As an industry, we began talking about the digital oil field more than 20 years ago. Back then we envisioned that the field of the future would make production significantly more efficient and ultimately more profitable. Even though the oil field is still not 100% digital, the digitalization of the industry continues to increase at a breakneck pace.
When digital oilfield dialogs began, it was conceptualized in a thoughtful, holistic manner. Processes, standards and safety measures were at the forefront of these discussions. However, in the rush to put infinite information at our fingertips in the least amount of time using various applications, standards and security measures may have taken a back seat to potential profits.
In the last two years the acceptance of application- to-application integration on cloud platforms has accelerated the capability to access massive amounts of information owned by a multitude of companies. From seismic acquisition companies to operators to service companies to third-party networks, the amount of data is unquantifiable. We are now amassing vast quantities of data from numerous sources and disparate data silos, including enterprise resource planning, into massive repositories known as data lakes, which often reside in the cloud and are accessible by multiple applications, many of them mobile.
The capabilities of Big Data, artificial intelligence analytics and infinite computing capacity allow us to use data in ways that up to now were impossible. Companies can tap into these data lakes, mine the data and find actionable intelligence never before realized through this holistic view of the digital oil field. Benefits such as process efficiencies, integrated maintenance schedules and logistics management are being realized. We are solving problems because of processed untold amounts of data with virtually unrestricted resources. The gold is certainly in the lakes—if we can find it is the premise.
However, the rush to digitalization also carries risks. An organization’s data that are accessible from any application linked to trusted applications through an application programming interface (API), potentially from a mobile application or, worse, uncontrolled linked applications, could effectively open trusted data to the world. Is the trade-off of access and analysis vs. data security and protection worth the gold?
The lack of proper API and cloud integration controls in place before the data lake is opened for use can put the organization’s key data on the internet for all to mine. The prize is definitely there, and the digital oil field envisioned 20 years ago is becoming a reality, but at what risk?
According to Forbes, this industry spends almost $2 billion annually on cybersecurity, yet hacking is at an all-time high and growing. The upside of digitalization is a faster and more efficient process; however, the downside is the pooling of massive amounts of data in data lakes that can potentially be accessed by multiple applications by an unknown amount of people. A recent report by ICS-CERT found that, of the 295 breaches reported in 2015, 98% could have been prevented if certain basic security protocols had been in place.
We do not want to stop the digitalization train we are riding, but we can take a step back. Just as we thoughtfully conceptualized a digital oil field, we must consider ways to mitigate risk and instill proper controls to ensure safety, not just for individual companies but for the industry as a whole. We need to look to independent standards organizations with strong anti-trust policies in place so that competitors can come together to develop cross-industry solutions to help solve the industry’s growing access and control issues and help build security and access controls into the design of the data lakes before launching or granting access. The speed at which data are being amassed is only increasing, and those that do not have a risk mitigation plan for data misuse or have not put the proper access controls on API integration could find the gold in the lake too easily accessible by others and their prized data stolen from under their noses.