Internal Code: IAH202
Case Study Assignment Help:
CHEVRON’S INFRASTRUCTURE EVOLUTION
Chevron Corporation (www.chevron.com) is one of the world’s leading energy companies. Chevron’s headquarters are in San Ramon, California. The company has more than 62,000 employees and produces more than 700,000 barrels of oil per day. It has 19,500 retail sites in 84 countries. In 2012, Chevron was number three on the Fortune 500 list and had more than $244 billion in revenue in 2011 [STAT12].
IT infrastructure is very important to Chevron and to better support all facets of its global operations, the company is always focused on improving its infrastructure [GALL12]. Chevron faces new challenges from increased global demand for its traditional hydrocarbon products and the need to develop IT support for new value chains for liquid natural gas (LNG) and the extraction of gas and oil from shale. Huge investments are being made around the world, particularly in Australia and Angola on massive projects of unprecedented scale. Modeling and analytics are more important than ever to help Chevron exploit deep water drilling and hydrocarbon extraction in areas with challenging geographies. For example, advanced seismic imaging tools are used by Chevron to reveal possible oil or natural gas reservoirs beneath the earth’s surface. Chevron’s proprietary seismic imaging technology contributed to it achieving a 69% discovery rate in 2011[CHEV12].
Supervisory Control and Data Acquisition (SCADA) Systems
Chevron refineries are continually collecting data from sensors spread throughout the facilities to maintain safe operations and to alert operators to potential safety issues before they ever become safety issues. Data from the
sensors is also used to optimize the way the refineries work and to identify opportunities of greater efficiency. IT controls 60,000 valves at Chevron’s Pascagoula, Mississippi refinery; the efficiency and safety of its end-to-end
operations are dependent on advanced sensors, supervisory control and data acquisition (SCADA) systems, and other digital industrial control systems [GALL12].
SCADA systems are typically centralized systems that monitor and control entire sites and/or complexes of systems that are spread out over large areas such as an entire manufacturing, fabrication, power generation, or refining facility. The key components of SCADA systems include:
1. Programmable logic units (PLCs) that and remote terminal units (RTUs) connected to sensors that convert sensor signals to digital data and send it to the supervisory system
2. A supervisory computer system that acquires data about the process and sends control commands to the process
3. A human-machine interface (HMI) that presents process to the human operators that monitor and control the process.
4. Process meters and process analysis instruments
5. Communication infrastructure connecting the supervisory system and RTUs and PLCs.
1. Do some Internet research on Chevron’s use of seismic imaging technology. Briefly explain how it works and how it has helped Chevron discover new oil and gas reservoirs.
2. Do some Internet research on security vulnerabilities associated with SCADA and digital industrial control systems. Summarize the major security concerns associated with these systems and steps than can be
taken to enhance their security.
3. Discuss the pros and cons of moving enterprise-wide applications that have traditionally been supported on premises to the cloud.
4. Do some Internet research on identify management and single sign on systems. Briefly explain how these work and why they are important in business intranets and extranets.
5. Why is it increasing most important for a CIO or IT executive who oversees geographically distributed enterprise networks to be business literate?
CLOUD COMPUTING (IN)SECURITY
Cloud computing is reshaping enterprise network architectures and infrastructures. It refers to applications delivered as services over the Internet as well as the hardware and systems software in data centers that provide those services. The services themselves have long been referred to as Software as a Service (SaaS) which had its roots in Software-Oriented Architecture (SOA) concepts that began shaping enterprise network roadmaps in the early 2000s. IaaS (Infrastructure as a Service) and PaaS (Platform as a Service) are other types of cloud computing services that are available to business customers.
Cloud computing fosters the notion of computing as a utility that can be consumed by businesses on demand in a manner that is similar to other services (e.g. electricity, municipal water) from traditional utilities. It has the potential to reshape much of the IT industry by giving businesses the option of running business software applications fully on-premises, fully in “the cloud” or some combination of these two extremes. These are choices that businesses have not had until recently and many companies are still coming to grips with this new computing landscape.
Security is important to any computing infrastructure. Companies go to great lengths to secure on-premises computing systems, so it is not surprising that security looms as a major consideration when augmenting or
replacing on-premises systems with cloud services. Allaying security concerns is frequently a prerequisite for further discussions about migrating part or all of an organization’s computing architecture to the cloud.
Availability is another major concern: “How will we operate if we can’t access the Internet? What if our customers can’t access the cloud to place orders?” are common questions [AMBR10].
Generally speaking, such questions only arise when businesses contemplating moving core transaction processing, such as ERP systems, and other mission critical applications to the cloud. Companies have traditionally demonstrated less concern about migrating high maintenance applications such as e-mail and payroll to cloud service providers even though such applications hold sensitive information.
1. Do some Internet research to identify businesses who have suffered because of cloud security weaknesses or failures. What can companies who are contemplating cloud computing services learn from the negative experiences of these businesses?
2. Do some Internet research on security mechanisms associated with virtualization. How can virtualization be used by cloud service providers to protect subscriber data?
3. Choose one of the following cloud services categories: SaaS, IaaS, PaaS. Do some Internet research that focuses the security issues associated with the selected cloud service category. Summarize the major security risks associated with the cloud service category and identify mechanisms that can be used to address these risks.