In a previous article, we talked about the need for organizations to protect data wherever it resides. The complexity of today’s supply chains brings this need into sharp focus, while highlighting some of the challenges of successful data protection.
Many organizations today depend on a complex network of partners, vendors and suppliers to manage their business. As the digital supply chain grows in size and complexity, so does an organization’s vulnerability.
One only has to look at the infamous 2014 Target Offensewhich exposed the data of nearly 110 million individuals due to a backdoor inadvertently created by a contractor to understand that an organization is only as secure as the weakest link in its supply chain.
The scope of this problem is serious enough to attract the attention of the US government’s Department of Commerce, which publishes new directions for addressing cybersecurity supply chain risk in May 2022
The bottom row? If organizations are going to share sensitive data with an extended supply chain, they need to take the right steps to do so in a secure manner.
“Collaboration within and across company boundaries is spreading sensitive data around the world at record speeds, which means protecting how data is used, shared and created is just as important as how it is accesses them. At Skyhigh Security, we protect your critical data wherever you do business,” said Anand Ramanathan, Chief Product Officer, Skyhigh Security.
Securing the cloud
To collaborate in the extended enterprise, many organizations have turned to the cloud. It’s not uncommon to create a link to content in a system that can easily be shared with a contractor or third-party vendor, or to invite them to be a member of a specific Teams group or Slack channel.
All these collaboration models are well and good, but what are the security implications?
First and foremost, security professionals in organizations need end-to-end visibility into who has access to a specific set of sensitive data that is delivered through a cloud solution. Not just who has access, but what level of the access they have, what they do with sensitive data when they interact with it, and whether their access can be easily revoked once the project ends or circumstances change.
“Skyhigh Security solutions help data protection professionals gain visibility into what data is being shared with the larger supply chain, while better understanding data flows and ensuring compliance with security policies.” Ramanathan said.
Don’t forget the internal applications
Supply chain security is further complicated by the fact that partners and suppliers often need access to any number of an organization’s internal proprietary applications. Historically, access has been managed by requiring third parties to work on the company’s official network or to work on a company-issued device.
In today’s hybrid work model, where people are just as likely to work from home on a personal device as they are from an office, this approach doesn’t work. The new model is about working from anywhere and on any device – while having the right security controls in place to allow third parties to access internal applications.
Manage the risk
The simple fact is that partners and suppliers need access to an organization’s data to be productive. It is up to organizations to ensure they manage the risk that comes from sharing sensitive data with their supply chain.
“While malware captures most of the attention in the public imagination, consumers remain at greater risk when it comes to security. Organizations not only have their own consumers to worry about, but also consumers throughout their supply chain. Skyhigh Security has an approach that follows data and users wherever they are, inside and outside the organization,” Ramanathan said.
Data residing in an extended supply chain requires a new approach to security. To minimize risk, CIOs and CISOs must ensure they have full visibility into their data, whether it resides in the cloud or on-premises, and the ability to effectively manage and protect that data—all without impeding their ability to collaborate seamlessly with the vendors, suppliers and other third parties they rely on to get business done.
For further details on data protection, click here.