Data security and your business supplier
8th Nov 2012 | 17:46
Do you know where your data is and who is looking at it?
Glyn Dodd, managing director of Centrex Services explains why businesses need to be aware of potential security issues even when dealing with a trusted supplier
Data security breaches have the potential to cripple a business. The fallout from the loss of sensitive data for example, could include legal costs, lost revenue from customer deflections and the need to repair a damaged reputation.
This applies to breaches in the supply chain, and businesses simply cannot afford to place at risk the vast amounts of personal information, and other sensitive corporate and customer data that is collected, stored and transferred via their technology.
Yet, data security and integrity is being lost and mismanaged at various points in the service supply chain on a daily basis, placing businesses at critical risk.
Many organisations compromise their sensitive data when working with a variety of partners because there is a lack of understanding of where and how the data lives on - not just on computers and server hard drives, but across a wide range of devices, including printers, copiers, scanners and fax machines.
Printer hard drives, for example, could contain readily obtainable data, such as copies of bank cheques and drivers' licenses. Organisations must have the necessary checks in place before placing hardware with the ability to store sensitive data into partners' hands. Otherwise, they place their critical information at great risk.
While businesses need to foster a greater sense of awareness over the information stored on their technology, I believe the threat of data security breach is also heighted by critical gaps in the service supply chain.
Data security integrity is at risk because partners in the maintenance sector are operating in silos. This is a key reason why complex supply chains need to be simplified; these silos have led to gaps within operational activity and data protection has slipped into these chasms.
We are operating within a security minefield and have already begun to see an alarming rise in data security lapses; recently a major UK NHS Trust was significantly fined by a data protection watchdog after highly sensitive hard drives ended up being sold on eBay.
I fear it's only a matter of time before further breaches occur. In t would be very easy for example, for a business to place a printer or mobile device out for an off-site fix with a supplier, and for it to end up at a rival organisation, with a customer's personal information still included.
These examples of data breach are unacceptable. In my firm opinion, until data security is moved up the businesses agenda, responsibility is allocated, and there is recognition that the supply chain contains very sensitive data, this danger will continue to escalate to a critical level.
X-head Lean data
We must act now to plug the critical gaps in the service supply chain. Businesses must put processes in place to enable them to have a greater understanding of the information stored on their technology.
We must also be certain that every element of the supply chain that the component, spare part or whole unit might pass through is following the exact same standard. End-to-end ability to audit the process must also exist throughout and provide business intelligence.
Businesses can also help to overcome the critical gaps in the service supply chain by considering an approach which takes the core principles of lean manufacturing and applying them to the supply chain, allowing the business to get an end-to-end handle on the supply chain they work within, and enabling it to strengthen its data security processes. This approach is called 'lean sourcing'; a methodology that questions what, where, when and why sourcing decisions are made from this very simple but effective standpoint.
Plugging the gaps
Security and data protection has long been the elephant in the room. Things must change dramatically. Businesses need to figure out how to improve IT security and data protection capabilities, utilising partners that fully comprehend the nature of the threats to which businesses are now routinely exposed.
By doing this, organisations can have a better grasp of how to improve their risk management exposure, or the changes to their processes needed to support any security and data protection technology enhancements. This will enable businesses to streamline, and easily manage their supply chain, by removing the complexity of maintaining technology equipment.
In turn, this will bring greater transparency to the entire supply chain; helping companies to close the gaps that so urgently need to be plugged before businesses critical data is lost down the proverbial drain pipe.