Companies of all sizes and across all industries are dependent on easy access to critical business information. The proliferation of low cost and more capable laptops, tablets, and smartphones allows employees to be more mobile and cloud services make the synchronization and sharing of information quick and easy.
This explosion of information sharing is both beneficial and potentially damaging as it can result in a lack of control and visibility of the spread and use of data. The IT department may quickly lose sight of confidential or sensitive data leading to a very real and immediate risk that the data may be lost, stolen, or used inappropriately without the ability to detect or remediate it. This is especially true in your supply chain as you frequently share sales, manufacturing, scheduling, patient and other sensitive information with business partners and suppliers.
Take the example of a manufacturing company that uses numerous third parties to manufacture subassemblies for an automobile. The auto manufacturer creates design documents and drawings for everything from the chassis to the engine to the seats. Brakes, headlights, exhaust systems, suspension, steering mechanisms and a thousand other components may be manufactured by other companies. Those suppliers have suppliers of their own all the way down the line.
As the auto manufacturer looks at its own security systems, it needs to worry about the security of its intellectual property. Protecting that information while easily sharing it with suppliers can be a major challenge. Cumbersome internal security controls that limit access to systems and information
may not work when sharing information with outside organizations.
Many companies have approached this issue by implementing encryption solutions to protect data stored on a laptop or other mobile device. Using full disk encryption protects against the loss or theft of data as it is stored but does not protect against the use of the data by authenticated and legitimate users. Once someone legitimately accesses their device, they have full permission to access, modify and transmit any files.
While most of us act appropriately and responsibly, we are only human and make mistakes. How many times has someone accidentally sent a sensitive document to the wrong person in email? If your supplier sent your information to one of your competitors, the consequences may be drastic for your business.
Think about the vulnerability of your data within your supply chain. You may have the best security that money can buy, but once it leaves the confines of your encrypted hard disk, the information is out of your control. You have to rely on the security systems of your downstream partners to protect your information. Unless you have done a security audit on those partners and are satisfied that they will maintain your intellectual property in a safe way, you are vulnerable.
You need a way to persistently control access to the data regardless of location. The best approach is to encrypt the data as it’s created and apply dynamic security policies that can restrict its use to only authorized people. The controls should allow you to change access policy immediately when business conditions change. Since business relationships do not last forever, you may change suppliers and want to ensure your old supplier no longer has access to your sensitive information. By applying the security at the file level, you can also ensure that any copies stored in cloud services, email systems or on mobile devices are inaccessible.
Protect your sensitive data throughout your supply chain to mitigate your risk and that of your business partners. Controlling access persistently ensures that you always maintain control.
Photo credit Graham Richardson