Drilling and production decisions previously taking
several months have been dramatically reduced to only days or hours, with realtime data instantly available inside corporate or engineering offices from around the world. Combined with satellite or fiber's capability to transmit huge amounts of data globally, output within the E&P work environment has virtually exploded in online productivity.

However, another angle also comes into play. As
companies seek to optimize hydrocarbon production from specific investments and leases, they are leveraging new reservoir modeling technologies. That translates into data growing by mega leaps. As a
result, with data quantities soaring upward from gigs to terabytes, transmitting and storing all that introduces even newer challenges - security challenges.
It's not just the huge amounts of data, but the
criticality and capability to make that data accessible throughout companies' global operations. That brings companies face-to-face with how data can be protected after it's transmitted from source to destination for storage, retrieval and usage, how security can be
provided over the network, and how security can be provided for data storage. Another data security issue results from many oil and gas companies beginning to utilize more widely available service offerings for their technological networks. They may have their data
running, or stored, side-by-side with competitors' data, which is typically a matter of considerable sensitivity for upstream companies. However, this is not automatically a negative scenario. Upstream
companies should recognize that they can have their data on a common network or common source system while still having the guarantee nobody else will have access.


With all this technology available, the industry is
still in the early stages of adoption and just gaining awareness of which technologies do exist, along with developing a better understanding about sharing storage and hosting software systems.
Turn back the clock only a decade to see a
comparable mindset for oil and gas companies. Technology already existed to set up firewalls and other features now commonplace on the
Internet. But, many companies boldly declared that they would never put their corporate network on the Internet. Today, who would argue that the opposite - not being on the Internet - is unusual even for conservative E&P companies? So, a dual scenario is taking place. One, awareness is building throughout the industry about how the digital oilfield is
transforming the work environment's efficiency, productivity and cost-effectiveness. Two, as more and more companies rely on the digital oilfield to drive operational excellence, data security has become a
critical factor, with the potential for a physically significant event in E&P triggered from public networks increasing.


Data Center Systems and Security Threats
Let's look at six key issues involving security in
the digital oilfield. First is identity and access management, which relates to technology such as smart cards or USB that allow individuals
on a corporate or even public network to have secure, even encrypted files on a system that can only be unencrypted with access management
technology. A couple of the majors have already adopted smart card technology globally. At these companies, employees can use smart cards
not only for physical security access into a facility but also into any of the network software system's access to data. Although this technology has come a long way in a relatively short timeframe, its adoption has not filtered down to small and mid-size independents, but it is beginning to. A second issue involves protecting realtime systems, including SCADA. Typically, with SCADA systems, a pipeline system transmits data through the air, with several hundred points along the
pipeline transmitting this data as to flow and other types of information related to controlling pipeline flow. The challenge is that as it is being pumped, it's difficult to prevent anyone from getting access since encryption technologies are still in somewhat embryonic
stages. Most of the associated risks relate mostly to an outsider's ability to read but not necessarily make changes. Similarly, in terms of data security challenges, a competitor may know production levels
before they are published. But, whether or not that is a significant impact depends on the company and the current market circumstances. However, with the other security issues, comprehensive IT infrastructure outsourcing companies have emerged to securely monitor and manage these devices. A third issue is twofold: disaster recovery and business continuity. Unfortunately these issues are often confused with
each other; in fact, while related, they are not the same. Disaster recovery relates to the ability to recover
systems and data from a failure (device, hardware, software), human error or natural disaster. In contrast, business continuity involves people's ability to continue working through an event. The upshot comes
from the growing reality that business processes are becoming increasingly dependent on realtime access to systems and data. Most of these applications are in the centralization of these systems and data.
As data is globally brought into a single location, if this location does not have a real-time fail-over disaster recovery capability, having all a company's eggs in one basket can lead to severe disaster. Disaster recovery, therefore, is an insurance policy for which companies typically don't want to pay the "premiums." So a
service provider develops an economical model providing all the redundancy for the systems and data at a high level of security, allowing business continuity to keep the company technologically on track.


Data Center Physical Security Best Practices
Fourth is oil and gas infrastructure security which
involves the network and the systems that host the data. Related are the clusters or site clusters that actually do the site computations and interpretations. Solutions are focused on the physical security and
the logical security around how the data is accessed.
Fifth is security for applications, which gets more
into the logical security side. This issue ties back to the earlier advisory about oil and gas companies rightfully being concerned about having their data on a shared system. The solution is to provide security for two or three dozen competing companies logging onto the same interface and uploading their data in the same systems by controlling access so that none can see what they should not see within these systems.
Sixth revolves around Sarbanes-Oxley in the US,
which prescribes many security measures that must be taken primarily from a physical perspective but also from a logical perspective. For example, systems must be within a hardened facility with certain levels
of redundancy and power back-up, to name only a couple. Also, it is important to note that these requirements are not just for the petro-technical systems but for back-office systems, too. In other
words, the accounting systems and e-mail systems must have the same level of security from a regulations perspective. With digital oilfield technologies, oil and gas companies now have the unprecedented power to control costs, through increased efficiencies and productivity enabling them to get more out of the ground more efficiently than ever. For example, with companies under constant pressure to drive costs even further down, today's technological arsenal requires fewer people on the rig or involved in interpretive processes. Meanwhile, providing data security securely and cost-effectively continues evolving in the service provider direction with a provider serving different needs based on a company's size. This approach is effective primarily because the provider can aggregate the
security technologies and support staff - because that is its core competency - and provide all the services in an affordable way that allows oil and gas companies to defer capital. Second, these services are provided in a scalable way that allows companies to only purchase
what they need when needed. In the expensive world of data security, that is a significant advantage for most.
Overall, therefore, besides getting access to
today's technology and mobility, and capital deferral, companies allow service providers to assume the associated security risks. All this lets oil and gas companies focus on their own core competencies,
overcome technological deficiencies, and find more oil and gas more efficiently.

This article was originally published online at http://www.oilandgasinternational.com/