Today (January 28) is International Data Protection Day. To mark it, Supply Chain Digital spoke to a major player in the data management world: Sean Carpenter, Senior Director, Product Management and Data Privacy at project44, a leader on supply chain visibility solutions.
Tell us a little about your role and project44
At project44 we offer a real-time transportation visibility platform, which is used by 800 brands worldwide, to manage inventory and disruptions that arise and also to provide end-to-end visibility on shipments.
I have built web applications used by millions of consumers, as well as solutions focused on business users solving big problems. I believe that products people love are the products that solve their problems.
How important is data security to supply?
Very. Collecting, maintaining, and analysing data is at the heart of an efficient supply chain, and how businesses monitor their connections and safeguard this data is paramount. In supply chains, data and trust go hand in hand. From location sharing and shipment documentation, to Industrial Internet of Things (IIoT) devices and inventory management, organisations are connecting with an exponentially growing number of data touch-points, all of which must be secured.
Does International Data Protection Day make any difference?
It’s an international initiative, so it brings data security into the limelight, but of course this is not a threat that we face just once a year. Data security is a constant and ever-evolving challenge for businesses, and major disruptions invite endless opportunities for breaches. It is vital that all data sources are secured 24/7, because the supply chain is only ever as strong as its weakest link.
How do firms keep supply chain secure?
Shippers increasingly consider Real-Time Visibility as a must-have when choosing a transportation partner, and carriers need to be able to keep up with this increased demand for relevant, real-time data. The first step to keep this ever-expanding network secure is to assess your data touchpoints. Map out how data is being shared, used, and stored – which systems, tools, and people do you have in action? Know this, and you can ensure data is not only secure but that the necessary data security policies and processes are in place.
End-to-end data protection is best achieved through encryption, with system access restricted, logged and audited. All employees have a responsibility to keep an organisation’s data secure, but your staff cannot mitigate the risks if they do not understand them. Make it a priority to raise the baseline level of understanding and competence across the supply chain to create a sense of ownership and safeguard your data.
Why is visibility so important to data security?
Logistics companies must now operate in a much more networked and collaborative world. Smaller firms can be especially sceptical of new systems and devices, raising concerns around data security. Yet these developments are an essential part of the digitalised supply chain, allowing shippers and carriers to monitor their networks and respond rapidly to changing dynamics.
End-to-end visibility is now an expectation rather than a desire, with businesses of all sizes needing to integrate with multiple partners and systems to achieve visibility across the extended supply chain. With this large-scale integration, the only way to win the trust of your employees and partners is with an air-tight data security strategy in place.
How important is data security accreditation?
Businesses that have, or are working towards, accreditation enforce the highest levels of data protection, which is vital when it comes to protecting organisational and personal data.
When choosing supply partners look out for solutions that are ISO 27001-certified. This is the global standard for mandating controls for the establishment, maintenance, and certification of an information security management system (ISMS). Then there is also regional compliance accreditations, such as SOC 2 in the US.
Due to the international nature of supply chain, data rights can change quickly across country and state borders, so it’s essential both your organisation and your supply partners respect territory-specific laws, such as GDPR.
How can firms keep stored data safe?
How a business stores its data is a crucial aspect of data security. On-premise data centres can be difficult to secure, with many organisations unable to fund a data security expert in-house to maintain the security of a sprawling data network.
Investing in secure cloud services, such as AWS or Google Cloud, is a great way to safeguard data. They offer in-built flexibility to handle changing demand for, and quantities of, data. Such systems are also an essential part of disaster recovery planning, as they have multiple fail-safes to reduce system downtimes, and potential supply chain disruption.
Is data protection a mindset thing?
With data protection it’s important to be proactive; you can’t rely on systems that monitor, alert and intrusion-detect to keep data safe. You need to continuously assess and improve your processes, policies and plans to keep up with evolving threats to your data. So in that sense, it’s a mindset.
Proactive data protection means working vulnerability management into your data security strategy, and monitoring for intrusion at all times. Pivot your thinking towards a risk-centric approach to data security - seek out opportunities for threat. For an extra layer of security, carry out trusted third-party penetration testing, to ensure there are no potential chinks in your armour that can be exploited.
How safe is it to share data?
Data security should always be a priority to protect your business and customers but you mustn’t forget the benefits of data sharing far outweigh the potential risks. When done securely, effective integration can monitor, streamline, and enhance operations, as well as and helping with collaboration. Robust data allows you to build trust with customers and employees, and also ensures you meet their ever-evolving standards.
- How to analyse third-party risks in the supply chainSupply Chain Risk Management
- Top 10: Supply chain cybersecurity vulnerabilitiesDigital Supply Chain
- Automation the key to Biden software supply chain demandsDigital Supply Chain
- Software supply chain welcomes Biden memo on cybersecurityDigital Supply Chain