Showing posts with label Security-Access-Control. Show all posts
Showing posts with label Security-Access-Control. Show all posts

Wednesday, October 18, 2023

OCI Security & Access Control, Part II

 People, Ideas & Objects and Oracle Corporation

Starting with the Security & Access Control module we find that Oracle Corporation has a comprehensive suite of applications that provide the security and access control that we are looking for falling under the Oracle Identity Management brand name. These products include tools for Access Management, Identity Administration, Directory Services and Governance. These product classifications come in a variety of different products and are configured in some specialty industry and management suites. 

Two areas in the Preliminary Specification that will be challenging to develop are the Industrial Command & Control (ICC) and the inter-relatedness of the Joint Operating Committee and service industry representatives. Early on in the specification we noted a number of research areas that needed to be conducted. These are two areas that will take research dollars to resolve. To have the ICC recognize members of different organizations will not be a challenge. To engage them and have them interact in the manner we expect them to when we expect them to, will. 

Oracle Identity Management resides within the Oracle Fusion Middleware product layer. As we indicated earlier in the Preliminary Specification this is Oracle’s Java Enterprise Server. Therefore these applications are open to tailoring to our users' needs through the process of “additions” as Oracle calls them. When we sit down with Oracle and define the Security & Access Control module based on our user needs. These needs can be accommodated by the technologies we have selected. 

And it is through our user community that we will resolve these issues. It is one of the reasons People, Ideas & Objects software developments budgets are where they are. We will have challenges to resolve in delivering these innovative systems to the industry. I would remind producers that our value proposition sees the one-time costs of these developments amortized over our producer base. Yet each producer receives the full scope of that development effort in terms of the software application. 

We now look at the Oracle product classification for Access Management. Included in the Access Management classification are the following products: Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlements Server, Oracle Identity Federation and Oracle Enterprise Single Sign-On Suite. Each of these products will be included in the Preliminary Specification as they have components required for day to day use by our users, service providers, producers and Joint Operating Committees.

One area Oracle had been working on was working with partners, vendors and suppliers. Within Oracle Access Manager it is noted that they provide... “Building federated user communities that span company boundaries.” These are the beginnings of both pooling and Industrial Command & Control (ICC) that are critical to resolving many of the issues that the oil & gas industry faces. 

On the heels of Oracle Access Manager is their Adaptive Access Manager which takes the concept of intra-partner interactions further with “Oracle Adaptive Access Manager makes exposing sensitive data, transactions and business processes to consumers, remote employees or partners via your intranet and extranet safer.” This is the nature of business in the future. Working with partners, as is done by the Joint Operating Committee, is an effective means of reducing costs and increasing innovation in any industry. It’s only reasonable that technologies emulate these needs. In addition Oracle Adaptive Access Manager takes security and authentication to another level. As a result, our demands regarding the pooling concept and the ICC, I feel, will be less of a technical risk for the People, Ideas & Objects Preliminary Specification and subsequent developments. 

The next application is the Oracle Entitlement Server which provides a dynamic access control element to the applications that use the server. Instead of manually wiring access control privileges into each application and user, they can be dynamically generated using the Oracle Entitlement Server. “The solution can manage complex entitlement policies with a standalone server or with a distributed approach that embeds information at the application level.” When it needs to be determined if user X has access to Joint Operating Committee Y, a decision from the entitlement server, based on criteria within the application, can be made. If this information is changed, our user would be denied access. This provides enhanced security based on policies and reduces the amount of detailed specific software development that is difficult, time consuming, and costly to maintain. 

Federated Identities are a major part of how the pooling concept and ICC are implemented in the Preliminary Specification. We have specified in many modules, such as the Resource Marketplace module, Federated Identities. Situations such as where the vendor maintains contact and other information. That information is comprehensive and includes key organizational contacts, calendars and scheduling information. Working with the partners in the Joint Operating Committee and the representatives of the service industry in this way will effectively mitigate many technical software development issues we have. These data elements are maintained by each producer / service industry company and available globally throughout the People, Ideas & Objects applications.

One area that we will continue to face a challenge is in the Work Order. Putting together a working group to study earth science or engineering research is critical to innovative oil & gas producers and the industry in general. These are ad-hoc organizations formed with partners that may have no past history to draw from. Federated Identities will provide users with some of the information they need to establish the partnership and grant application access. However, there is still the pooling of and sourcing of costs, and budgets. Costs and their contributions are traditionally what invoke the bureaucratic nightmare that mitigates and destroys the motivation for these working groups to form. We need to ensure these roadblocks do not get in the way. We have proposed to overcome these issues by developing an intuitive interface for our users involved in organizing the working group. 

We don't want our users to experience a mindless security access maze. Oracle Enterprise Single Sign-On Suite Plus promises to keep this from happening. Logging onto and off of systems as our user proceeds through the various modules and components of the applications is a must have. This product promises this level of service seamlessly and remotely. Which is needed. And considered a must have feature in today’s software offerings.

Oracle Identity Manager which will be used as the base product for role and identity management. This will be the base of the Industrial Command & Control for People, Ideas & Objects Preliminary Specification. It is part of the Oracle Fusion Middleware product offering and part of their Java Enterprise Server. Therefore we can build off the functionality existing and enhance it with our user community's needs. Building off of the functionality will be somewhat limited as many of the concepts inherent in the ICC are already captured in Oracle Identity Manager. 

Oracle Identity Manager is a highly flexible and scalable enterprise identity administration system that enhances operational and business efficiency. It provides centralized administration & complete automation of identity and user provisioning events across the enterprise and extranet applications. It manages the entire identity and role lifecycle to meet changing business and regulatory requirements and provides essential reporting and compliance functionalities. By applying business rules, roles, and audit policies, it ensures consistent enforcement of identity-based controls and reduces ongoing operational and compliance costs.

Oracle Internet Directory and Oracle Virtual Directory product offerings follow. A bit off topic but Oracle Internet Directory is a relational database-derived directory server. That Oracle is providing the marketplace with a directory server based on relational database technology speaks to the power of their relational database. They claim they have performance for two billion users. I see the advantages of using this product over their traditional directory server and have selected it for the Preliminary Specification. It will provide us with some flexibility when we ask some of the most comprehensive and demanding questions of these technologies. 

Oracle Internet Directory could be deployed as an industry wide directory server. In this case, I am referring to a directory server for the oil & gas and service industries. There it can integrate with other Oracle products, such as Oracle Identity Manager, which would be deployed at the producer firm, Joint Operating Committee and service industry representative level. This being a relational database we have some interesting opportunities here. 

Oracle Virtual Directory may be the first step toward optimizing relational databases. What we will have is a global database of names within the Oracle Internet Directory. These will relate to the information contained in Oracle Identity Manager and other applications. Oracle Virtual Directory will provide us with a seamless way to browse, and applications will see these datastores as one. 

Within the Preliminary Specification we want to access the contact information of the people or firms that provide services or products to the producers or Joint Operating Committees. Individuals and service industry members are expected to maintain their own contact and basic information. These will be maintained in the Oracle Internet Directory for each and every producer or Joint Operating Committee to access the latest and up to date information. This will save an immense amount of time for producers and Joint Operating Committees, as well as individuals and service industry providers. When looking for someone the search capabilities will be significant as we have added the “Vendor / Supplier Contact Database” and the “Actionable Information Interface” to this base data in the Resource Marketplace module. 

Now we want to look at Oracle Identity Analytics as part of the Security & Access Control module of the Preliminary Specification. This application provides governance over the access privileges granted to our users of the People, Ideas & Objects application modules. Many of the functions and processes provided in Oracle Identity Analytics are either necessary or of significant value included in the Preliminary Specification. 

A key area of our strategy is to understand the "why" and "how" our users access our services. Providing documentation of what information was accessed by what users and if any of the access violates any of the established policies. Ensuring that data access by users is compliant with corporate and application policies. This is to ensure that users are not unnecessarily abused by overtly secure systems and overall efficient corporate governance is achieved. All of the data collected during data access, that is the “why and how” of our users' access. Is compiled in a “Data Warehouse” for further analytical analysis and querying. This will help to show trends and usage patterns that will form updated policies and procedures and security provisions. 

Another useful function within the Oracle Identity Analytics application is the Segregation of Duties feature. In many areas of a corporation, certain process functions must be undertaken by specific and sometimes different individuals. This feature provides for that assurance. It is Sarbanes-Oxley compliant. This is particularly relevant when the Joint Operating Committee is small, as we mentioned the other day. And we have assigned many roles to a few people. By segregating the roles that need to be kept separate for compliance purposes, this application ensures that the appropriate governance is maintained. 

There is a comprehensive and customizable dashboard interface for our Oracle Identity Analytics users to analyze the data and particularly the data warehouse. Filled with reports and data that an effective user can use to determine where and how the People, Ideas & Objects producer client might be susceptible to access control violations. 

The last feature I want to highlight is what Oracle calls Role Lifecycle Management. This provides the Oracle Identity Analytics user with the ability to do “what if” analysis in terms of the implications for identities and roles within the People, Ideas & Objects application. It contains a role change approval process, role versioning and role rollback. These will be needed in determining and maintaining the Industrial Command & Control. 

We now step down from the Oracle Fusion Middleware layer to the actual Oracle Database for some security features. The first product in this stack is Oracle Advanced Security. It provides authentication, encryption, and encryption of database and network activity. It is possible, and I highly recommend that all the data and information used in the People, Ideas & Objects application modules be encrypted in the database and on the network. This increases the load on the systems and requires additional effort in terms of key management. However, I think the nature of the data and information and the manner in which the applications are provided as Cloud Administration & Accounting for Oil & Gas, this level of security is necessary. 

Oracle Audit Vault is another product I recommend for the Preliminary Specification. It provides central location and management of audit information for compliance purposes. The ability to manage data, information, privacy policies, and security for our users. Oracle Audit Vault is Sarbanes Oxley compliant. 

This next Oracle product adds to the Preliminary Specification. Oracle Label Security will work in many different ways within the modules however here are just two examples. The application designates specific individuals with higher security clearances. It designates specific data fields with certain security clearance. Those with high enough security clearances and appropriate authorizations can read these database fields. Within the People, Ideas & Objects application we want to ensure that the reserves, accounting information and strategy discussions of each producer firm remain confidential to a select group of individuals within that firm. With Oracle Label Security that is possible. We want to ensure that the appropriate people within the chain of command in Industrial Command & Control have access to the appropriate materials to make the appropriate decisions. This will allow those individuals to have access to these materials without making them available to everyone in the chain of command. 

Although not that pertinent to our users of the People, Ideas & Objects applications we have included Oracle Configuration Management, Oracle Database Firewall and Oracle Database Vault as part of the Preliminary Specification. These will help keep the applications and the Oracle Database running as they should. Oracle Configuration Management will determine if there is a change in the configuration, either through a patch, or if something has been done wrong it will correct itself back to the specified configuration. Ensuring that what is promised to our users of People, Ideas & Objects is provided. Oracle Database Firewall ensures no SQL statements inconsistent with our users' or applications are passed through to the database. Oracle Database Vault allows you to restrict certain IP addresses or users to running certain SQL commands. It also locks databases from having any operations conducted on them. 

Backing up data and information is two of Oracle’s strengths. Oracle Secure Backup provides excellent tools for this. Because the database is encrypted, the backup is encrypted as well. What we will need to do in the Preliminary Specification is to determine in extensive detail what precisely will be the backup strategy used for the People, Ideas & Objects application. 

Lastly there is Oracle Total Recall. A product that helps access historical data. Oracle Fusion Applications provides some interesting solutions for how they handle legacy applications. We will get into those as we proceed through the Preliminary Specification.

Conclusion

It is important to remember that here in the Security & Access Control module of the Preliminary Specification. That the role and identity-based Industrial Command & Control (ICC) as conceived here has not been implemented, developed or conceived anywhere else before. We are taking role and identity-based management to the next level with the ICC. This is done through the usage of the Joint Operating Committee, through pooling and taking advantage of specialization and the division of labor in the oil & gas industry. 

Why are we bothering with the ICC and the Joint Operating Committee pooling of resources? The issue we are resolving is the finite number of earth science & engineering resources available to the industry. With the anticipated retirement levels in the next 20 years. With the time requirements to bring on increased levels of resources. And most importantly with the demands for more energy, and the demands for more earth science & engineering in each barrel of oil equivalent produced. We face long-term shortages of critical resources. The need to organize the industry, exploit specialization and division of labor, and Professor Paul Romer's theory of non-rival costs is necessary to increase the output from the same number of resources. Doing this without pooling the resources in the Joint Operating Committee will cause the producer firm to broaden the scale of their earth science & engineering capabilities beyond what would be a commercially viable concern. The Preliminary Specification notes that we have contributions from earth scientists and engineers from multiple producers working together to meet the objectives of the Joint Operating Committee. Therefore we need a means to organize themselves and that is the Industrial Command & Control of the Security & Access Control module. 

How the ICC will be implemented will be determined by our user community. However, I can speculate that the Joint Operating Committee will have standard roles and identities used throughout the industry. Standardization provides many benefits and will be necessary in this instance to make technology work. One of the key benefits of standardization is enhanced innovation. The need to have the various areas "covered" in terms of compliance and other requirements will require a standard template used by everyone. Everyone will know that that position is responsible for that role and responsibility. When Joint Operating Committees are small and have only a few people assigned, multiple roles can be assigned to one individual. 

There are security and access control issues associated with the service industry and particularly service providers accessing People, Ideas & Objects systems and data. Removing administrative and accounting resources from the producer firms and organizing them in their own service providers provides significant operational flexibility to the innovative and profitable oil & gas producer. The Security & Access Control module ties these disparate organizations into highly organized replacements for the current bureaucracy. Contributing substantially to People, Ideas & Objects' overall tangible portion of our value proposition.

With the natural division in the types of information held within a producer and Joint Operating Committee. Producers will know that the Preliminary Specification can deliver the right information to the right people at the right time. Leakage of proprietary information can be mitigated by isolating company data. This is due to its unique nature and Oracle Label Securities' ability to restrict access to database fields. 

Oracle’s products provide a strong layer of mission critical capabilities in the Security & Access Control module. Oracle provides comprehensive coverage of security, access control, audit, back up and roll management to name just a few of the highlights provided. Although this comes with additional costs, I am certain that no one will argue with the quality and peace of mind that these products bring. 


Tuesday, October 17, 2023

OCI Security & Access Control, Part I

 Introduction

Joint Operating Committees are the key Organizational Construct of a dynamic, innovative, accountable and profitable oil & gas company. It is the interactions of many producers, service providers and suppliers who are involved in the day to day commercial and strategic concerns of that Joint Operating Committee that we need to concern ourselves with. The Security & Access Control module's focus is to ensure the right people have the right access to the right information with the right authority. This is at the right time at the right place and through the right device. 

Throughout the Preliminary Specification we discuss two of the most pressing operational issues in the oil & gas industry. Those being the demand for earth science & engineering effort is increasing with each barrel produced. This is best represented by the steep escalation of oil & gas exploration and production costs. At the same time, critical earth science & engineering resources are fixed and difficult to expand. And with the anticipated retirement of this brain trust in the next twenty years, the problem becomes critical. The second issue regards the manner in which the administrative and accounting resources are organized within the industry. With the Preliminary Specification the need for each producer to develop their own administrative and accounting capabilities internally is replaced by an overall industry capability. Then each producer can access those resources on a variable cost basis with direct charges to the Joint Operating Committee. This provides operational flexibility in how a producer approaches its strategic and tactical needs. 

There are few short-term solutions to the shortfall in geologists and engineers over the next twenty years. It takes the better part of that time to train them to operate in the industry. What we do know are several "things" being applied in the People, Ideas & Objects Preliminary Specification. Many of these concepts are based on what we call Industrial Command and Control. Which is a method developed in the Security & Access Control module of imposing command and control over any and all Joint Operating Committees, working groups, producer firms, service providers or organizations the producer may need to add structure to. The concepts are the further specialization and division of labor, and a reduction in the redundant building of capabilities within each oil & gas producer, or as we describe it, a pooling of resources in the Joint Operating Committee.

The first concept of specialization and division of labor is well known as a principle of economics that brings about greater economic productivity from the same volume of resources. Given that the volume of earth science & engineering resources is known for the foreseeable future. Specialization and the division of labor will provide us with a tangible means to deal with oil & gas industry productivity. In today’s marketplace, approaching a heightened level of specialization and division of labor without software to define and support it would be foolish.

The pooling concept is the solution to the current desire that each producer firm acquires the earth science & engineering capabilities necessary to deal with all the needs of their “operated” properties. This creates unneeded “just-in-time” capabilities for scarce scientific resources. When each producer within the industry pursues this same strategy substantial redundancies are built into the industry's capabilities. Redundancies that are left unused and unusable. What is proposed through the People, Ideas & Objects software application modules is that the producer's operational strategy avoids the “operator” concept. Instead, it pools their specialized technical resources through the Joint Operating Committee partnership. That way the redundancies that would have been present in the industry can be made available to the producers and used by the producers through hyper-specialization and division of labor.

These same principles are present in the second issue noted above. The administrative and accounting capabilities acquired through industry-wide capabilities provide the producer with the flexibility to address operational concerns. Issues such as today’s low natural gas prices can be addressed through this revised structure. By having administrative and accounting service providers charge their service fees directly to the Joint Operating Committee. The producer gains the ability to shut-in unprofitable production with only positive effects on their financial performance. Administrative, accounting, and production costs are eliminated during shut-in production. Providing the most profitable means of oil & gas operations when unprofitable properties no longer dilute profitable properties. Producers can save their reserves for the time when they can be produced profitably. Reserves costs don't have to carry additional losses if unprofitable production continues. Reserves can be seen as a low-cost solution to production and storage. Commodity prices will have less volatility due to producers removing marginal production from the marketplace. 

Being able to provide service providers with access to and security during these day-to-day operations will be a unique situation for the oil & gas producer. Service providers will aggregate data industry wide. And there will be many service providers involved in providing administrative and accounting services to the producer firm and Joint Operating Committees. Consideration of the proprietary nature of the information and security will be priorities for the Preliminary Specification. 

A quick note on mobility. People are provided with new devices that enable them to work anywhere. These phones and tablets, in addition to laptop computers, open up security and access control concerns for the innovative and profitable oil & gas producer. Some producers enable their staff with policies that allow them to bring their own devices to work. The fact is these devices provide enhanced productivity and are appropriate for an innovative and profitable oil & gas producer. People, Ideas & Objects Preliminary Specification includes an understanding that these devices will be part of the day to day used in the oil & gas industry. 

What these concepts require is what the Security & Access Control module is designed to provide. The system must provide access to the right person at the right time and at the right place with the right authority to the right information. With the Industrial Command & Control there will be a manner in which the technical, and all the resources, that have been pooled from the producers, interact with an appropriate governance and chain of command.

Two Types of Data

When we talk about the various people within the producer firms affiliated with a Joint Operating Committee. And the number of Joint Operating Committees that a firm may have an interest in. And the number of people a firm employs. Access control becomes challenging. It becomes a challenge when we consider that people certainly should have the access required, but the level of trust they may have with respect to other partner organizations is probably not as strong. That is to say, does using the Joint Operating Committee as the key Organizational Construct of a dynamic, innovative, accountable and profitable oil & gas producer, open the producer firm to data loss? This is how People, Ideas & Objects deal with the access and trust issue in the Security & Access Control module.

When we concern ourselves with the data and information of the producer firm. We also concern ourselves with the information cleared by the various Joint Operating Committees that the oil & gas producer has an interest in. We can all agree that this information is proprietary and subject to each producer firm's internal policies. (Information such as reserves data, accounting information, internal reports and correspondence, strategy documents.) What we're concerned about is the information and data held in the Accounting Voucher module and the associated data common to the joint account. (well file, agreements, production data, capital and operating costs, revenue and royalties.) 

Close analysis of these two types of data and information held within the firm and the Joint Operating Committee falls within the proprietary and partnership domains. In Canada at least, most data and information regarding well operations can be freely obtained through various regulatory agencies. Nonetheless, the majority of the data is shared through the partnership who have an interest in the data and information. Which is not the case with the producer firm's data. Most of the information is kept close at hand and reported through filtered reserve report summaries and annual reports. Therefore keeping a handle on proprietary data, while operating the Joint Operating Committee as the key Organizational Construct of the innovative oil & gas producer, as proposed by People, Ideas & Objects, does not present any data leakage.

Access control can therefore be limited by restricting any company personnel from viewing other companies' files. Which is a given. While in People, Ideas & Objects access control is restricted to the firm's Joint Operating Committees and the firm's files only. To extend this further, we would limit access to the appropriate roles within the firm. Then it is up to our user community to define a standard set of generic roles in which access is required to certain data types. This would apply to the types of operations handled by that role, for example, read, insert, update, delete. These generic roles could then be assigned to each individual within the organization based on their needs. Assigning multiple roles for more complex access. Access to proprietary data would be restricted to company personnel only.

More on the ICC

Throughout the Preliminary Specification we've discussed our solution to one of the premier issues the oil & gas industry faces. That is the demand for earth science & engineering effort per barrel of oil increases with each barrel produced. This is best represented by the steep escalation of oil & gas exploration and production costs over time. At the same time, critical earth science & engineering resources are fixed and difficult to expand in the short or medium term. Add to that the anticipated retirement over the next twenty years of the current brain trust of the industry and the problem becomes a critical concern.

There are few short-term solutions to the status quo volume of geologists and engineers. It takes the better part of that time to train them to operate in the industry. Our resolution in the People, Ideas & Objects software applications modules involves what we’ve developed and called “Industrial Command & Control” (ICC) and the application of specialization and division of labor. Specialization and the division of labor are well known principles of economics that bring about greater economic productivity from the same volume of resources. Given that the volume of earth science & engineering resources is known for the foreseeable future, specialization and the division of labor will provide us with a tangible means to potentially increase the capability, capacity and productivity of the oil & gas industry, yielding multiples of today’s performance over the long term. With software defining and supporting organizations, today’s producers must approach a heightened level of specialization and division of labor through software in broadly dispersed North American markets.

People, Ideas & Objects ICC involves the implementation of specialization and the division of labor in the fields of geology and engineering. It is currently necessary for each producer firm to acquire all the earth science & engineering capabilities necessary to deal with the needs of the properties they "operate". Which allows the full scope of these sciences to be deployed "just-in-time". When each producer within the industry pursues this same strategy, organizational inefficiencies in these critical resources are introduced. This is due to the method of organization built into the industry's overall capacity and capabilities. Leaving resource utilization rates lower due to the volume of unused and unusable resources locked in each producer firm. 

What is proposed through the People, Ideas & Objects software application modules ICC is that the producer's operational strategy avoids the “operator” concept. Instead, it pools these technical resources through each of their partnerships represented in their Joint Operating Committees. That way the inefficiencies that would have been present in the industry can be made available and used through industry wide, producer focused, advanced and advancing specialization and division of labor. Where many of the lower end processes are offloaded to service providers who specialize in that basic skill on behalf of many producers. This is done in a geographical area or other specialization. And each individual producer focuses on a specialized element of science as it develops and innovates upon that. People, Ideas & Objects believe producers will soon be unable to commercially support the full scale of engineering & earth science disciplines tasks and responsibilities as they have in house. This will be due to the shortages of resources, the cost escalation of these resources in the market due to their shortages, the expansion of demand from higher production volumes to achieve energy independence, the demands for more science in each incremental barrel of oil produced, the anticipated, substantial expansion of the sciences and the need to innovate upon that expanding science. For producers to maintain a broadened division of labor to deal with these issues and “operatorship” capabilities, it will extend them beyond any producer's commercial capacity.

What these concepts demand is what the Security & Access Control module is designed to provide through the ICC. The People, Ideas & Objects system must provide access to the right person at the right time and at the right place. This is with the right authority and the right information. With the ICC there will be a manner in which the technical and all the resources pooled from the producers, interact with the appropriate governance, compliance and industry standard chain of command.

Before the hierarchy which was a commercial development of the 20th century, there was only the military structure in terms of large organizations. The main difference between the two is subtle but significant. Military structures are broader and flatter than hierarchy. That is one of the ideals we are seeking, but the more significant feature is the ability for the chain of command to span multiple internal and external organizational structures and to move resources from different areas of the military through standardization.

The nature of people working through the industry-standard chain of command layered over the Joint Operating Committee will include all oil & gas disciplines. The contributions of staff, financial and technical resources will include all those employed by the industry today. I could foresee many office buildings being refurbished to accommodate the staff of a single Joint Operating Committee of a large property. There, staff from the different producers may be seconded to provide support for the Joint Operating Committee. They may work for a single Joint Operating Committee, not for any particular producer firm.

As background we should recall that each individual would have different access levels and authorizations in terms of access to People, Ideas & Objects ERP systems. Assuming different roles and responsibilities, they would impose different access levels to data, information, processes and functionality. People, Ideas & Objects application modules rely on the Security & Access Control module to implement Industrial Command & Control. This structure, particularly in a Joint Operating Committee, would weave multiple producer firms under one industry standard chain of command. The interface ensures that all processes are monitored for compliance, governance, and overall completeness.

Access, Roles and Responsibilities

This topic discusses the way authorizations, roles and responsibilities are handled in the Security & Access Control module of the Preliminary Specification. We should discuss the topic of delegating authority and responsibility during absences, which can come up from time to time.

As background we should recall that each individual would have different access levels and authorizations in terms of access to the People, Ideas & Objects systems. Assuming various roles and responsibilities, they would impose different access levels to data, information, processes and functionality. In addition, Security & Access Control is the key module for implementing Industrial Command & Control across People, Ideas & Objects. This structure, particularly in a Joint Operating Committee, would weave multiple producer firms under one chain of command. To ensure compliance, governance, and overall process completeness, it will need to provide an interface to ensure all processes are monitored.

Throughout the Preliminary Specification there is the perception of a heightened role for technology in terms of enabling authorization to conduct operations. Thus, the ability to do things and get things done depends on collaborating with partners and authorizing actions through processes managed by the systems. This participation dictates that the designation of the roles in the Security & Access Control module “means” more than just data access; it imposes authority and responsibility to undertake actions on behalf of Joint Operating Committees and / or producer firms.

It is necessary to assign this authority within the Security & Access Control module during any absence. If someone with authority and responsibility was away for whatever reason, they should be able to assign their authority to another person. This will enable them to fill that role while away. This will ensure that the process isn’t held up during their absence. Delegations of authority have been used for years in large firms and with a system that imposes authorizations and responsibilities on specific roles, the ability to temporarily move them down, across or up the chain of command is a necessity to keep the organization functioning.

Lastly we should talk about the interface that helps to identify missing elements in a process. It would simply show the command structure of the people assigned to a Joint Operating Committee or a process. It would also show their related role, authorizations and responsibilities. If someone was away, it would indicate who took over their role. It would help to identify how they could impose a chain of command to fill any vacancies. This would be particularly helpful if the role or process needed to be documented for compliance purposes.


Tuesday, January 07, 2014

Joint Operating Committee User Budget Category Part I

The first allocation of user community funds will be to the Joint Operating Committee User Budget category. Here we have allocated 22% of the user community budget for a range of $73 - 146 million. This works out to a range of 220 to 440 man years of work for the user community. It is important to take this budget allocation into context. These are the costs associated with the needs of the producer in its prototypical form based on the decentralized production model. Where the producer is stripped down to the C class executives, earth science and engineering resources, land and legal and support staff. It should also be pointed out here that the earth science and engineering resources, as well as the former administrative and accounting resources, which are now the service providers, each have their own user community budget allocations. These budget funds may be subsequently pooled to approach joint software development initiatives. Initiatives such as the Material Balance Report which have the producer firm and the service providers interests.

One of the first concerns of the Joint Operating Committee User Budget category of resources has to be the Security & Access Control module of the Preliminary Specification. How much of this budget will need to be allocated to address the issues and opportunities that are addressed here. We are providing access to the right information to the right people at the right time in the right place on any device. This includes access from multiple producers resources accessing information within the various Joint Operating Committees that they have an interest in. We thankfully are able to rely on the strength of a variety of Oracle products at various layers within their technologies to assist us in making these opportunities possible. The difficult issue that is presented by the Preliminary Specification is the high levels of collaboration and integration that is being conducted by the various producer firms in the Joint Operating Committee. And everyone knows what I mean when I talk about the issues that are presented by the pooling concept and general high levels of collaboration through the product. What I expect from the user community is the ability to take these difficult requirements and make them effective in an environment where the user is enabled and supported in an environment that is constructive and informative. Not one that has the user accosted by constant warnings and pop ups that violate the sense of what a good system should provide. This is your system, don't expect anything but the best. If the developers don't deliver what it is that you want, tell them to do it again until they get it right.

It is with that point that I want to note a number of positions that fall under the development budget. These specific positions are called the Product Owner. We currently have budgeted 25 of these positions and their role is to represent the user on the development team. If I didn't have a job already I would want to be a Product Owner as they are empowered by the user community to ensure that their needs are met. These people are your “man on the inside” so to speak. There will be a product owner for each of the eleven modules, one for the user interface, and so on.

And its not limited there. Additional resources will be provided to the user community based on their needs. We are developing People, Ideas & Objects to be user based software developments. This is not our objective for just the beginning, it is the objective for the life of the software. We expect to see significant change in the innovative and profitable oil and gas marketplace. This change will need to be accommodated by changes in the software and services that are provided by People, Ideas & Objects, the user community and the service providers. A constant level of change that will require the efforts of what we call this “gap” or sub-industry between the oil and gas producers and the technology companies like Oracle.

It is at this point that I would like to note that the user communities will be comprised of a large variety of sources. Although some will definetly come from the oil and gas producers themselves, that isn’t the case for all of them. There may be some of the people who will have been moved to the service providers as a result of moving to the decentralized production model. Or from the service industry itself. The broader and more diverse the user community that we are able to build, the better the software that we will be able to build for them. That is our focus and that is our desire.

Therefore that will be one of the first things the user community will need to begin to do. Is to determine the amount of budget that is necessary to meet the needs of Joint Operating Committee User Budget category for the Security & Access Control module. Understanding the scope of the issues, and that it includes the Military Command & Control Metaphor I have estimated the budget requirements in the range of $7 - 14 million 21 - 42 man years. It is important to remember that these estimates will be finalized upon completion of the initial phase of the development work. This is a $200 million phase that will determine the scope and scale of the project in its first commercial iteration. It will also determine the costing of each module based on defined user requirements.

The Preliminary Specification provides the oil and gas producer with the most profitable means of oil and gas operations. People, Ideas & Objects Revenue Model specifies the means in which investors can participate in these user defined software developments. Users are welcome to join me here. Together we can begin to meet the future demands for energy. And don’t forget to join our network on Twitter @piobiz

Thursday, September 05, 2013

Conclusion to the Security & Access Control Module

It is important to remember here in the Security & Access Control module of the Preliminary Specification. That the role and identity based Military Command & Control Metaphor (MCCM) as has been conceived here has not been implemented, developed or conceived of anywhere else before. We are taking the concept and technology of role and identity based management to the next level with the MCCM, pooling and use of specialization and the division of labor in the oil and gas industry.

Why are we bothering with the MCCM and the pooling of the resources in the Joint Operating Committee anyways? The issue that we are resolving is the finite number of earth science and engineering resources that are available to the industry. With the anticipated retirement levels in the next 20 years. With the time requirements to bring on new levels of resources. And most importantly with the demands for more energy, and the demands for more earth science and engineering in each barrel of oil equivalent produced. We face a long term shortage of these critical resources. The need to organize the industry, to exploit specialization and the division of labor are necessary to expand the output from the same number of resources. Doing this without pooling the resources in the Joint Operating Committee will cause the producer firm to broaden the scale of their earth science and engineering capabilities beyond what would be a commercially viable concern. The Preliminary Specification notes that we have contributions of earth scientists and engineers from multiple producers working together to meet the objectives of the Joint Operating Committee. Therefore we need a means in which they can organize themselves and that is the Military Command & Control Metaphor of the Security & Access Control module.

How the MCCM will be implemented will be determined by the user community. However, I can speculate that the Joint Operating Committee will have standard roles and identities that are used throughout the industry. This standardization will probably be necessary for the purposes of making the technology work. The need to have the various areas “covered off” in terms of compliance and other requirements will require a standard template be used by everyone. Then everyone will know that that position is responsible for that role and responsibility. When Joint Operating Committees are small and have only a few people assigned, then multiple roles can be assigned to one individual.

There is also the security and access control issues associated with having the service industry and particularly the service providers accessing the People, Ideas & Objects systems and data. Removing the administrative and accounting resources from the producer firms and organizing them in their own service providers provides significant operational flexibility to the innovative and profitable oil and gas producer. The Security & Access Control module works to tie these disparate organizations into highly organized replacements to the current bureaucracy.

With the natural division in the types of information that are held within a producer and Joint Operating Committee. Producers will know that the Preliminary Specification will be able to deliver the right information to the right people at the right time. That leakage of their proprietary information can be mitigated by isolating the companies data, due to its unique nature and Oracle Label Securities ability to restrict access to database fields.

Oracle’s products provide a strong layer of mission critical capabilities in the Security & Access Control module. Although this comes with additional costs, I am certain that no one will argue with the quality and secure knowledge that these products bring.

The Preliminary Specification provides the oil and gas producer with the most profitable means of oil and gas operations. People, Ideas & Objects Revenue Model specifies the means in which investors can participate in these user defined software developments. Users are welcome to join me here. Together we can begin to meet the future demands for energy.

People, Ideas & Objects and Oracle Corporation

Please note I will be posting twice per day as we pass through and edit the Preliminary Specification.

Starting with the Security & Access Control module we find that Oracle Corporation have a comprehensive suite of applications that provide for the security and access control that we are looking for. Falling under the Oracle Identity Management brand name. These products include tools for Access Management, Identity Administration, Directory Services and Governance. These product classifications come in a variety of different products and are configured in some specialty industry and management suites.

Two areas that are going to be challenging are going to be the Military Command & Control Metaphor (MCCM) and the inter-relatedness of the Joint Operating Committee and service industry representatives. Early on in the specification we noted a number of research areas that were needed to be conducted. These are two areas that will take some research dollars to resolve. To have the MCCM recognize members of different organizations will not be the challenge. To engage them and have them interact in the manner that we expect them to when we expect them to, will.

Oracle Identity Management resides within the Oracle Fusion Middleware product layer. As we indicated earlier in the Preliminary Specification this is Oracle’s Java Enterprise Server. Therefore these applications are open to be tailored to the user’s needs. So when we do sit down with Oracle and define the Security & Access Control module based on the user needs. These needs can be accommodated by the technologies that we have selected.

And it is through the efforts of the user community that we will resolve these issues. It is also one of the reasons that the budgets of People, Ideas & Objects software developments are where they are. We will have challenges to resolve in delivering these innovative systems to the industry. I would also remind producers that our value proposition sees the one time costs of these developments amortized over our subscribing base of producers. Yet each one of those producers receives the full scope of that development effort in terms of the software application.

We now look into the Oracle product classification of Access Management. Included in the Access Management classification are the following products; Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlements Server, Oracle Identity Federation and Oracle Enterprise Single Sign-On Suite. Each of these products will be included in the Preliminary Specification as they have components that are required for the day to day use by the users, service providers, producers and Joint Operating Committees.

One area that I was surprised to learn that Oracle had been working on was in the area of working with partners, vendors and suppliers. Within the Oracle Access Manager it is noted that they are able to provide... “Building federated user communities that span company boundaries.” These are the beginning of both the pooling and Military Command & Control Metaphor (MCCM) that are critical to resolving so many of the issues that the oil and gas industry faces.

On the heels of Oracle Access Manager is their Adaptive Access Manager which takes the concept of intra partner interactions further with “Oracle Adaptive Access Manager makes exposing sensitive data, transactions and business processes to consumers, remote employees or partners via your intranet and extranet safer.” This is the nature of business in the future. Working with your partners, as is done in the Joint Operating Committee, is an effective means of reducing costs and increasing innovation in any industry. It’s only reasonable that the technologies are beginning to emulate these needs. In addition Oracle Adaptive Access Manager takes the level of security and authentication to a higher level. As a result, our demands regarding the pooling concept and the MCCM, I feel, will be less of a technical risk for the People, Ideas & Objects Preliminary Specification and subsequent developments.

The next application is the Oracle Entitlement Server which provides a dynamic access control element to the applications that use the server. Instead of hard wiring access control privileges into each application and user, you can dynamically generate them using the Oracle Entitlement Server. “The solution can manage complex entitlement policies with a standalone server or with a distributed approach that embeds information at the application level.” So when it needs to be determined if user X has access to Joint Operating Committee Y, a decision from the entitlement server, based on criteria within the application, can be made. If this information changes then the user would be denied access. This provides greater security based on policies and reduces the amount of detailed specific software development that is difficult, time consuming, and costly to maintain.

Federated Identities are also a major part of how the pooling concept and MCCM are implemented in the Preliminary Specification. Oracle Identity Federation provides high levels (attribute federation) to the applications that use it. We have specified in many of the modules, such as the Resource Marketplace module, the use of Federated Identities. Situations like where the contact and other information is maintained by the vendor. That information is comprehensive in nature and includes key organizational contacts, calendars and scheduling information. Working with the partners in the Joint Operating Committee and the representatives of the service industry in this way will effectively mitigate many of the technical software development issues we have.

One area that we will continue to face challenges however is in the Work Order. The ability to dynamically put together a working group to study some earth science or engineering research subject is critical to the innovative oil and gas producer. These are ad-hoc and made with partners that you may have no history with. Federated Identities will provide you with some of the information you need to form the partnership and grant application access, however, there is still the pooling of and sourcing of costs, and budgets which is the bureaucratic nightmare that mitigates and destroys the motivation for these working groups to form. We need to make sure these roadblocks do not get in the way. We have proposed to overcome these issues by developing an intuitive interface for the users forming the working group.

The last thing we want our users to be involved in is some form of mindless security access maze. Oracle Enterprise Single Sign-On Suite Plus promises to keep this from happening. Logging onto and off of systems as the user proceeds through the various modules and components of the applications is a must have. This product also promises the ability to provide this level of service on a remote basis. Which is much needed.

Oracle Identity Manager which will be used as the base product for role and identity management will also be the base of the Military Command & Control Metaphor for the People, Ideas & Objects Preliminary Specification. It is part of the Oracle Fusion Middleware product offering and as such is part of their Java Enterprise Server. Therefore we are able to build off the functionality that exists and enhance it with the user community's needs. Building off of the functionality will be somewhat limited as many of the concepts that are inherent in the MCCM are already captured in the Oracle Identity Manager.

Oracle Identity Manager is a highly flexible and scalable enterprise identity administration system that provides operational and business efficiency by providing centralized administration & complete automation of identity and user provisioning events across enterprise as well as extranet applications. It manages the entire identity and role lifecycle to meet changing business and regulatory requirements and provides essential reporting and compliance functionalities. By applying the business rules, roles, and audit policies, it ensures consistent enforcement of identity based controls and reduces ongoing operational and compliance costs

Oracle Internet Directory and Oracle Virtual Directory product offerings are up next. A little off topic but Oracle Internet Directory is a relational database derived directory server. That Oracle is providing the marketplace a directory server based on relational database technology speaks to the power of their relational database. They claim they have the performance for two billion users. I see advantages of using this product over their traditional directory server and have therefore selected it for the Preliminary Specification. It will provide us with some flexibility when we ask some of the comprehensive and demanding questions of the technologies.

Oracle Internet Directory could be deployed as an industry wide, and by that I mean oil and gas and service industry wide directory server. There it can integrate with the information that is held in other Oracle products, such as Oracle Identity Manager which would be deployed at the producer firm, Joint Operating Committee and service industry representative level. I think we could provide large volumes of information consisting of everything that exists in the industry. The producers, service industry, Joint Operating Committees, the people who work within the industry, etc. Because this is a database we have some interesting opportunities here.

And Oracle Virtual Directory may be the beginning of optimizing the relational database opportunities. So what we will have is a global database of names within the Oracle Internet Directory and these will relate to the information contained with Oracle Identity Manager and other applications. What Oracle Virtual Directory will provide us with is a seamless way in which to browse, and for applications to see, these datastores as one.

Within the Preliminary Specification we want to access the contact information of the people or firm that provide services or products to the producers or Joint Operating Committees. As we indicated we want the individuals and service industry providers to maintain their own contact and basic data. These will be maintained in the Oracle Internet Directory for each and every producer or Joint Operating Committee to access the most recent and up to date information. This will save an immense amount of time on behalf of the producers and Joint Operating Committees, as well as the individuals and service industry providers. When looking for someone the search capabilities will be significant as we have added the “Vendor / Supplier Contact Database” and the “Actionable Information Interface” to this base data in the Resource Marketplace module.

Now we want to look into Oracle Identity Analytics as part of the Security & Access Control module of the Preliminary Specification. The primary purpose of this application is to provide governance over the access privileges granted to the users of the People, Ideas & Objects application modules. Many of the functions and processes that are provided in Oracle Identity Analytics are either necessary or of significant value that it has been included in the Preliminary Specification.

The first area is the “why and how” of the users access. Providing documentation of what information was accessed by what users and if any of the access violates any of the established policies. Ensuring that data access by users is compliant with the corporate and application policies, that users are not unnecessarily being abused by overtly secure systems and overall good corporate governance is achieved. All of the data that is collected during data access, that is the “why and how” of the users access. Is compiled in a “Data Warehouse” for further analytical analysis and querying. This will help to show trends and usage patterns that will form new policies and procedures and security provisions.

Another useful function within the Oracle Identity Analytics application is the Segregation of Duties feature. In many areas of a corporation, certain process functions must be undertaken by specific individuals and in some cases different individuals. This feature provides for that assurance. It is also Sarbanes-Oxley compliant. This is important when the Joint Operating Committee is small, as we mentioned the other day. And we have to assign many roles to a few individuals. This application will ensure that the processes provide the appropriate governance is maintained by segregating the roles that need to be kept apart for compliance purposes.

There is a comprehensive and customizable dashboard interface for the users of the Oracle Identity Analytics software to analyze the data and particularly the data warehouse. Filled with reports and data that an effective user can use to determine where and how the People, Ideas & Object producer client might be susceptible to access control violations.

The last feature that I want to highlight is what Oracle calls their Role Lifecycle Management. This provides the Oracle Identity Analytics user with the ability to do “what if” analysis in terms of the implications to identities and roles within the People, Ideas & Objects application. It also contains a role change approval process, role versioning and a role rollback feature. These will be needed in determining and maintaining the Military Command & Control Metaphor.

We now step down from the Oracle Fusion Middleware layer to the actual Oracle Database for some of the security features that we seek. The first product in this stack is Oracle Advanced Security. It provides the authentication, and encryption of both the database and the network activity. It is possible, and I highly recommend that all the data and information that is used in the People, Ideas & Objects application modules be encrypted in the database and on the network. This increases the load on the systems and will require additional effort in terms of key management, however, I think the nature of the data and information and the manner in which the applications are provided, a “cloud based” solution, this level of security is necessary.

Oracle Audit Vault is another product that I recommend for the Preliminary Specification. It provides a central location and management of the audit information for compliance purposes. Giving our users the ability to manage the data, information, privacy policies and security. Oracle Audit Vault is also Sarbanes Oxley compliant.

This next Oracle product is a definite addition to the Preliminary Specification. Oracle Label Security will work in many different ways within the modules however here is how I see just two examples. What the application does is designate certain individuals with higher level security clearances. It also designates certain data fields with certain levels of security clearances. Those with high enough security clearances and appropriate authorizations are then able to read these database fields. Within the People, Ideas & Objects application we want to make sure that the reserves, accounting information and strategy discussions of each producer firm remain confidential to a select group of individuals within that firm. With Oracle Label Security that is possible. We also want to ensure that the appropriate people within the chain of command in the Military Command & Control Metaphor have access to the appropriate materials to make the appropriate decisions. This will allow those individuals to have access to these materials without making it available to everyone in the chain of command.

Although not that pertinent to the users of the People, Ideas & Objects applications we have also included Oracle Configuration Management, Oracle Database Firewall and Oracle Database Vault as part of the Preliminary Specification. These will help to keep the applications and the Oracle Database running as they should. Oracle Configuration Management will determine if there is a change in the configuration, either a patch, or if something has gone wrong it will correct itself back to the specified configuration. Ensuring that what is promised to the users of People, Ideas & Objects is what is provided. Oracle Database Firewall ensures no SQL statements that are inconsistent with the users or applications are passed through to the database. And Oracle Database Vault provides the ability to have only certain IP addresses or users to run certain SQL commands and to lock databases from having any operations being conducted on them.

Backing up your data and information are two of Oracle’s strengths. They provide excellent tools for this in Oracle Secure Backup. With the database being encrypted it is interesting that the backup is of the encrypted database. What we will need to do in the Preliminary Specification is to determine in great detail what precisely will be the backup strategy that will be used for the People, Ideas & Objects application.

Lastly there is Oracle Total Recall. A product that helps in accessing historical data. Oracle Fusion Applications provides some interesting solutions with respect to how they handle legacy applications and we will get into those as we proceed through the Preliminary Specification.

The Preliminary Specification provides the oil and gas producer with the most profitable means of oil and gas operations. People, Ideas & Objects Revenue Model specifies the means in which investors can participate in these user defined software developments. Users are welcome to join me here. Together we can begin to meet the future demands for energy.

Wednesday, September 04, 2013

Access, Roles and Responsibilities

This topic discusses the manner in which authorizations, roles and responsibilities are handled in the Security & Access Control module of the Preliminary Specification. We should also discuss, the topic of delegating the authority and responsibility during absences, which is something that can come up at any time.

As background we should recall that each individual would have different access levels and authorizations in terms of access to the People, Ideas & Objects systems. Assuming different roles and responsibilities would impose different access levels to data, information, processes and functionality. On top of that, the Security & Access Control module is the key module for imposing the Military Command & Control Metaphor throughout the People, Ideas & Objects application modules. This structure, particularly in a Joint Operating Committee, would work to weave the multiple producer firms under one chain of command. It would also need to provide an interface to ensure the coverage of all the processes were “manned” to ensure compliance, governance and overall completeness of the process.

Throughout the Preliminary Specification there is the perception of a heightened role for technology in terms of enabling the authorization to conduct operations within the system. That is to say the ability to do things and get things done is through the collaborations with partners and to authorize actions through participation in the processes managed by the systems. This participation dictates that the designation of the roles in the Security & Access Control module “means” more than just data access; it also imputes authority and responsibility to undertake actions on behalf of Joint Operating Committees and / or producer firms.

It would also be necessary to be able to assign this authority within the Security & Access Control module during any absence. If someone with authority and responsibility were to be away for whatever reason, they should be able to assign their authority to another person to fill that role while they are away. This will ensure that the process isn't held up during their absence. Delegations of authority have been used for years in larger firms and with a system that imposes the authorizations and responsibilities on specific roles, the ability to temporarily move them down, across or up the chain of command is a necessity to keep the organization functioning.

Lastly we should talk about the interface that helps to identify the missing elements of a process. It would simply show the command structure of the people who are assigned to a Joint Operating Committee or to a process and their related role, authorizations and responsibilities. If someone was to be away then it would show who was taking over their role. It would also help to identify how you could impose the chain of command to fill the void of any vacancies. This would be particularly important if the role or process was needed to be documented for compliance purposes.

The Preliminary Specification provides the oil and gas producer with the most profitable means of oil and gas operations. People, Ideas & Objects Revenue Model specifies the means in which investors can participate in these user defined software developments. Users are welcome to join me here. Together we can begin to meet the future demands for energy.

The Military Command and Control Metaphor

People, Ideas & Objects development of the Military Command & Control Metaphor (MCCM) of the Security & Access Control module is not without some historical context. Before the hierarchy, which I perceive as somewhat of a commercial development of the 20th century, there was only the military structure in terms of large organizations. The main difference between the two is rather subtle but significant. The military structure is much broader and flatter than the hierarchy. That is one of the ideals that we are seeking, but the more important feature is the ability for the chain of command to span multiple internal and external organizational structures.

If we analyze the U.S. Military we find a number of interesting attributes of using the military chain of command that will provide value in the use of People, Ideas & Objects software applications. First is the title and assignment of an individual in the military.  For example, “Sgt. Richard Knuth, Company A, Brigade Special Troops Battalion, 3rd Heavy Brigade Combat Team, 3rd Infantry Division.” A similar title and assignment for the people within a Joint Operating Committee (JOC) would help to clarify the role and responsibilities, authority and capabilities the individual would have within the JOC. For example this individual might have the following “Richard Knuth, Chief Engineer, Field Straddle, Elmworth. Irrespective of which firm this individual is from. Each of the participants, and the People, Ideas & Objects system, would recognize that the authority of a Chief Engineer was the same throughout the industry and that the designation of Chief Engineer entitled the individual to authorize the appropriate actions.

Now this is not fundamentally different from how the industry operates today. What is different is the ability to operate in a fashion where the interactions between the producers in the JOC are done as if they were all employed by the JOC. Where multiple producer firms are contributing many full time staff to the JOC. This interaction between producers through the JOC can only be replicated if there is a recognizable chain of command between the firms that make up the JOC. In addition to the recognizable chain of command each organization must have additional governance concerns handled, and compliance plays a big part in this as well. (We will talk more about these in the Compliance & Governance module.) That although it would be an easy thing to implement from a people point of view, the actual implementation of pooling the staff from multiple organizations becomes complex when we consider all of the implications. However, with the Information Technologies that exist today, and the issues of the shortages of earth science and engineering talent we have few choices but to pursue this pooling concept.

The nature of the people that will be working through the chain of command that is layered over the Joint Operating Committee will include all of the disciplines that are involved in the oil and gas industry. The contributions of staff, financial and technical resources will include everyone that is employed by the industry today. I can foresee many of the office buildings being refurbished to accommodate the staff of a single JOC. There the staff from the different producers would be seconded to work for the JOC, working at a single JOC not at any particular producer firm.

In previously discussing the Military Command & Control Metaphor (MCCM). I noted this inter and intra organizational use of the MCCM was similar to that used by NATO. That armies of the various countries could work together and recognize personnel from each other's armies and immediately recognize and use the same chain of command. The Joint Operating Committee is the financial framework of the industry. This means that all of the members of a JOC are equally driven by their financial interests. And that financial interest drives consensus. The point in using the NATO example is to show the ability to recognize the chain of command spanning multiple producer organizations represented in the JOC.

The Preliminary Specification provides the oil and gas producer with the most profitable means of oil and gas operations. People, Ideas & Objects Revenue Model specifies the means in which investors can participate in these user defined software developments. Users are welcome to join me here. Together we can begin to meet the future demands for energy.

Tuesday, September 03, 2013

Two Types of Data

In this second post of the Security & Access Control module we discuss the two types of data that are found within the oil and gas industry and how People, Ideas & Objects Preliminary Specification deals with access control and the security of that data.

When we talk about the various people within the producer firms affiliated with a Joint Operating Committee. And the number of Joint Operating Committees that a firm may have an interest in. And the number of people a firm may have employed. Access control becomes challenging. It becomes a challenge when you consider that your people certainly should have the access that you require, but the level of trust that you may have with respect to the other partner organizations is probably not as strong. That is to say, does using the Joint Operating Committee as the key organizational construct of the innovative and profitable oil and gas producer, open the producer firm to any data loss to its partners? This is how People, Ideas & Objects deal with the access and trust issue in the Security & Access Control module.

When we concern ourselves with the data and information of the producer firm, and the information that is cleared from the various Joint Operating Committees that the oil and gas producer has an interest in. We can all agree that this information is proprietary and is subject to the internal policies of each producer firm. (Information such as reserves data, accounting information, internal reports and correspondence, strategy documents.) What we are also concerned about is the information and data that is held in the Accounting Voucher module and the associated data that is common to the joint account. (well file, agreements, production data, capital and operating costs, revenue and royalties.)

Closer analysis of these two types of data and information that are held within the firm and the Joint Operating Committee fall within the proprietary and partnership domains. In Canada at least, most of the data and information regarding a wells operations can be freely obtained through various regulatory agencies. Nonetheless, the majority of the data is shared through the partnership who have an interest in the data and information. Not so for the producer firms data. Most of the information is kept close at hand and is only reported through filtered reserve report summaries and annual reports. Therefore keeping a handle on proprietary data, while operating the Joint Operating Committee as the key organizational construct of the innovative oil and gas producer, as proposed in People, Ideas & Objects, does not present any data leakage.

Access control can therefore be limited by precluding any company personnel from viewing any other companies files. Which is a given. While in People, Ideas & Objects access control is limited to the Joint Operating Committees of the firm and the firms files only. To extend this further we would have access control limited to the appropriate roles within the firm, then it is a matter for the user community to define a standard set of generic roles in which access is required to certain data types. This would also apply to the types of operations that can be handled by that role, for example, read, insert, update, delete. These generic roles could then be assigned to each individual within the organization based on their needs. Assigning multiple roles for more complex access. Access to your proprietary data would be for your company’s personnel eye’s only.

The Preliminary Specification provides the oil and gas producer with the most profitable means of oil and gas operations. People, Ideas & Objects Revenue Model specifies the means in which investors can participate in these user defined software developments. Users are welcome to join me here. Together we can begin to meet the future demands for energy.

The Right Information to the Right People...

As promised we now start with our review of the Preliminary Specification and we begin with the Security & Access Control module.

What we have with using the Joint Operating Committee as the key organizational construct of the innovative and profitable oil and gas producer. Is the interactions of many producers, service providers and suppliers who are involved in the day to day commercial and strategic concerns of that Joint Operating Committee. What we need to concern ourselves within the Security & Access Control module is that the right people have the right access to the right information with the right authority at the right time and at the right place.

Throughout the Preliminary Specification we discuss two of the premier operational issues of the oil and gas industry. Those being the demand for earth science and engineering effort is increasing with each barrel produced. This is best represented in the steep escalation of the costs involved in the exploration and production of oil and gas. At the same time the critical earth science and engineering resources are somewhat fixed and are difficult to expand in the short to medium term. Add to that, an anticipated retirement of this brain trust in the next twenty years, and the problem becomes of critical concern. The second issue regards the manner in which the administrative and accounting resources are organized within the industry. With the Preliminary Specification the need for each producer to develop their own administrative and accounting capabilities internally is replaced by an overall industry capability. Then each producer can access those resources on a variable basis with direct charges to the Joint Operating Committee. This provides operational flexibility in how a producer approaches their strategic and tactical needs.

There are few short term solutions to the short fall in geologists and engineers over the next twenty years. It takes the better part of that time to train them to operate in the industry. What we do know are several “things” that are being applied in the People, Ideas & Objects Preliminary Specification. Key to a number of concepts application are what we call the Military Command & Control Metaphor. Which is a method developed in the Security & Access Control module of imposing command and control over any and all Joint Operating Committees, working groups, producer firms, service providers or organizations the producer may need to add structure to. The concepts are the further specialization and division of labor, and a reduction in the redundant building of capabilities within each oil and gas producer, or as we describe it, a pooling of resources in the Joint Operating Committee.

The first concept of specialization and division of labor is well known as a principle of economics that brings about greater amounts of economic productivity from the same volume of resources. Given that the volume of earth science and engineering resources are known for the foreseeable future, specialization and the division of labor will provide us with a tangible means in which to deal with the productivity of the oil and gas industry. In today’s marketplace to approach a heightened level of specialization and division of labor without the use of software to define and support it would be downright foolish.

The pooling concept is the solution to the current desire that each producer firm acquires the earth science and engineering capabilities necessary to deal with all the needs of their “operated” properties. This creates unneeded “just-in-time” capabilities for the scarce scientific resources. When each producer within the industry pursues this same strategy substantial redundancies are built into the industries capabilities. Redundancies that are left unused and unusable. What is proposed through the People, Ideas & Objects software application modules is that the producers operational strategy avoids the “operator” concept and begins pooling their specialized technical resources through the partnership represented in the Joint Operating Committee. That way the redundancies that would have been present in the industry can be made available to the producers and used by the producers through an advanced specialization and division of labor.

These same principles are present in the second issue noted above. The administrative and accounting acquired through an industry wide capability provides the producer with the flexibility to address the operational concerns of the firm. Issues such as today’s low natural gas prices are able to be addressed through this revised structure. By having the administrative and accounting service providers charge their service fees directly to the Joint Operating Committee. The producer gains the ability to shut-in production without any negative effects on their financial performance. All administrative, accounting, and production costs are eliminated during production shut-in. And the producers are then able to keep those reserves available for the time when production will provide for profitable operations. Natural gas prices will have less volatility as a result of producers removing the marginal production from the marketplace.

Being able to provide the service providers with systems access and security during these day to day operations will be a unique situation for the oil and gas producer. The service providers will be aggregating data on an industry wide basis. And there will be many service providers involved in providing administrative and accounting services to the producer firm and Joint Operating Committees. Consideration for the proprietary nature of the information and security will be priorities for the Preliminary Specification.

A quick note on mobility. People are being provided with new devices that enable them to do their work anywhere they might be. These phones and tablets, in addition to laptop computers, open up security and access control concerns for the innovative and profitable oil and gas producer. Some producers are enabling their staff with policies that allow them to bring their own device to work. The fact of the matter is these devices provide for enhanced productivity and are appropriate for the innovative and profitable oil and gas producer. People, Ideas & Objects Preliminary Specification includes within it an understanding that these devices will be part of the day to day that are used in the oil and gas industry.

What these concepts require therefore is what the Security & Access Control module is designed to provide. The system must provide access to the right person at the right time and the right place with the right authority to the right information. With the Military Command & Control Metaphor there will also be a manner in which the technical, and all the resources, that have been pooled from the producers, interact with an appropriate governance and chain of command.

The Preliminary Specification provides the oil and gas producer with the most profitable means of oil and gas operations. People, Ideas & Objects Revenue Model specifies the means in which investors can participate in these user defined software developments. Users are welcome to join me here. Together we can begin to meet the future demands for energy.

Wednesday, January 16, 2013

The Work Order System for Operational Control


In this our second post to discuss the Preliminary Specifications, Partnership Accounting modules, Work Order system. We look at the tight operational control aspects of the system and how it enables producers and Joint Operating Committees to control the costs associated with the work that is undertaken within the various projects that have been approved. First of all, it should be noted that the Work Order system is not just for ad-hoc working groups and research projects that we noted yesterday. They are also for the type of work that is undertaken in Joint Operating Committees everyday. When an AFE has multiple aspects of a construction project to be undertaken and requires the ability to have budget, chain of command, Job Order, governance and cost control as part of each phase of the project, the Work Order system is a natural addition to the attributes of the AFE or cost centre.

How the Work Order operates is that the individuals who are assigned to work on a project are given the Work Order number to use when they are working on the project. While they are working on the project the system will accumulate their time and their costs will therefore be billed to the AFE or cost centre that is affiliated with that Work Order. Keying the Work Order number into the persons phone, iPad or computer will be all that is required to ensure that accurate records are kept. This would include people who work for the producer firm, members of the Joint Operating Committee, field staff and service industry representatives.

A critical part of the Work Order system is the Job Order system. A method of issuing and documenting the authorized activities within the scope of the Work Order. When a certain decision is to be made, then people will look to the Job Order system for the authorized documentation of when that decision was made by the authorized individual. Only then will the activity take place. What we learned in our research into innovation is that tight operational control is highly consistent with an innovative footing. Having a historical record of this operational control helps to identify the sources of issues. But more importantly from an innovation standpoint. This historical record can also be used to determined what the source of the success was.

The Job Order system in connection with the Military Command & Control Metaphor (MCCM), which provides a flexible chain of command over any Joint Operating Committee or working group. Gives the additional operational control that is necessary for the innovative oil and gas producer. The MCCM which is a part of the Security & Access Control module is able to span multiple organizations and can be used to ensure the groups remains accountable and focused on the objectives of the project.

Lastly the Work Order can be used for internal purposes within the producer firm itself. We have discussed in the Research & Capabilities module how the earth science and engineering capabilities of the firm are being charged to the various Joint Operating Committees. How the producer firm develops and generates revenues from both oil and gas production, and from the delivery of its capabilities to the various Joint Operating Committees it has an interest in. The ability to capture the time and billing for this work is through the Work Order system of the Partnership Accounting module.

The Preliminary Specification provides the oil and gas investor with the business model for profitable exploration and production. People, Ideas & Objects Revenue Model specifies the means in which investors can participate in these user defined software developments. Users are welcome to join me here. Together we can begin to meet the future demands for energy.