE solutions should not be ruled out because it is intuitively more reassuring.
We have nothing against EDGE solutions, which are essential for certain use cases. For example, an autonomous vehicle is not ready to be driven by the cloud! The reasons are purely technical: the volume of data and the latency make it unfeasible to have reliable control from the cloud. Cyber security has nothing to do with it. If you manage to compromise the vehicle's EDGE software, you could very well program it to run over people at the first opportunity.
Requiring EDGE when there is no technical reason is common, but we always refuse. From experience we know that these dogmatic postures often go hand in hand with complex and poorly maintained networks. Instead, we seek to raise customer awareness in order to address vulnerabilities in the most effective way possible.
7. A word for operators who still doubt AI in industrial management?
G.A.: AI is not magic. It is not a replacement. It is a decision support tool, which makes it possible to anticipate drifts, optimize instructions, and stabilize processes 24/7.
At Purecontrol, we have chosen an AI at the service of operations: our models are transparent about future actions, their recommendations are viewable and traceable. The operator can always Take back control, change an instruction, go local or simply exploit analytics produced by AI..
AI simply adapts to a volume of data that is not possible to process humanly: it does save time, peace of mind, and performance.
“The AI is working for you 24/7, but you are still the conductor.”
8. And the AI Act in all of this? Are we concerned?
G.A.: The subject comes up often, and rightly so. THEIA Act will impose strict rules on systems considered to be “high-risk”, especially in the water, energy or critical infrastructure management sectors.
We did the legal and technical analysis of our solution, and we are not affected by this category, because our AI never makes decisions independently. It offers an optimal operating scenario, but it is The local automaton that remains the security guard, by verifying that each instruction complies with the previously established business constraints (operating ranges, thresholds, safety rules, etc.).
We apply the principles of the regulation (transparency, human supervision, security), but without being subject to the most stringent obligations. This positioning allows us to offer our customers at the same time compliance, simplicity and performance.
Trust, safety, efficiency: the triptych of controlled industrial management
Faced with increasingly connected industrial systems, cybersecurity can no longer be an option. The Purecontrol model (sovereign cloud + local validation) offers a solid compromise between security, performance and simplicity. It allows you to centralize what needs to be centralized, while maintaining control on site, where it is essential.
More than a technical choice, it is a concrete response to the challenges of the water, energy and critical infrastructure industries.
