Posts tagged Security
The Very Real Threat of Industrial Espionage

By Steve Jordan, Director, Supply Chain Solutions

The concept of intellectual property being stolen for profit arises pretty consistently in the supply chain industry, a fact that surprises many who believe it to be a topic that’s largely the province of Hollywood, rather than a major concern for all enterprises that process, manage, and retain customer data. Those enterprises take the horror stories seriously, well aware of the possibility of profit-slashing regulatory penalties and the certainty of brand damage that no amount of cash or PR could ever fix.

For the supply chain industry, the possibility of an intellectual-property breach has an added dimension — the very real threat of industrial espionage.

Managing production, distribution, and marketing outside the enterprise — what some people call the edge — is a fact of life in today’s global markets. Most companies use a hodgepodge of technology and procedure to work with the myriad of external partners across the edge. While somewhat effective, managing the complex, intricate processes is expensive, labor intensive, and not as secure as most companies need it to be.

For example, until a manufacturer’s product goes to prototype, all the research-and-development work is tied up in research and design (i.e., CAD/CAM drawings, chemical formulas, or technical schematics), which makes issues like security and visibility into file-access limitations major considerations for any supply chain organization. When a third-party firm is called upon to develop a piece of a larger product, or an advertising agency is provided advance units in order to prepare a campaign ahead of a product’s debut, the risks of information leaks increase. If that information were to fall into a competitor’s — or even a customer’s — hands before a product was released, months or even years of market advantage could be lost, a prospect nobody wants to explain to their CEO.

Make sure your organization manages the edge in a consistent manner by using tools that let you govern the flow of data:

  • Consolidate your data flows through a layer that provides security and visibility wherever your information goes
  • Create a more flexible model that enables you to collaborate with all your external partners, yet still keep your sensitive information secure
  • Leverage the cloud where possible. Cloud offerings are often more “edge ready.” For example, use a cloud-based solution for more rapid partner onboarding. The benefits will drive adoption of a more secure platform.
  • Leverage cloud-based APIs and API-based solutions to simplify access to data and systems. Those APIs are not only easier to integrate, they’re more easily used by API server products that both govern data and enable integration with the cloud and mobile devices.

By taking the measures above, you’ll be fit to manage your and your business partners’ service level agreements. You’ll ensure you’re not at risk to star in your own horror story, that your capital will be spent on growing your business rather than making amends, and that your brand will never get tarnished by something as readily preventable as a security breach, no matter how often your data ventures beyond your four walls.

Information Ooze?

By John Thielens, CSO, Axway

“By 2016,” writes Gartner in a November 2011 research note, “20 percent of CIOs in regulated industries will lose their jobs for failing to implement the discipline of information governance successfully.”

Whenever the concept of information governance arises, a single word immediately pops into my mind: Leak.

Initially, the type of leak the enterprise focused on was a network-level leak — that gaping hole in the side of the enterprise’s hull that was fixed by tightening up the network, installing firewalls, and making everything less susceptible to attack.

Later, the enterprise focused on a type of leak that involved an unauthorized disclosure of information, often due to inappropriate controls at the enterprise boundary, a bad information-classification strategy, or no information-classification strategy. This type of leak demanded policy infrastructure — a system that determined who was allowed to move what kind of information across which boundaries.

Today, the leak the enterprise focuses on is less active and more accidental. Think of it as information “ooze,” a consequence of data-management technologies allowing consumer information to be leaked via Bring Your Own Device (BYOD) and Bring Your Own Application (BYOA) vectors.

An appropriate information governance infrastructure will defend against the first two types of leaks, but addressing the third type of leak — the “ooze” type — isn’t so straightforward. How do you prevent the disclosure of information from a particular data set when A) you didn’t create that information (your consumers did) and B) the information resides on an unauthorized device and/or an unauthorized application of your users’ choice? How do you keep information within the enterprise so that an audit trail is actually possible?

The one out of five CIOs who will lose their job by 2016 will have successfully shunned years of warnings about the importance of information governance, but the four out of five CIOs who won’t lose their jobs will answer the questions above by implementing the right policies. They will provide their users with secure access to the enterprise’s data, and they’ll provide themselves with the ability to track that data.

Let’s strive for a 2016 where Gartner’s prediction proves inaccurate, where only the smallest minority of CIOs fail to implement the discipline of information governance, and where the word that immediately pops into mind when the concept of information governance arises isn’t “leak,” but “airtight.”