* [Blog](https://www2.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/)
* [Firewall](https://www2.paloaltonetworks.com/blog/category/firewall/)
* PAN-OS 8.1: The Future of...

# PAN-OS 8.1: The Future of ICS SCADA With Secure Clouds

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2018%2F03%2Fpan-os-8-1-future-ics-scada-secure-clouds%2F)  
[](https://twitter.com/share?text=PAN-OS+8.1%3A+The+Future+of+ICS+SCADA+With+Secure+Clouds&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2018%2F03%2Fpan-os-8-1-future-ics-scada-secure-clouds%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2018%2F03%2Fpan-os-8-1-future-ics-scada-secure-clouds%2F&title=PAN-OS+8.1%3A+The+Future+of+ICS+SCADA+With+Secure+Clouds&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2018/03/pan-os-8-1-future-ics-scada-secure-clouds/&ts=markdown)  
\[\](mailto:?subject=PAN-OS 8.1: The Future of ICS SCADA With Secure Clouds)  
Link copied  
By [Lionel Jacobs](https://www.paloaltonetworks.com/blog/author/lionel-jacobs/?ts=markdown "Posts by Lionel Jacobs")  
Mar 13, 2018  
5 minutes  
[Firewall](https://www.paloaltonetworks.com/blog/category/firewall/?ts=markdown)  
[Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)  
[SCADA \& ICS](https://www.paloaltonetworks.com/blog/category/scada-ics/?ts=markdown)  
[next-generation firewall](https://www.paloaltonetworks.com/blog/tag/next-generation-firewall/?ts=markdown)  
[PAN-OS 8.1](https://www.paloaltonetworks.com/blog/tag/pan-os-8-1/?ts=markdown)

I recently attended a conference for ICS SCADA security professionals where several colleagues asked me for my personal view of whether I see ICS SCADA systems ever moving entirely to a cloud infrastructure. In their eyes, that definition includes Level 1 of the Purdue Model, the place where the virtual world meets the physical one.

Being the old school, classically trained ICS SCADA person that I am, I reflected on the questions. I shrugged my shoulders, smiled at them and said, without hesitation or pause, "Yes I do." With looks of astonishment, they asked me why. (To add further context to the scenario, many of the people engaged in the conversation have more years of service in the industry than I do, and I even worked for a couple of them in a past life.) Recognizing the look of concern on their faces that only process/control engineers can generate -- especially when addressing a crisis that could be life-threatening -- I explained why I see this happening and the reasons for my peace of mind with the migration despite all the recent targeted attacks against control network infrastructures.

No one can ignore the fact that advancements in technology, especially in the areas of communication and computing, have changed the world in ways few people thought possible. We can remember the days when an ISDN line was the pinnacle of broadband service, or the first laptop weighed close to 24 pounds, and see where we are now. ICS and SCADA must evolve, too.

As I attend customer meetings and conferences, the discussion of a cloud-based ICS SCADA control system, and the concerns around securing it, is a reality everyone seems to be facing. The concept is one met with mixed emotion, with all parties working to figure out the pros and cons. At these events, the cloud-based platforms that spark the most interest are infrastructure as a service, or IaaS, where the virtualized hardware (storage, servers, network services, etc.) is the service, and platform as a service, or PaaS.

Owner-operators tend to favor IaaS because it offers greater control over their data. Their main concerns are the operating systems, the applications and securing the data. Platform as a service (PaaS) is the model most manufacturers of industrial products are exploring as a way to deliver cloud-based services to future and existing customers. Focusing on systems used for monitoring and analysis, these vendors found they can offer both "historians as a service" and "human-machine interface as a service" to interested customers. The advantage to the customer is that they only need to supply their data, while the day to day maintenance and care of the infrastructure is the responsibility of the provider.

Regardless of the platform, most agree that the transition of ICS SCADA systems to a cloud-based implementation will happen in phases, with the business functions and monitoring moving first.

Operations like system monitoring, data analysis, system troubleshooting, and predictive maintenance can benefit from a cloud-based infrastructure and the elasticity at which it can scale. With this in mind, either approach is ideal to begin the OT transition from the plant site to the cloud because both are capable of addressing specific functions that require the continuous gathering of large volumes of data generated by these functions.

The advantages include more storage to handle data sent by smart devices, positioning security teams to leverage big data analysis from the creation of a private data lake, while lowering operational cost.

The prominent concern for the DevOps and OT groups with either cloud model are security and data integrity. What that usually means is a question of how to deploy it in a secure manner that scales well in both system performance and data volume, if done in a public cloud offering; and, for those industries with stringent compliance and regulatory restrictions, on how to remain compliant.

Palo Alto Networks Next-Generation Security Platform can help with your ICS SCADA cloud-based deployments by providing continuous and consistent protection to your company's cloud workloads. Providing seamless security to both your data and workloads through advanced security features that are consistent regardless of physical location or cloud.

You will find that we empower you so that you can achieve your ICS SCADA security objectivities through deploying:

* In-line security for your harsh environments with next-generation firewalls like our new [PA-220R](https://www.paloaltonetworks.com/blog/2018/02/introducing-ruggedized-pa-220r-next-generation-firewall/)
* API services for discovering and monitoring resources
* Automated compliance reporting to help improve your cloud security and compliance
* Storage services for eliminating potential data leaks or exposure
* Ability to do outbound and east-west security at scale

With our Next-Generation Security Platform, you can even deploy on multiple cloud services to create an even more efficient, robust and secure ICS SCADA cloud ecosystem.

Learn more about our cloud solutions as well as the ruggedized PA-220R NGFW and other ICS SCADA solutions:

* [VM-Series on AWS](https://www.paloaltonetworks.com/prisma/environments/aws)
* [VM-Series on Azure](https://www.paloaltonetworks.com/prisma/environments/azure)
* [VM-Series on Google Cloud Platform](https://www.paloaltonetworks.com/prisma/environments/gcp)
* [Aperture for Public Cloud](https://www.paloaltonetworks.com/prisma/cloud)
* [Ruggedized PA-220R](https://www.paloaltonetworks.com/network-security/next-generation-firewall/pa-220r)

You should also contact your Account Manager and ask about getting a Security Lifecycle Report on your ICS SCADA environment or the Hands-On Workshop for ICS SCADA deployments.

*** ** * ** ***

## Related Blogs

### [Firewall](https://www.paloaltonetworks.com/blog/category/firewall/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Technical Documentation](https://www.paloaltonetworks.com/blog/category/technical-documentation/?ts=markdown)

[#### Tech Docs: New Firewalls and Appliances with PAN-OS 8.1!](https://www2.paloaltonetworks.com/blog/2018/03/tech-docs-new-firewalls-and-appliances-with-pan-os-8-1/)

### [Financial Services](https://www.paloaltonetworks.com/blog/category/financial-services/?ts=markdown), [Firewall](https://www.paloaltonetworks.com/blog/category/firewall/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### PAN-OS 8.1: New Features for the Financial Sector](https://www2.paloaltonetworks.com/blog/2018/03/pan-os-8-1-new-features-financial-sector/)

### [Firewall](https://www.paloaltonetworks.com/blog/category/firewall/?ts=markdown), [Government](https://www.paloaltonetworks.com/blog/category/government/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### PAN-OS 8.1: SSL Decryption Broker for Federal Government](https://www2.paloaltonetworks.com/blog/2018/03/gov-pan-os-8-1-ssl-decryption-broker-federal-government/)

### [Firewall](https://www.paloaltonetworks.com/blog/category/firewall/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Announcing PAN-OS 8.1: Streamline SSL Decryption, Accelerate Adoption of Security Best Practices](https://www2.paloaltonetworks.com/blog/2018/02/announcing-pan-os-8-1-streamline-ssl-decryption-accelerate-adoption-security-best-practices/)

### [Firewall](https://www.paloaltonetworks.com/blog/category/firewall/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [SCADA \& ICS](https://www.paloaltonetworks.com/blog/category/scada-ics/?ts=markdown)

[#### Introducing the Ruggedized PA-220R Next-Generation Firewall](https://www2.paloaltonetworks.com/blog/2018/02/introducing-ruggedized-pa-220r-next-generation-firewall/)

### [Firewall](https://www.paloaltonetworks.com/blog/category/firewall/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### 10 Things To Test In Your Future NGFW: Offer Consistent Protection](https://www2.paloaltonetworks.com/blog/2018/05/10-things-test-future-ngfw-offer-consistent-protection/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language