What technological orientations are taken by these companies?
Today, business models focus on data. Annual growth is estimated at around 18% for the Big Data market between 2016 and 2021 and is expected to reach nearly $67 billion[i]. From a variety of sources (social networks, connected objects, commercial transactions, etc.), in structured or unstructured formats, their storage in "Data Lakes" subsequently simplifies their processing and analysis. The expansion of IoT[ii] to serve the industry will increase the amount of unstructured data. Therefore, specific software and IT infrastructures will be necessary to facilitate the technical and business exploitation of these new flows. Data integration platforms, known as "middleware[iii]", are numerous within the various Business Units of large companies. 65% of companies that adopted IoT in 2020 will use an IoT platform for at least one project[iv]. The trend is to centralize flows on a group level platform in order to create synergies between applications while taking advantage of scale and learning effects. Veolia, which has a fleet of 3 million connected objects, has created Hubgrade: a digital platform that collects energy data from buildings and industrial sites in real time, in order to analyze them and act more efficiently on their energy performance[v].
These shared platforms must meet demanding performance needs (processing speed, data quality, monitoring, etc.). As a result, energy companies that historically have "on-premise" IT systems, i.e. managed on their own, are moving to decentralized and geographically dispersed cloud environments - public or private. This hybridisation of the IS can occur on several scales: Software (SaaS[vi]), Platform (PaaS[vii]) and Infrastructure (IaaS[viii]). The benefits provided are mainly budgetary and technical in nature, as IT infrastructures can now be sized as close as possible to current needs.
Due to their core industrial business, energy companies have a heterogeneous portfolio of IT solutions such as industrial software, invoicing systems, customer interfaces, etc. The modernization of their applications is a major lever to provide an enriched user experience. For example, many business processes can benefit from the democratization of smartphones and tablets by delivering new multi-channel services. In this sense, Air Liquide introduces, within its Connect program, the use of tablets for its technicians working on site. They can now enter or access information in real time for daily efficiency gains[ix]. Such digital initiatives, meeting the needs of openness, mobility and agility, can be further developed in the future through two technical advances:
- Optimal development and management of connectors - called Application Programming Interface (API) - to simplify and accelerate the interfacing between different systems. For this purpose, as with the IoT, shared group/API Management platforms are preferred. These include a portal listing all APIs and facilitating dialogue between API creators and consumers (i.e. application developers).
- A new, more flexible application architecture logic to reduce the time-to-market of functional evolutions. Indeed, some monolithic applications[x] (made up of a single block) can be atomized via a new software architecture called micro-services, i.e. a division into several independent functionalities. This approach is complementary with the APIs that are grafted onto each micro-function.
These trends of sharing middleware platforms, hybridisation and opening up the information system require the adoption of new organisational and managerial practices.
What organizational adjustments are being made as a result?
As such companies have grown, they have carried out multiple mergers, acquisitions and disposals. Their organizations have therefore been made complex and historically segmented into vertical business lines or geographies by forming autonomous Business Units. Today, on the contrary, the digitisation of activities requires a holistic approach to "de-structuring" the organisation.
At the crossroads of technological advances and operational needs are the IT Departments, which are therefore naturally at the heart of the company's digital transformation. New technical trends highlight the need for more cross-functional, horizontal IT governance within the Business Units in order to promote Business-IT synergies. To have new solutions adopted internally and externally, ad hoc entities or entities from company branches that are closely linked to digital subjects such as a Marketing & Customer Service BU are set up. The most popular are data management authorities (Group Chief Data Officer or BU) and shared competence centres. In 2016, ENGIE created its ad hoc structure "ENGIE Digital" bringing together some fifty employees and strategic partners. Its role is twofold:
- Streamline the 4500 applications in the IT fleet while deploying new IT tools more quickly;
- Bring together in a hub the business actors from the different departments to reflect on the cross-functional solutions to be implemented.
The mission of CIOs is gradually shifting from the operation of IT infrastructures to the orchestration of the group's data and services. They therefore become multi-skilled because of the need to understand the underlying business aspect in order to develop ever more personalized services to business customers. In parallel, the business teams are involved in the characterization of needs as part of the development of applications in collaboration with the IT teams. This transformation involves major managerial challenges: the adoption of agile and DevOps methods, the recruitment of new skills and the dissemination of digital culture throughout the company. According to Gilles Cochevelou, Chief Digital Officer of the Total Group, digital transformation "is societal, cultural, human, as well as technological".
Organizational changes, the increase in the volume of data exchanged, the introduction of new technologies open to the outside world are all factors that make cyber security and data privacy issues central.
How is the security issue addressed?
Energy companies are prime targets for cyber attacks. In extreme cases, these can lead to the closure of infrastructure, causing economic and financial disruption or even potentially significant environmental damage[xi]. Among the technologies implemented, the connected sensors represent one of the greatest risks[xii]. An evocative example is the cyber attack that took place at the end of 2015 on Ukrainian power grids, leaving nearly 225,000 households without electricity. The hackers had exploited a security breach on connected industrial objects (SCADA systems[xiii]).
It is therefore imperative to set up tools to protect, in particular, energy infrastructure of primary importance to the country. Thus, security measures are implemented on 4 different scales:
- On trading systems (IoT platforms, API Management, etc.): the pooling of internal and external flows within a single platform is a factor in strengthening security. It is a question of moving from a reactive to a proactive mode by adopting strong governance towards exchanges from and to the outside while deploying the most relevant technical devices (DMZ, Reverse proxy, API gateway, WAF[xiv]).
- On data: with the forthcoming introduction of the European Data Protection Regulation (DGPS), securing confidential and sensitive data at source becomes a priority.
- On application development: the assembly of uncorrelated and available services by API makes each IT project responsible for its security, this is the principle of "Security by Design".
- On employees: all these measures would not be useful without adequate awareness of information security and the proper use of their (new) work tools. For example, the EDF Group supported the "Hack Academy" campaign in a proactive approach to mobilize nuclear businesses to gradually take on safety issues[xv].
In the end, despite the many challenges to be met (solution performance, change management, governance, security, etc.), the digitalisation of the energy sector has been launched and will lead to the emergence in the short term of new service models for employees, customers and partners. This dynamic can be accelerated even further with the imminent arrival of breakthrough technological innovations such as blockchain, artificial intelligence or 3D printing.
Notes & Sources
[ii] IoT : Internet of Things
[iii] Plateforme middleware : logiciel permettant à différentes applications d’échanger et d’interopérer
[vi] SaaS : Software as a Service
[vii] PaaS : Platform as a Service
[viii] IaaS : Infrastructure as a Service
[x] Application monolithique : décrit une application logiciel indépendante d’autres applications, développée dans un seul programme informatique, et conçue pour fournir à l’utilisateur une suite de services permettant de compléter une fonction particulière.
[xi] Ressource complémentaire : “Cybersecurity in Energy : The Implications of a Security Breach on an Oil & Gas Company” http://energy.sia-partners.com/20170727/cybersecurity_in_energy_implications_of_a_security_breach_on_an_og_company
[xii] Gartner prévoit d’ici 2020 que 25% des cyberattaques identifiées dans les entreprises impliqueront l’IoT http://www.gartner.com/newsroom/id/3291817
[xiii] SCADA : Supervisory Control And Data Acquisition
[xiv] DMZ : DeMilitarized Zone / WAF : Web Application Firewall