Five simple steps to prevent profit leaks in supply and demand chains
- 11 November, 2009 15:13
<p>By John Lee, Regional Sales, Pacific, Axway Inc</p>
<p>We’ve all read the headlines – thousands of patient names released on the Internet, a disk containing a bank’s customer records lost on the subway, and so on. Violating personal privacy is of course cause for serious public concern. However, there is another serious consequence of data leaks: The integrity of your business.</p>
<p>Imagine if your top 10 customers’ purchasing history - with price, margin and trends - were leaked to the public? Would they still be your customers?</p>
<p>Perhaps a hacker, just for fun, taps into your unsecured file transfers (e.g. thru FTP) with your largest business partners – and circulates your up-to-the minute selling prices, purchase prices or sales quantities.</p>
<p>What if the ratings and contract terms of your carefully cultured network of customers, suppliers and logistics providers were leaked to your competitors? What if you didn’t even know? Would you find your margins eroded, bids lost?</p>
<p>If any of these incidents occurred, (or were even thought to have occurred) this would be considered a critical breach of the trust that underlines most substantial business relationships. It is not difficult to imagine the steady erosion in confidence of doing business with such an organisation, and the resulting leak in profitability.</p>
<p>You may say these examples are over-dramatic, perhaps unlikely to apply in your industry, particularly as a small or medium-sized business. However, that is probably more reason to take heed since you must ‘shut the door, before the horse bolts’.</p>
<p>Your exposure to risks</p>
<p>Let’s look at where you may be exposed. Your IT systems evolve over time in response to business drivers, need to comply with key customer technology requirements, Government mandates, technology changes and opportunities, and even individual ways of doing things. Particularly with the opportunities offered by the Internet, this evolution has often been reactive, rather than planned.</p>
<p>This can lead to situations where:
• The communications channel and/or the data is unsecured (e.g. not encrypted), and the source of the information cannot be authenticated
• There is no way of identifying and stopping confidential information from being sent out from the enterprise.
• Unreliable exchanges (multiple failed transfers) are frustrating, resulting in an “almost correct is good enough” culture where security gaps are left unfixed.
• Each application tends to follow its own unique way of integrating with other applications and with business partners, leading to a mish-mash of communication and integration techniques and security exposures
• Audit trails, if they exist at all, do not provide a comprehensive end-to-end event trail of each information exchange, nor the facility to provide a single holistic view of the enterprise’s information exchanges. It is not possible to answer the auditor’s typical request – “prove that you know” what is happening in the business.
• Information is stored in the DMZ, leaving internal data exposed
• The “end-points” of the network are security loopholes – centrally secured, protected information can be downloaded to a PC and emailed inadvertently, or copied to a USB storage device and mislaid.</p>
<p>Any of these pose a significant risk of a data leak or profit leak incident.</p>
<p>There are simple, well-proven steps to follow for profit leak prevention from your supply and demand chains. Rather than just address the security risk of data leaks, you can meet key customer business-to-business (B2B) integration requirements, lower operating and inventory carrying costs, and enhance revenue opportunities by addressing this as part of your company’s partner collaboration strategy. The security aspect will be just one part.</p>
<p>1. Define objectives
The first step is to define what you want your business to achieve by e-collaboration with your external supply and demand chain partners, and amongst internal departments. This may include compliance with government regulations, ability to comply with customer mandates, specific quality and efficiency targets for cost reduction and cash flow improvement, improved revenue by being “easier to do business with” – and quantifiable security service levels. According to the 2009 UPS Asia Business Monitor Survey, 90 per cent of SMBs see the lack of supply chain efficiency as a key obstacle to competiveness.</p>
<p>2. Assess your environment
Next is to assess where you are today – how many partners do you have and how do you collaborate? How many applications do you have and how do you integrate? What processes are involved? How cohesive are they? Does the Operations department know what’s going on? Do your customers? How quickly can you respond to new compliance requirements or new customer mandates? What security exposures are there?</p>
<p>3. Define your end goal
Define the functional and technical requirements for collaborating with your partners that support your supply / demand chains. Use a “start anywhere, use anything” design philosophy that allows incremental improvements, together with the confidence to grow.
Include a B2B integration module that provides an external facing gateway with support for commonly used secure and reliable protocols. It is important that the sender can be authenticated and the data itself encrypted using unbreakable ciphers, and information can be validated and exchanged seamlessly with any backend application or office such as SAP.</p>
<p>Consider a community management component to on-board and manage your partners securely and efficiently, effectively reducing the time-to-market. Provide visibility and governance features that offer end-to-end process visibility, audit trails to “prove what you know” and customer service support, and key performance indicator (KPI) dashboards to implement ongoing service level improvement programs.</p>
<p>4. Execute the plan
Working closely with a software partner could be the difference between improved profits or heavy losses when making technology investments, particularly in an economic downturn.
Also core is to preserve the value of existing investments – and not rip-and-replace everything you have.</p>
<p>To do this, design using a ‘start anywhere, use anything’ principle, so that you can select the low-hanging fruit and implement in phases while assuring the high availability of the ongoing operations, and also can grow the solution with confidence.</p>
<p>Axway, for example, provides a very cost-effective collaboration module designed for SMBs using its collaboration platform technology. It also provides this in a Software-as-a-Service (SaaS) mode, which minimises start-up costs and pegs expenses directly to usage.</p>
<p>5. Assess and improve performance
Finally the ongoing process of assessing and improving the performance of the automated collaboration processes against the established benchmarks. With such a strategy, not only will you plug any data leaks, but you will have the requisite efficiency gains, agility and visibility to survive when competition for the diminished demand is at its most fierce.</p>
<p>For more information
Regional Manager, Pacific, Axway
Tel: +61.2.9956 4558
Mobile: +61 (0) 401 338 212
PR Deadlines, for Axway
Tel: +61.2.4341 5021
- Samba flaw exposes Synology's Linux NAS to WannaCry-like attack
- Machine learning: what it is, and what it isn’t
- A Brief Guide to the ICT Security Controls Required by the Australian Privacy Principles and Mandatory Data Breach Notification Scheme
- The week in security: Adjusting to WannaCry’s “new normal” as authorities float IoT security baseline
- Does third-party security awareness training work?