We recently joined our partners at Splunk at the global annual Splunk .conf2014 conference, which took place on October 6-9, 2014 in Las Vegas.
We had the pleasure to share the stage there with one of our key clients and Oil & Gas contract industry leader Saipem.
Saipem had a prominent role at the event, with a session led by Ugo Salvi and Luca Mazzocchi – respectively Saipem CIO and CISO on “Splunk at Saipem: Security and Compliance in the Oil and Gas Industry”.
Why Splunk at Saipem
In his presentation, Mr. Salvi outlined how Saipem introduced Splunk in the IT ecosystem. Back in 2012, the company combined log management and compliance to establishing dashboards and an automatic alerting system to meet SOX and privacy compliance regulations. Thanks to the agility of the product and Moviri’s expertise, Saipem successfully achieved unprecedented flexibility and time to market and decided to build upon the early success.
When, at the end of 2012, in two instances Saipem’s competitors where it by business-disrupting malware attacks, Saipem started focusing on a few questions: are backup policies effectively in place? Can we restore business operations — Saipem’s yearly revenues exceed $10 billion), in case an attack is successful? The answers are now with what Saipem calls “Backup inspector”, a new application based on Splunk that has enabled Saipem to enforce policies across the enterprise for all the backups of all the relevant applications.
In 2014, Saipem has progressed even further by setting up a new SIEM (Security Information and Event Management) system using Splunk and the Enterprise Security app to identify, address and investigate security threats. Meanwhile, Saipem, convinced of SPlunk’s reliability as a source of information for IT and business (e.g. license usage or distribution of accounts around the world), is looking at possible future applications such as:
- Industrial systems (SCADA, supervisory control and data acquisition)
- APM, Monitoring control room and troubleshooting
- IT and Business reporting
SCADA data as a new opportunity
During the Q&A that followed Saipem’s session, most questions were related to SCADA data. Mr Salvi pointed out that Saipem is going through a POC, waiting for the opportunity to have these devices available from their operations. Saipem is also working with R&D to understand how to monitor pipeline stress and stretching, using fiber optic technology. Splunk can correlate these industrial and pipeline data with other metrics. Another key challenge regarding SCADA data is investigating possible threats due to maintenance activities, such as for example the VPN that is opened to perform maintenance on systems on offshore vessels.
For Moviri, working with Saipem and Splunk has been a long and rewarding process. And after this first few years of these implementations, Mr. Salvi made it a point to share Saipem’s key takeaways:
- Splunk has replaced and continues to successfully replace other tools within the Saipem IT ecosystem.
- The challenge of digitization and IT in an enterprise setting that, like Oil & Gas, is by its very nature rooted in the analog, industrial world presents great opportunities.
- It has been a long journey for Splunk at Saipem (SOX in 2012, Backup Inspector in 2013, SIEM in 2014)… and it is far from being over!!