A Fortune-100 enterprise with a vast network of supply-chain partners located at various points around the globe.
Large enterprises rely on vast, smoothly functioning supply chains—featuring upstream and downstream partners who may themselves work with second- or third-tier partners—in order to get
their goods or services to customers. Demands are now also growing for these supply chains to be more dynamic and responsive to customer needs. All of this requires a lot of data sharing—more than 50 times as much data is exchanged across supply chains now versus just five years ago.
These information flows must be actively secured in order to safeguard against threats such as data breaches, data manipulation, denial of service, and viruses. The consequences of successful attacks can be far reaching and long lasting, ranging from damaged reputations to unsafe products, compromised customer privacy, unmet regulations, and stolen intellectual property. The costs can easily mount into the millions of dollars.
However, securing data in scenarios that involve third parties and remote access poses additional challenges. Enterprises cannot control their partners’ equipment and have to rely on them to adhere to established security policies. Unfortunately, most suppliers do not have the personnel or robust security systems needed to thwart sophisticated attacks, especially when their staff are working remotely and sending information through the Internet via untrusted connections, such as public WiFi or foreign telecom networks.
Because of these additional complexities, 80 percent of all reported cyber breaches come through the supply chain.
Those responsible for maintaining the digital security of supply chains typically consider three ways of overcoming these challenges:
- Prohibiting the use of unclassified network communications;
- Issuing devices re-configured to thwart cyber threats; or
- Implementing an add-on solution.
Prohibiting the use of unsecured Internet networks impedes workflow and reduces productivity. Issuing new secure devices is cumbersome, difficult to manage, cost prohibitive, and poses interoperability problems. Aftermarket device re-configurations, on the other hand, cannot keep up with changing requirements.