Georgia Wilson | supplychaindigital.com »
Supply Chain Digital sits down with cloud and cyber experts to discuss the adoption of these technologies in the supply chain industry.
“Disruptions within supply chains are becoming more common,” says Tim Mackey, Senior Principal Consultant at Synopsys CyRC. “Suppliers at every level need to understand not only what the risk of attack they might bear is, but also how any disruption in their operations will impact their consumers. When it comes to cyber attacks, it is the attacker who defines the rules. They decide the timing and the nature of their efforts. If successful, they also define what type of disruptive activity they perform. Some might attempt a ransomware attack, others might attempt to modify plant operations or seek to download data. This requires a level of cyber awareness to become part of overall business operations and an increased level of transparency between partners.”
Paul Williams, Director of Highstream Solutions and Saryu Nayyar, CEO of Gurucul agree with Mackey that it is important for the supply chain industry to invest in data and data security to remain safe and competitive. “One of the key benefits is real-time visibility of stock levels for firms,” says Williams. “Having data stored in the cloud means that it can be accessed from a single source, providing real-time visibility of stock levels. A strong cloud technology system, paired with a robust approach to cyber security, will ensure that ‘just-in-time’ supply of materials can be managed to the point of requirement, keeping the supply chain running smoothly.”
“Software is a core component of almost any deliverable with supply chains,” continues Mackey. “It ranges from the design of the component to the logistics solutions used to manage inventories. With software present at each stage of the assembly and delivery chain, the risk of compromise by external forces is real. Cyber security practices seek to first quantify those risks, and then apply strategies to mitigate or minimise the risk. For example, a common starting point for many cyber security efforts is to compile a complete inventory of all software assets used and produced by a business. Armed with this inventory, a bill of materials can be created which identifies the origin for each component.”
To combat these threats, Raj Bawa, Operations Director at JBi Digital has seen an increase in organisations looking to be smarter about data, by using multi-factor authentication. “Five years ago, businesses dealing with two or multi-factor authentication were uncommon, but it has become much more prevalent recently as the need for providing something beyond a username and password arises. Companies are utilising things like biometrics and facial recognition, and there are more and more ways to authenticate now.”
“Although the cloud presents a variety of business benefits,” says Nathan Britton, Application and Cloud Security Practice Lead at NTT Ltd. “ it does not provide a one-size-fits-all solution and presents some risks which are different to traditional IT systems.”
Understanding the cloud and its challenges for effective adoption
“Before you consider the cloud, you need to understand your business strategy and goals for using this resource,” says Britton. “Organisations must carefully consider and articulate what the business reasons are for moving to the cloud before building the strategy to get there. Understanding your business strategy helps to define the base level security controls expected from your cloud service provider (CSP), and any additional security controls the organisation may need to meet the business requirements. With more and more businesses migrating to cloud services as part of their digital transformation there is an increased likelihood of cloud related breaches. The Department for Digital, Culture, Media and Sport reported in its Cyber Security Breaches Survey 2018 that businesses using cloud computing were more likely to have faced breaches than those who do not – 52% versus 43%.”
“Achieving this is as much a human goal as it is a technical one,” adds Dave Locke, EMEA Chief Technology Advisor at World Wide Technology (WWT). “Naturally, cyber must come hand in hand with the cloud – industry leaders need to be aware of the risks posed by an increasingly connected environment and plan accordingly. It’s estimated that the average large enterprise uses around 730 individual cloud services and capabilities. Therefore, businesses need to create policies that make sure employees use trusted services and vendors, and that they involve IT from the outset of any new venture. Laying solid foundations is important for good practice as secure cloud usage needs strong governance protocols.” Agreeing with Locke, Mackey adds that “one of the biggest challenges is applying existing best practices to cloud solutions. These practices may have been adequate when they were created, but when adopting a cloud solution, it’s important to ask how that cloud solution improves business security and then look at what changes in policy or process are required to maximise the potential. If this isn’t performed, there is a risk that the pre-existing best practice could make the cloud solution significantly less secure.”
Ultimately, “the most important mission for companies working in the supply chain industry is to organise an uninterrupted, optimal movement of goods and services. This means reducing the cost of delivery by optimal loading of delivery capacities and sending these capacities in the right direction and at the right time. The challenge is to make technologies support this flow of goods, rather than bring potential technological failures which could create delivery delays,” comments Andriy Lysyuk, Head of Cyber Security at Ciklum, which Niamh Muldoon, senior director of Trust and Security, EMEA at OneLogin agrees cloud and cyber technology can help deliver.
“The cloud can be a great resource for the supply chain industry,” says Nayyar. However, “a joined up cohesive approach is impetirive,” adds Britton. “The scalability and flexibility offered by the cloud provides great opportunities for organisations to accomplish their business goals. However, this brings extra responsibilities to an organisation to ensure it is secure.” Locke recommends that “a good cloud adoption strategy consists of four steps: a technology transition plan, testing, an internal adoption strategy and standardisation.” Locke emphasises that this will help to “ensure that the new technology works as expected and that security is embedded within the culture of the organisation.”