3 case studies
C6-1
CASE STUDY 6
CHEVRON’S INFRASTRUCTURE
EVOLUTION
Chevron Corporation (www.chevron.com) is one of the world’s leading
energy companies. Chevron’s headquarters are in San Ramon, California.
The company has more than 62,000 employees and produces more than
700,000 barrels of oil per day. It has 19,500 retail sites in 84 countries. In
2012, Chevron was number three on the Fortune 500 list and had more than
$244 billion in revenue in 2011 [STAT12].
IT infrastructure is very important to Chevron and to better support all
facets of its global operations, the company is always focused on improving
its infrastructure [GALL12]. Chevron faces new challenges from increased
global demand for its traditional hydrocarbon products and the need to
develop IT support for new value chains for liquid natural gas (LNG) and the
extraction of gas and oil from shale. Huge investments are being made
around the world, particularly in Australia and Angola on massive projects of
unprecedented scale. Modeling and analytics are more important than ever
to help Chevron exploit deep water drilling and hydrocarbon extraction in
areas with challenging geographies. For example, advanced seismic imaging
tools are used by Chevron to reveal possible oil or natural gas reservoirs
beneath the earth’s surface. Chevron’s proprietary seismic imaging
http://www.chevron.com/
C6-2
technology contributed to it achieving a 69% discovery rate in
2011[CHEV12].
Supervisory Control and Data Acquisition (SCADA)
Systems
Chevron refineries are continually collecting data from sensors spread
throughout the facilities to maintain safe operations and to alert operators to
potential safety issues before they ever become safety issues. Data from the
sensors is also used to optimize the way the refineries work and to identify
opportunities of greater efficiency. IT controls 60,000 valves at Chevron’s
Pascagoula, Mississippi refinery; the efficiency and safety of its end-to-end
operations are dependent on advanced sensors, supervisory control and data
acquisition (SCADA) systems, and other digital industrial control systems
[GALL12].
SCADA systems are typically centralized systems that monitor and
control entire sites and/or complexes of systems that are spread out over
large areas such as an entire manufacturing, fabrication, power generation,
or refining facility. The key components of SCADA systems include:
Programmable logic units (PLCs) that and remote terminal units (RTUs)
connected to sensors that convert sensor signals to digital data and
send it to the supervisory system
A supervisory computer system that acquires data about the process
and sends control commands to the process
A human-machine interface (HMI) that presents process to the human
operators that monitor and control the process.
Process meters and process analysis instruments
Communication infrastructure connecting the supervisory system and
RTUs and PLCs.
These are illustrated in Figure C6.1.
C6-3
Data acquisition occurs at the PLC or RTU level. This includes meter
readings and equipment status reports that are sent to the supervisory
system. The collected data is compiled and formatted by the HMI to enable
the operator to make determine whether adjustments to normal PLC or RTU
settings are needed. Current data may also be compared to historical data in
a SCADA database to assess trends or perform analytical auditing.
C6-4
In addition to Chevron refineries, SCADA are extremely important in
national infrastructures such as water supplies, pipelines, and electric grids.
Because attacks or damage to SCADA systems can affect large numbers of
people, ensuring adequate security is important.
Business Infrastructure Transformation
Because of the complexity of its operational processes and the IT that is
needed to support them, Chevron has traditionally been more infrastructure
than business focused. SCADA systems and digital industrial control systems
are critical IT infrastructure at Chevron’s refineries and will always play an
important role in monitoring and managing facility-based processes. These
also are among the first IT systems needed to support Chevron’s new value
chains for LNG and shale oil extraction. However, like any large corporation,
Chevron relies on a wide variety of business applications to run its
businesses.
As it is for most global businesses, SAP ERP is a key transaction
processing system at Chevron. Chevron has been using SAP for more than
two decades and it has played an important role in the development of SAP’s
vertical solutions for the hydrocarbon industry. There are more than 50
instances of SAP used by Chevron [SCRI11]. Most of these run on Oracle
databases. Some other key enterprise applications at Chevron include Ariba
Buyer, EMC Documentum, Informatica, MicroStrategy, multiple Oracle
applications [SCRI11].
Going forward, IT executives at Chevron would like to flip the company’s
traditional IT priorities so that the majority of the IT staff’s time and
attention is focused on improving business capabilities [GALL12]. To do this,
Chevron’s IT leaders have increasingly turned their attention to Web
services, software as a service (SaaS), and cloud computing to help it run its
business. Chevron considers mobility to be a game changer in how it
C6-5
delivers information and provides solutions and it is convinced that it can do
both without sacrificing security or reliability.
IT infrastructure at Chevron pervades every facet of its operations.
However, Chevron’s executives have not lost sight of the fact that IT is not
the company’s core competency. By moving business solutions to the cloud,
Chevron executives hope to help the company maintain its focus on its core
competencies.
C6-6
Chevron has used business-oriented Web services for several years.
Ariba Buyer, Salesforce.com, and Ketera’s price negotiation system are just
a few of the SaaS solutions that Chevron has woven into its IT architecture.
Chevron is interested in developing an integrated information network
that includes all of its major supply chain partners, both upstream and
downstream. Identify management has emerged as a priority at Chevron to
ensure secure data transfer among its business partners. A generic example
of an identify management system is illustrated in Figure C6.2. When users
at Chevron partners need to access Chevron’s intranet and/or SaaS data or
solutions, they are first cleared by an identity broker. The identity broker
authenticates the user and transparently provides a single sign on (SSO)
token that enables the partner to access Chevron’s intranet (2) or the
company’s SaaS solution providers (3).
Chevron hopes to better align its operations with those of its business
partners via its migration of business applications to the cloud. It hopes that
the business infrastructure transformation that is currently underway will
also lead to better IT and business alignment. As a global company, the
cloud may be an ideal platform for running the business.
In the years ahead, Chevron’s IT leaders expect mobility, analytics and
visualization, and social media to become critical aspects of its business
infrastructure. At the facilities level, advanced sensors and deeper
embedding of RTUs and PLCs within operations are foreseen [GALL12].
Technical appreciation of convergence network infrastructure will continue to
be important, but business literacy/savvy will be most important to the long-
term success of Chevron’s IT leaders.
Discussion Points
1. Do some Internet research on Chevron’s use of seismic imaging
technology. Briefly explain how it works and how it has helped
Chevron discover new oil and gas reservoirs.
C6-7
2. Do some Internet research on security vulnerabilities associated with
SCADA and digital industrial control systems. Summarize the major
security concerns associated with these systems and steps than can be
taken to enhance their security.
3. Discuss the pros and cons of moving enterprise-wide applications that
have traditionally been supported on premises to the cloud.
4. Do some Internet research on identify management and single sign on
systems. Briefly explain how these work and why they are important in
business intranets and extranets.
5. Why is it increasing most important for a CIO or IT executive who
oversees geographically distributed enterprise networks to be business
literate?
Sources
[CHEV12] Chevron.com “Seismic Imaging.” Retrieved online: at
http://www.chevron.com/deliveringenegy/oil/seismicimaging.
[GALL12] Gallant, J. ”Chevron’s CIO Talks Transformation and Why IT
Leaders Should Smile.” April 12, 2012. Retrieved online at:
http://www.cio.com/article/print/704095.
[SCRI11] Scribd.com. “Chevron Corporation CRUSH Report.” August 17,
2011. Retrieved online at http://www.scribd.com/doc/62481977/Chevron-
CRUSH-Report-09A1.
[STAT12] Statistic Brain. “Chevron Company Statistics.” February 12, 2102.
Retrieved online at: http://www.statisticbrain.com/chevron-company-
statistics/.
http://www.chevron.com/deliveringenegy/oil/seismicimaging
http://www.cio.com/article/print/704095
http://www.statisticbrain.com/chevron-company-statistics/
http://www.statisticbrain.com/chevron-company-statistics/
C9-1
ST. LUKE’S HEALTH CARE SYSTEM
Hospitals have been some of the earliest adopters of wireless local area
networks (WLANs). The clinician user population is typically mobile and
spread out across a number of buildings, with a need to enter and access
data in real time. St. Luke’s Episcopal Health System in Houston, Texas
(www.stlukestexas.com) is a good example of a hospital that has made
effective use wireless technologies to streamline clinical work processes.
Their wireless network is distributed throughout several hospital buildings
and is used in many different applications. The majority of the St. Luke’s
staff uses wireless devices to access data in real-time, 24 hours a day.
Examples include the following:
• Diagnosing patients and charting their progress: Doctors and
nurses use wireless laptops and tablet PCs to track and chart patient
care data.
• Prescriptions: Medications are dispensed from a cart that is wheeled
from room to room. Clinician uses a wireless scanner to scan the
patient’s ID bracelet. If a prescription order has been changed or
cancelled, the clinician will know immediately because the mobile device
displays current patient data.
http://www.stlukestexas.com/
C9-2
• Critical care units: These areas use the WLAN because running hard
wires would mean moving ceiling panels. The dust and microbes that
such work stirs up would pose a threat to patients.
• Case management: The case managers in the Utilization Management
Department use the WLAN to document patient reviews, insurance
calls/authorization information, and denial information. The wireless
session enables real time access to information that ensures the correct
level of care for a patient and/or timely discharge.
• Blood management: Blood management is a complex process that
involves monitoring both patients and blood products during all stages of
a treatment process. To ensure that blood products and patients are
matched correctly, St. Luke’s uses a wireless bar code scanning process
that involves scanning both patient and blood product bar codes during
the infusion process. This enables clinicians to confirm patient and blood
product identification before proceeding with treatment.
• Nutrition and diet: Dietary service representatives collect patient
menus at each nursing unit and enter them as they go. This allows more
menus to be submitted before the cutoff time, giving more patients
more choice. The dietitian can also see current patient information, such
as supplement or tube feeding data, and view what the patient actually
received for a certain meal.
• Mobile x-ray and neurologic units: St. Luke’s has implemented the
wireless network infrastructure necessary to enable doctors and
clinicians to use mobile x-ray and neurologic scanning units. This makes
it possible to take x-rays or to perform neurological studies in patient
rooms. This minimizes the need to schedule patients for neurology or
radiology lab visits. The mobile units also enable equipment to be
brought to the bedside of patients that cannot be easily moved. The
wireless neurology and x-ray units have also helped to reduce the time
between diagnosis and the beginning patient care.
C9-3
Original WLAN
St. Luke’s first WLAN was deployed in January 1998 and made the hospital
an early pioneer in wireless health care applications. St. Luke’s first wireless
LAN was implemented in a single building using access points (APs) made by
Proxim (www.proxim.com).
A principal goal of this initial installation was to improve efficiency.
However, sometimes the WLAN had the opposite effect. The main problem
was dropped connections. As a user moved about the building, there was a
tendency for the WLAN to drop the connection rather than performing the
desired handoff to another access point. As a result, a user had to
reestablish the connection, log into the application again, and reenter
whatever data might have been lost.
There were physical problems as well. The walls in part of the building
were constructed around chicken wire, which interfered with radio waves.
Some patients’ rooms were located in pockets with weak radio signals. For
these rooms, a nurse or doctor would sometimes lose a connection and have
to step out into the hallway to reconnect. Microwave ovens in the
kitchenettes on each floor were also a source of interference.
Finally, as more users were added to the system, the Proxim APs, with a
capacity of 1.2 Mbps, became increasingly inadequate, causing ongoing
performance issues.
Enhanced LAN
To overcome the problems with their original WLAN and reap the potential
benefits listed earlier in this case study, St. Luke’s made two changes
[CONR03, NETM03]. First, the hospital phased out the Proxim APs and
replaced them with Cisco Aironet (www.cisco.com) APs. The Cisco APs, using
IEEE 802.11b, operated at 11 Mbps. Also, the Cisco APs used direct
C9-4
sequence spread spectrum (DSSS), which is more reliable than the
frequency-hopping technique used in the Proxim APs.
The second measure taken by St Luke’s was to acquire a software
solution from NetMotion Wireless (netmotionwireless.com) called Mobility.
The basic layout of the Mobility solution is shown in Figure C9.1. Mobility
software is installed in each wireless client device (typically a laptop,
handheld, or tablet PC) and in two NetMotion servers whose task is to
maintain connections. The two servers provide a backup capability in case
C9-5
one server fails. The Mobility software maintains the state of an application
even if a wireless device moves out of range, experiences interference, or
switches to standby mode. When a user comes back into range or switches
into active mode, the user’s application resumes where it left off.
In essence, Mobility works as follows: Upon connecting, each Mobility
client is assigned a virtual IP address by the Mobility server on the wired
network. The Mobility server manages network traffic on behalf of the client,
intercepting packets destined for the client’s virtual address and forwarding
them to the client’s current POP (point of presence) address. While the POP
address may change when the device moves to a different subnet, from one
coverage area to another, or even from one network to another, the virtual
address remains constant while any connections are active. Thus, the
Mobility server is a proxy device inserted between a client device and an
application server.
Enhancing WLAN Security
In 2007, St. Luke’s upgraded to Mobility XE mobile VPN solution [NETM07].
This migration was undertaken to enhance security and compliance with
HIPPA data transmission and privacy requirements. Mobility XE server
software was deployed in the IT department’s data center and client
software was installed on laptops, handheld devices, and tablet PCs.
With Mobility XE running on both clients and servers, all transmitted
data passed between them is encrypted using AES (Advanced Encryption
Standard) 128-bit encryption. Mobility XE also serves as an additional
firewall; devices that are not recognized by the Mobility XE server are not
allowed to access the network. This arrangement helped St. Luke’s achieve
its IT goal of having encryption for all wireless data communications.
Mobility XE also enables the IT department to centrally manage all
wireless devices used by clinicians. This allows them to monitor the
C9-6
applications currently being used by any device or user, the amount of data
being transmitted, and even the remaining battery life of the wireless device.
If a Mobility XE device is stolen or lost, it can be immediately quarantined by
network managers.
IT executives at St. Luke’s view wireless networking as key lever in their
quest to increase clinician productivity and improved patient care. Mobile
EKG units have been deployed bringing the total of wireless devices in use to
nearly a 1,000.
Discussion Questions
1. Visit the NetMotion Web site (www.netmotionwireless.com) and access
and read other Mobility XE success stories. Discuss the patterns that
can be observed in the benefits that Mobility XE users have realized via
its deployment and use.
2. Do some Internet research on the security implications of HIPPA
requirements for hospital networks. Discuss the major types of
security mechanisms that must be in place to ensure hospital
compliance with HIPPA requirements.
3. Do some Internet research on the use of VLANs in hospitals.
Summarize the benefits of using VLANs in hospitals and identify
examples of how St. Luke’s could further enhance its wireless network
by implementing VLANs.
Sources
[CONR03] Conery-Murray, A. “Hospital Cures Wireless LAN of Dropped
Connections.” Network Magazine, January 2003.
[NETM03] Netmotion Wireless, Inc. “NetMotion Mobility: Curing the
Wireless LAN at St. Luke’s Episcopal Hospital. Case Study, 2003.
Netmotionwireless.com/resources/case_studies.aspx.
[NETM07] Netmotion Wireless, Inc. “St. Luke’s Episcopal Health System: A
Case Study in Healthcare Productivity.” 2007. Retrieved online at:
http://www.netmotionwireless.com/st-lukes-case-study.aspx
http://www.netmotionwireless.com/
http://www.netmotionwireless.com/st-lukes-case-study.aspx
- CASE STUDY 9
Original WLAN
Enhanced LAN
Enhancing WLAN Security
Discussion Questions
Sources
C11-1
CLOUD COMPUTING (IN)SECURITY
Cloud computing is reshaping enterprise network architectures and
infrastructures. It refers to applications delivered as services over the
Internet as well as the hardware and systems software in data centers that
provide those services. The services themselves have long been referred to
as Software as a Service (SaaS) which had its roots in Software-Oriented
Architecture (SOA) concepts that began shaping enterprise network
roadmaps in the early 2000s. IaaS (Infrastructure as a Service) and PaaS
(Platform as a Service) are other types of cloud computing services that are
available to business customers.
Cloud computing fosters the notion of computing as a utility that can be
consumed by businesses on demand in a manner that is similar to other
services (e.g. electricity, municipal water) from traditional utilities. It has the
potential to reshape much of the IT industry by giving businesses the option
of running business software applications fully on-premises, fully in “the
cloud” or some combination of these two extremes. These are choices that
businesses have not had until recently and many companies are still coming
to grips with this new computing landscape.
Security is important to any computing infrastructure. Companies go to
great lengths to secure on-premises computing systems, so it is not
surprising that security looms as a major consideration when augmenting or
replacing on-premises systems with cloud services. Allaying security
C11-2
concerns is frequently a prerequisite for further discussions about migrating
part or all of an organization’s computing architecture to the cloud.
Availability is another major concern: “How will we operate if we can’t access
the Internet? What if our customers can’t access the cloud to place orders?”
are common questions [AMBR10].
Generally speaking, such questions only arise when businesses
contemplating moving core transaction processing, such as ERP systems,
and other mission critical applications to the cloud. Companies have
traditionally demonstrated less concern about migrating high maintenance
applications such as e-mail and payroll to cloud service providers even
though such applications hold sensitive information.
Security Issues and Concerns
Auditability is a concern for many organizations, especially those who must
comply with Sarbanes-Oxley and/or Health and Human Services Health
Insurance Portability and Accountability Act (HIPAA) regulations [IBM11].
The auditability of their data must be ensured whether it is stored on-
premises or moved to the cloud.
Before moving critical infrastructure to the cloud, businesses should do
diligence on security threats both from outside and inside the cloud
[BADG11]. Many of the security issues associated with protecting clouds
from outside threats are similar to those that have traditionally faced
centralized data centers. In the cloud, however, responsibility for assuring
adequate security is frequently shared among users, vendors, and any third-
party firms that users rely on for security-sensitive software or
configurations. Cloud users are responsible for application-level security.
Cloud vendors are responsible for physical security and some software
security such as enforcing external firewall policies. Security for intermediate
layers of the software stack is shared between users and vendors.
C11-3
A security risk that can be overlooked by companies considering a
migration to the cloud is that posed by sharing vendor resources with other
cloud users. Cloud providers must guard against theft or denial-of-service
attacks by their users and users need to be
protected from one another.
Virtualization can be a powerful mechanism for addressing these potential
risks because it protects against most attempts by users to attack one
another or the provider’s infrastructure. However, not all resources are
virtualized and not all virtualization environments are bug-free. Incorrect
virtualization may allow user code to access to sensitive portions of the
provider’s infrastructure or the resources of other users. Once again, these
security issues are not unique to the cloud and are similar to those involved
in managing non-cloud data centers, where different applications need to be
protected from one another.
Another security concern that businesses should consider is the extent
to which subscribers are protected against the provider, especially in the
area of inadvertent data loss. For example, in the event of provider
infrastructure improvements, what happens to hardware that is retired or
replaced? It is easy to imagine a hard disk being disposed of without being
properly wiped clean of subscriber data. It is also easy to imagine
permissions bugs or errors that make subscriber data visible to unauthorized
users. User-level encryption may be an important self-help mechanism for
subscribers, but businesses should ensure that other protections are in place
to avoid inadvertent data loss.
Addressing Cloud Computer Security Concerns
Numerous documents have been developed to guide business thinking
about the security issues associated with cloud computing. Even NIST has
weighed in on these issues [BADG11]. NIST’s recommendations
systematically consider each of the major types of cloud services consumed
C11-4
by businesses including Software as a Service (SaaS), Infrastructure as a
Service (IaaS), and Platform as a Service (PaaS). While security issues vary
somewhat depending on the type of cloud service, there are multiple NIST
recommendations that are independent of service type. Several of these are
summarized in Table C11.1. Not surprisingly, NIST recommends selecting
cloud providers that support strong encryption, have appropriate redundancy
mechanisms in place, employ authentication mechanisms, and offer
subscribers sufficient visibility about mechanisms used to protect subscribers
from other subscribers and the provider.
As more businesses incorporate cloud services into their enterprise
network infrastructures, cloud computing security will persist as an
important issue. Examples of cloud computing security failures have to
potential to have a chilling effect on business interest in cloud services and
this is inspiring service providers to be serious about incorporating security
mechanisms that will allay concerns of potential subscribers. Some service
providers have moved their operations to Tier 4 data centers to address user
concerns about availability and redundancy. Because so many businesses
remain reluctant to embrace cloud computing in a big way, cloud service
providers will have to continue to work hard to convince potential customers
that computing support for core business processes and mission critical
applications can be moved safely and securely to the cloud [HEAV11].
Discussion Points
1. Do some Internet research to identify businesses who have suffered
because of cloud security weaknesses or failures. What can companies
who are contemplating cloud computing services learn from the
negative experiences of these businesses?
2. Do some Internet research on security mechanisms associated with
virtualization. How can virtualization be used by cloud service
providers to protect subscriber data?
C11-5
3. Choose one of the following cloud services categories: SaaS, IaaS,
PaaS. Do some Internet research that focuses the security issues
associated with the selected cloud service category. Summarize the
major security risks associated with the cloud service category and
identify mechanisms that can be used to address these risks.
Sources
[ARMB10] Armbrust, M., Fox, A., Griffith, R, Joseph, A.D., Katz, R.,
Konwinski, A., Lee, G., Patterson, D., Rabkin, A., Stoica, I., and Zaharia, M.
“A View of Cloud Computing.” Communications of the ACM, Vol. 53, No. 4,
April 2010, pp. 50-58.
[BADG11] Badger, L., Grance, T., Patt-Comer, R., and Voas, J. Draft Cloud
Computing Synopsis and Recommendations: Recommendations of the
National Institute of Standards and Technology, Special Publication 800-146,
May 2011.
[HEAV11] Heavey, J. “Cloud Computing: Secure or Security Risk?”
Technorati.com, November 28, 2011. Retrieved online from:
http://technorati.com/technology/cloud-computing/article/cloud-computing-
secure-or-a-security1/.
[IBM11] IBM Global Technology Services. Security and Availability in Cloud
Computing Environments, Technical White Paper, June 2011.
http://technorati.com/technology/cloud-computing/article/cloud-computing-secure-or-a-security1/
http://technorati.com/technology/cloud-computing/article/cloud-computing-secure-or-a-security1/
C11-6
- CASE STUDY 11
Security Issues and Concerns
Addressing Cloud Computer Security Concerns
Discussion Points
Sources