Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

Five simple steps to prevent profit leaks in supply and demand chains

  • 11 November, 2009 15:13

<p>By John Lee, Regional Sales, Pacific, Axway Inc</p>
<p>We’ve all read the headlines – thousands of patient names released on the Internet, a disk containing a bank’s customer records lost on the subway, and so on. Violating personal privacy is of course cause for serious public concern. However, there is another serious consequence of data leaks: The integrity of your business.</p>
<p>Imagine if your top 10 customers’ purchasing history - with price, margin and trends - were leaked to the public? Would they still be your customers?</p>
<p>Perhaps a hacker, just for fun, taps into your unsecured file transfers (e.g. thru FTP) with your largest business partners – and circulates your up-to-the minute selling prices, purchase prices or sales quantities.</p>
<p>What if the ratings and contract terms of your carefully cultured network of customers, suppliers and logistics providers were leaked to your competitors? What if you didn’t even know? Would you find your margins eroded, bids lost?</p>
<p>If any of these incidents occurred, (or were even thought to have occurred) this would be considered a critical breach of the trust that underlines most substantial business relationships. It is not difficult to imagine the steady erosion in confidence of doing business with such an organisation, and the resulting leak in profitability.</p>
<p>You may say these examples are over-dramatic, perhaps unlikely to apply in your industry, particularly as a small or medium-sized business. However, that is probably more reason to take heed since you must ‘shut the door, before the horse bolts’.</p>
<p>Your exposure to risks</p>
<p>Let’s look at where you may be exposed. Your IT systems evolve over time in response to business drivers, need to comply with key customer technology requirements, Government mandates, technology changes and opportunities, and even individual ways of doing things. Particularly with the opportunities offered by the Internet, this evolution has often been reactive, rather than planned.</p>
<p>This can lead to situations where:
• The communications channel and/or the data is unsecured (e.g. not encrypted), and the source of the information cannot be authenticated
• There is no way of identifying and stopping confidential information from being sent out from the enterprise.
• Unreliable exchanges (multiple failed transfers) are frustrating, resulting in an “almost correct is good enough” culture where security gaps are left unfixed.
• Each application tends to follow its own unique way of integrating with other applications and with business partners, leading to a mish-mash of communication and integration techniques and security exposures
• Audit trails, if they exist at all, do not provide a comprehensive end-to-end event trail of each information exchange, nor the facility to provide a single holistic view of the enterprise’s information exchanges. It is not possible to answer the auditor’s typical request – “prove that you know” what is happening in the business.
• Information is stored in the DMZ, leaving internal data exposed
• The “end-points” of the network are security loopholes – centrally secured, protected information can be downloaded to a PC and emailed inadvertently, or copied to a USB storage device and mislaid.</p>
<p>Any of these pose a significant risk of a data leak or profit leak incident.</p>
<p>Practical steps</p>
<p>There are simple, well-proven steps to follow for profit leak prevention from your supply and demand chains. Rather than just address the security risk of data leaks, you can meet key customer business-to-business (B2B) integration requirements, lower operating and inventory carrying costs, and enhance revenue opportunities by addressing this as part of your company’s partner collaboration strategy. The security aspect will be just one part.</p>
<p>1. Define objectives
The first step is to define what you want your business to achieve by e-collaboration with your external supply and demand chain partners, and amongst internal departments. This may include compliance with government regulations, ability to comply with customer mandates, specific quality and efficiency targets for cost reduction and cash flow improvement, improved revenue by being “easier to do business with” – and quantifiable security service levels. According to the 2009 UPS Asia Business Monitor Survey, 90 per cent of SMBs see the lack of supply chain efficiency as a key obstacle to competiveness.</p>
<p>2. Assess your environment
Next is to assess where you are today – how many partners do you have and how do you collaborate? How many applications do you have and how do you integrate? What processes are involved? How cohesive are they? Does the Operations department know what’s going on? Do your customers? How quickly can you respond to new compliance requirements or new customer mandates? What security exposures are there?</p>
<p>3. Define your end goal
Define the functional and technical requirements for collaborating with your partners that support your supply / demand chains. Use a “start anywhere, use anything” design philosophy that allows incremental improvements, together with the confidence to grow.
Include a B2B integration module that provides an external facing gateway with support for commonly used secure and reliable protocols. It is important that the sender can be authenticated and the data itself encrypted using unbreakable ciphers, and information can be validated and exchanged seamlessly with any backend application or office such as SAP.</p>
<p>Consider a community management component to on-board and manage your partners securely and efficiently, effectively reducing the time-to-market. Provide visibility and governance features that offer end-to-end process visibility, audit trails to “prove what you know” and customer service support, and key performance indicator (KPI) dashboards to implement ongoing service level improvement programs.</p>
<p>4. Execute the plan
Working closely with a software partner could be the difference between improved profits or heavy losses when making technology investments, particularly in an economic downturn.
Also core is to preserve the value of existing investments – and not rip-and-replace everything you have.</p>
<p>To do this, design using a ‘start anywhere, use anything’ principle, so that you can select the low-hanging fruit and implement in phases while assuring the high availability of the ongoing operations, and also can grow the solution with confidence.</p>
<p>Axway, for example, provides a very cost-effective collaboration module designed for SMBs using its collaboration platform technology. It also provides this in a Software-as-a-Service (SaaS) mode, which minimises start-up costs and pegs expenses directly to usage.</p>
<p>5. Assess and improve performance
Finally the ongoing process of assessing and improving the performance of the automated collaboration processes against the established benchmarks. With such a strategy, not only will you plug any data leaks, but you will have the requisite efficiency gains, agility and visibility to survive when competition for the diminished demand is at its most fierce.</p>
<p>For more information
John Lee
Regional Manager, Pacific, Axway
Tel: +61.2.9956 4558
Mobile: +61 (0) 401 338 212
<p>David Frost
PR Deadlines, for Axway
Tel: +61.2.4341 5021

Most Popular

Editor's Recommendations

Solution Centres


View all events Submit your own security event

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Media Release

More media release

Market Place