Despite obvious supply chain differences between organizations in different industries, IT architects should consider their generic similarities when integrating various solutions. Quite often, the complexity of the supply chain depends on the entities working together – manufacturers, logistic providers, repackages, retail stores – meaning that security and infrastructures become complex and cumbersome to manage.
Big company data breaches usually happen when a small contractor experiences a security breach, leveraged by attackers to gain access into the large organization’s infrastructure. To this end, large companies and supply chain managers should be interested in much more than just service availability and optimizing costs, but also infrastructure scalability and security.
Cloud Infrastructure Deployment
When moving your business to the cloud, take some strategic consideration into account in offering availability to global customers. Instances need to be replicated across datacenters in various geographic locations, while monitoring the entire infrastructure for disaster recovery.
Even supply chain entities that access those cloud infrastructures via various applications should be monitored for suspicious activities, requests or entries to make sure they don’t jeopardize the services, databases or infrastructure. Mirroring critical data should also be mandatory for both companies and supply chain entities, as it not only helps expedite disaster recovery, but it could also mean the difference between business continuity and going out of business.
Mobility and Fleet Management
Besides cloud or endpoint security, there’s also the issue of mobility and fleet management. With warehouses, drivers and even retail stores relying on applications and mobile devices for inventory or logistics, a sensible precaution is to secure and manage all mobile devices. MDM consoles usually take care of the management part, but it’s also mandatory that you integrate them with a centralized security management console that can allow the IT department to deploy security policies or even remotely wipe stolen or lost devices.
It’s not uncommon for work devices to be used for personal benefit, meaning that employees could install suspect applications given the opportunity. To that end, security software and policies could help both supply chain entities and the organizations contracting their services keep their data safe.
Shared Security Responsibility
Shared responsibility is one model enforced by large cloud service providers when offering services to customers. While the cloud provider is responsible for physical security and compliance, their customers are responsible for securing their VPS according to their needs and policies. This mutual responsibility model works for companies that rely on both hybrid infrastructures, as they’re usually interested in keeping a tight lock on at-rest and in-transit data. This usually involves encrypting the communication between endpoints and the cloud as well as encrypting data at-rest at both ends.
The same shared responsibility model could be applied to each entity in a company’s supply chain, by scrutinizing their security capabilities or by working with entities that adhere to the same security standards as the company contracting their services. While organizations are not expected to manage the security of the entire supply chain, they could request security audits from the entities that directly interact with their infrastructure.
Supply Chain Security is Everyone’s Responsibility
While some organizations would argue that supply chain entities should be responsible for handling their own security, it’s recommended that at least some basic security guidelines are enforced by the contracting organization. To that end, IT architects should fully understand the cloud – specifically, the hybrid cloud – and not only leverage new web services to increase efficiency and performance, but also consider the security aspects of a dynamic supply chain.
Whether the contracting company handles the security challenges for all its contractors, or each supply chain entity is delegated to enforce its own policies, security should be implemented across the board on any and all devices.