Fireside Chat with Gibson Energy: Talking Data Center Consolidation, IoT and Cloud Security

Gibson Energy, a 60-year-old Canadian company, specializes in the transportation, storage, blending, processing, and distribution of crude oil and other refined products. The company, headquartered in Calgary, also offers oilfield waste and water management services.

Richard Hannah is Vice President of Information Services and he oversees the entire IT environment at Gibson Energy. The company has doubled in size in recent years, and a major focus of Hannah’s has been to modernize and streamline the company’s IT infrastructure.

I recently spoke to Hannah about Gibson Energy’s move to the cloud, as well as the company’s IT and security priorities based on the redesign of its network infrastructure.

Maddison: How is Gibson Energy embracing the internet of things?

Hannah:  As a midstream energy company, we have thousands of devices in the field collecting, distributing, and managing resources. Historically, getting data off those devices was largely manual, which created a lot inefficiencies. That’s all changing as we connect our field devices to our network through IoT. With real time connections to things like distribution systems or disposal well sites, we have been able to save thousands of man-hours spent on tracking and maintaining devices.

Of course, IoT comes with its own challenges. We now have critical data flowing into and out of our data center and cloud environments that needs to be collected, correlated, and managed. Some of it can be extremely time-sensitive, which has had a significant impact on how we are designing and managing our infrastructure. For example, we have consolidated our data centers and are aggressively moving to the cloud in order to simplify the management and control of data and resources. Of course, this has an impact on our security as well; IoT devices and their data need to be protected and segmented, and security has to adapt as well. One of the reasons we chose to work with Fortinet was that we could move forward with our infrastructure transformation and still maintain a consistent security posture, regardless of how we needed to change.

Maddison: What is Gibson’s Cloud strategy?

Hannah: When I came to the company in 2013, there was a fair bit of IT transition and modernization that needed to happen. Among the top priorities was reducing the number of data centers and improving security. Through acquisitions, Gibson Energy had seven data centers in total, which was way too many for a company of our size. We needed to consolidate them, and zero data centers seemed like the right goal to me. We wanted to get out of the business of managing data centers and move to the cloud as much as possible for increased agility, visibility, and scale.  

We’re getting there. By the end of this year, we plan to have just one data center, with the rest of that functionality in the cloud using Microsoft Azure. Of course, this has required a radical redesign of our entire IT infrastructure, from replacing physical devices with virtual machines and services, to rethinking workflows and policies, and even where and how we assign IT personnel and resources.

Maddison: When consolidating data centers, how do you think about security?

Hannah: Our security strategy has had to evolve. When we started building our cloud strategy with Azure, we saw that it came with several security components. But because we have a hybrid environment, using their cloud-centric controls meant that we would be trying to integrate two cFortinet ompletely different security systems. That wasn’t going to work for us. We wanted to be in control of our security, and that included centralized visibility combined with consistent policy orchestration across our entire network.

Because we deal in the management and control of critical resources, we needed granular access to firewalls and other security tools in order to build and maintain a single, unified security posture. That’s why we started working with Fortinet. As we looked at how we could best secure Azure, provide access to our network team, and tie that back into our non-cloud environments, Fortinet came out as the clear winner.

Since then, we’ve been impressed with Fortinet’s capabilities, its seamless partnership with Microsoft, and its ability to help us build and scale a secure cloud solution without compromising on either protection or performance.

Maddison:  Was it difficult to sell moving to the Cloud and adding new security services to other executives at the company?

Hannah: Security is one of our top priorities because it has to be. It’s the nature of the business we are in. So it’s not too hard to sell the importance of security to other senior executives. When a cyber incident happens in the world, it makes it apparent to everyone that security should be important. The biggest risk for us is disruption. The oil and gas resources we manage are considered to be part of the critical infrastructure for both Canada and the US, where we operate. A delay in the delivery of these resources can have huge implications. At the same time, we regularly see examples around the globe where similar businesses have been disrupted because of breaches and we need to do everything we can to ensure that our day-to-day business is never affected in the same way.

Maddison: Do you plan to focus more on IoT and the Cloud in the coming year?

Hannah: Security and the IoT are our two major focuses this year.

We have very complex IT systems in place. Analytics is important for our business. To effectively use analytics with the growing number of connected devices we have in the field, our network has become very complex. It’s no longer just a traditional wired network – these field devices are connecting wirelessly to the same infrastructure that runs our business.

Security is foundational to ensuring our business operates effectively, which means we need a security strategy that spans across our entire operations and IT infrastructure; from segmenting IoT devices, securing wireless access points, inspecting encrypted traffic, and maintaining a consistent security posture that we can see and manage from a single pane of glass.

This interview originally appeared on CSO.com.