Open side-bar Menu
 The PLM Insider
Jyotirmoy Dutta
Jyotirmoy Dutta
Jyotirmoy Dutta works as a PLM Lead Consultant at Infosys with more than 13 years of expertise in PLM Strategy Consulting, Solution Architecting, Offshore Project Management and Technical Leadership. He has led several full life-cycle PLM implementations, in the Consumer Products, Electronics & … More »

Cloud PLM – 5 Risks to Consider

 
August 29th, 2012 by Jyotirmoy Dutta

I was reading this article in Slashdot over the weekend: “Big Surprise: Cloud Computing Still Surfing Big Hype Wave”. While referring to the hype cycle graph, it goes on to state: “In Gartner’s estimation, cloud computing has entered the Trough of Disillusionment stage of the Hype Cycle… Even as its hype fades, though, cloud computing can look further along the curve to the Slope of Enlightenment—when businesses discover the true utility of the technology, without the confusing hype and buzzwords—and then the Plateau of Productivity, where it can join predictive analytics as technologies people use without chattering incessantly about it on Twitter. Gartner believes that cloud computing and private cloud computing will reach their plateau of productivity in 2 to 5 years, while hybrid cloud computing will take closer to 5 to 10 years. At that point, the inflated expectations—and the screaming hype—should be a thing of the past.

Cloud solutions are new to PLM – and there are a number of cloud PLM solutions in the market now. While the proponents have talked about improving the ROI of PLM, by reducing the implementation and maintenance cost, I do not find much being discussed in details about the possible risks. I am not a “cloud hater” but I think manufacturers need to think of the implications deeply before moving their PLM system into the cloud. It is important to note that cloud computing can refer to several different service types, including Application/Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS). The risks and benefits associated with each model will differ and so will the key considerations in contracting for this type of service. I will cover 5 risks here with focus on PLM and Application/Software as a Service (SaaS). From the NIST Definition of Cloud Computing, Software as a Service (SaaS) implies that “The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web-based email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings”. So what are these risks?

1. Cloud Uptime

I think the biggest concern would be system uptime.  How much would the business suffer if the system uptime deviated considerably from the agreed SLA’s? If you are one of those who needed to blog “Life of our patients is at stake – I am desperately asking you to contact” during the Amazon EC2 outage in 2011, then you need to think about service interruption seriously. While outages of mission critical applications are nearly never excusable and undoubtedly hurting to business, I think the biggest learning from outages of EC2 /Azure etc seems to be the lack of real-time response and qualified explanations. A privately hosted system would have unscheduled downtime too, but in that case the organization’s IT staff would have much more be in command of in resolving it. What options would a cloud PLM vendor offer to offset any such business disruption? How much would it add up in additional costs? It is off course to be expected that when moving from a system with guaranteed availability of 90% (with downtime of 36.5 days/year) to one with 99% availability (with downtime of 3.65 days/year) or with 99.9% availability (with downtime of 8.76 hours/year) costs would naturally increase. Would such costs be in line with expected savings of going live with PLM in the cloud?

2. Enterprise Application Integration

A few months back I had written about this topic: “Cloud Based PLM and Enterprise Application Integration” where I wrote “PLM being an upstream enterprise application (design usually preceding manufacturing/sales/procurement/service) needs to draw upon several collaborating systems…Typical application integration scenarios which are routinely met would include: CAx and Office Suite Integration, Legacy System Integration, and MRP/ERP Integration.” The current bunch of cloud based PLM systems seem to be lacking in addressing this aspect.

 Apart from this, another crucial aspect to be evaluated is the ability to effectively manage complex, multi-CAD data. The system must be capable of integrating the BOM and enabling multidisciplinary 2D/3D visualization of such heterogeneous/multi-CAD data in a single product structure and make it easier for design teams to find, reuse, and synchronize accurate data with their MCAD/ECAD tools.

3.Vendor Lock-In/ Data Porting

Customers switching PLM platforms due to shifting business needs is not uncommon – Such migrations need tools, procedures, standard data formats and services interfaces that promise data and service portability. In case of cloud PLM if there is a need to migrate from one provider to another or migrate data and services back to an in-house IT environment then such options needs to be validated. A few months ago Stephen Porter in his “Zero Wait-State” blog wrote about the harrowing experience one of his client went through when migrating from a Cloud based PLM system thereby highlighting the fact that cloud providers may have an incentive to prevent (directly or indirectly) the portability of their customers services and data. Hence it would be prudent to know certain things in advance and if possible in the form of a formal agreement:

→     How to get data back if you stop subscription,

→     Availability of API calls to read (and thereby ‘export’) that data,

→     Any extra costs associated with exporting data (specially heavy CAD data),

→     Availability of data sanitization procedures (a.k.a True Wiping, Secure erase etc.) after the client is no longer a tenant etc.

→     Is there a guaranteed minimum download speed of data?

4. Legal/Regulatory Risks

Over the past couple of years PLM vendors have substantially enhanced their regulatory compliance capabilities   (ITAR, RoHS, WEEE, ELV or FDA 21 CFR Part 820). I worked for a medical devices manufacturer and know complying with some of the regulations is a tough task. Hence there are certain areas customers would need to pay attention to when appraising contract clauses for cloud PLM services (though on a case by case basis):

→  Where will the data be physically located? Would access control to technical data be based on user citizenship, physical location etc so as not to violate any ITAR or EAR restrictions? This is important from jurisdiction perspective over data protection and ownership and for law enforcement access.

→  Can the provider make available a full audit detailing technical data exports to satisfy regulatory compliance reporting requirements?

→  If the provider patches the system for software defects or upgrades it to the new release, can the customers in some way validate it in lines with FDA guidance on software validation and avoid 483s and/or Warning Letters

5. Supplier Stability

 Some time back IndustryWeek in an article “Understanding Risk: Avoiding Supply Chain Disruption” noted “A supply chain disruption can cost a manufacturer up to $5 million, irreparably harm a brand and drive customers straight to the door of a competitor.”  Cloud PLM is still an emerging market – and as with an emerging market, supplier consolidation and business casualties (like bankruptcies) can happen. Acquisition of the cloud provider could amplify the chances of a strategic shift and may put non-binding agreements at jeopardy while supplier collapse like the company ceasing to exist has the potential to nullify any signed contracts. So what happens to the vital IP in the cloud PLM system in such cases? Source code and data backup escrow might offer some solace thought it is not likely to be the silver bullet.

An old Chinese proverb says “One cannot refuse to eat just because there is a chance of being choked” – likewise the above are risks – With appropriate risk management strategy in place they surely can be contained.

Related posts:

Tags: , ,

Categories: Cloud, PLM

8 Responses to “Cloud PLM – 5 Risks to Consider”

  1. Jim Brown says:

    I read your article and appreciate that you ended it with the proverb that leads to a critical point – risks need to managed. In the end, this is not a decision that should be taken lightly, but one that should be measured.

    I do have a few points I would like to make on your 5 risks:
    * Uptime – Most cloud providers provide uptime statistics. Why? To combat misperception. The real question here isn’t whether cloud systems go down (they do), it is whether they go down considerably more than systems run on premise. In many cases, particularly for smaller companies, the resources running data centers at cloud providers (as shared resources) are more likely to be experts in their field, update patches more frequently, etc.

    * Integration – I am researching this topic right now, I wish I was ready to publish so I could share the results with you. What I am finding is that (thanks to Salesforce.com) the problem of integrating Cloud systems to on-premise systems is pretty well handled. The big EAI vendors can do it, and there are specialists in cloud integration that have sprung up due to Salesforce.com

    * Vendor lock-in – Your data is critical and it is yours. If vendors don’t allow you to access it freely they will fail in the long run. I didn’t see Stephen’s article, I will hunt it down.

    * Regulatory – To comply, every implementation must be validated to meet requirements. Unless a cloud provider is willing to help, I wonder how that could be accomplished? Anyone know what Arena Solutions does? They have med device customers, perhaps they are not part of the validated process / device master record?

    * Supplier stability – This is one that needs to be mitigated. I can’t imaging an acquisition that wouldn’t provide time, most acquisitions these days highly value the customer base being adopted. But a binding “Plan B” makes a lot of sense. I lost over a year’s worth of blog entries when a certain publication was sold. I had legal rights to them, but there was nobody left employed there so nobody to cut me a tape. Yeah, I should have had a backup, but I knew they did – I guess I should have read your article sooner. ;-)

    Good discussion, please feel free to take a look at my thoughts on Cloud PLM at

  2. Jim Brown says:

    And one more point if I may. I was surprised you didn’t mention data security. You mention ITAR as a regulation, but security is another concern I hear a lot about and there has been a lot of discussion recently. I think it is relative to what the vendor can provide on their own, similar to my comment on uptime, although a shared repository might be more attractive to those looking to steal information.

Leave a Reply

TurboCAD pro : Free Trial
MasterCAM



Internet Business Systems © 2016 Internet Business Systems, Inc.
595 Millich Dr., Suite 216, Campbell, CA 95008
+1 (408)-337-6870 — Contact Us, or visit our other sites:
TechJobsCafe - Technical Jobs and Resumes EDACafe - Electronic Design Automation GISCafe - Geographical Information Services  MCADCafe - Mechanical Design and Engineering ShareCG - Share Computer Graphic (CG) Animation, 3D Art and 3D Models
  Privacy Policy Advertise