What you need to know about software security and its impact on your supply chain

The Year Ahead: Opportunities and Challenges Coming to Your Supply Chain

Now that 2019 is upon us, we wanted to take time to look at the exciting opportunities and new challenges that will appear in the supply chain in 2019. Over the next several articles, we will be taking a deep dive into many of these opportunities and challenges. This series will hopefully educate you and prepare you for some of the biggest challenges facing your company.

Understanding Security

The first challenge we will discuss this week is security. As the complexity of the supply chain grows, the security of your customers and products is exposed. In the past, companies would only have to worry about physical security. However, with the advent of Supply Chain 4.0 and the Internet of Things, digital security has become a necessity. How can your company be prepared for the cyber-attacks of the 21st century?

Trust but Verify?

Older companies in a less technological world have long relied on Privileged Access Management (PAM) for protecting their important data and assets. The ideological principle behind PAM is “trust but verify.” PAM is a little tricky to understand. Imagine a high-tech luxury apartment building. If you are visiting a friend in this building, there are certain areas of the building that are off limits. The typical procedure would look something this:

  1. You verify your identity with the doorman.
  2. The doorman calls your friend.
  3. Your friend comes down and escorts you to the correct room.

This would be Access Level 1. Now imagine you live in the apartment building. You would be given an access card for the general building facilities: the lobby, the garage, and the gym. However, you would only have access to the floor and room that is yours. Your access card only gets you into specific approved areas. You would not have access to management or cleaning service rooms. This is Access Level 2. Now imagine you own the high-tech apartment building, you would have full access to the entire building, all rooms and floors. This would be Access Level 3. Privileged Access Management works a lot like this building. The correct access is granted once your identity is verified. Those privileges extend until they are revoked.

Never Trust, Always Verify

With the growing complexity of the smart supply chain, Privileged Access Management no longer is the best way to keep your company secure.  With PAM, once a hacker has passed through the first level of security, they often have access to the whole system. Instead, security experts now recommend an approach called “Zero Trust.” This new approach to digital security differs from PAM’s “trust but verify.” Instead it takes the approach of “never trust, always verify.” Zero Trust takes each entry into the system on a case by case basis and only allows the minimum privilege for that user. With so many connected devices and systems, allowing the least access possible to users is the safest option.

Imagine our high-tech apartment building again. With a Zero Trust Security System, if you lived in the apartment building, you would have to request access to your room every time you came home. The owner of the apartments would verify your identity and give you access only to your room. If you wanted further access to other amenities of the building, you would have to be re-verified and given only the access you need. This “never trust, always verify” approach seems extreme. But with the ever-connected smart supply chain, this granular approach could be the difference between security and a dangerous breach.

Zero Trust will tighten up your systems and make sure that each outside vendor and supplier has only the access they need to accomplish their goals while protecting your customers and their data.

Be Proactive!

To many companies only start to care about security after a breach has happened. Don’t dismiss security concerns! Understand how they work, the difference between older security protocols and new ones, and how to implement Zero Trust into your network.