Supply Chain Email Security
Written by: Peter Cattaneo, VP of business development at Intercede, discusses email safety in the digital realm
Organisations that deal with a substantial amount of intellectual property, for instance those in aerospace and defence management, are at higher risk from organised crime attacks, hacking and other sensitive data leaks (some of which occur due to simple human error versus malicious intent).
These businesses often rely on a large supply chain composed of many small to medium enterprises (SMEs). More individuals participating in a supply chain means a higher risk that sensitive data will be exposed to security weaknesses. Additionally, the rise of cloud-based email services and use of personal devices for business has created a complex melting pot of security challenges surrounding the secure transfer of sensitive data via email. SMEs in the supply chain must facilitate a protected, accurate email system or risk losing business to competitors who prioritize identity and email data security.
Email is the primary method of information sharing for two-thirds of organisations, but using a non-secured service leaves these organizations open to a range of threats. The volume of email sent globally surpasses that of all other forms of electronic communication. A breach in this digital medium could be catastrophic for any business, small or large. Many organisations are unaware of the security issues surrounding email, have a limited security infrastructure and do not prioritise the need to protect themselves and their customers. Secure information sharing is a critical capability, particularly for those companies working in highly regulated sectors including financial, pharmaceutical and governmental services. SMEs need to be sure they can deliver on supply chain contracts and compliance with an assured way of sharing information, which stops data loss, delivers policy control and reduces the risk of security breaches to protect IP, profits and reputation. The challenge is delivering this when a number of factors complicate the landscape.
The security challenges created by the rise of employees bring their own devices and the uptake of cloud computing means that securing email is becoming increasingly important. Those who collaborate within a secure infrastructure with identity management as a vital component will separate the winners from the losers regarding intellectual property intensive companies.
Creating trusted digital identities for employees and citizens provides the basis for ensuring control over the sharing of sensitive data. Generating and managing assured identities means SMEs know who is sending which email and information to whom at what time, and they protect the digital information in transit. As a stand-alone component, however, this will not ensure the complete protection of the email service – it also must be run on a secure platform that delivers a tightly controlled policy to enforce data labelling, digital message signing, encryption and content compliance.
For large organizations with sophisticated IT regulation, email management systems can be implemented for the whole business. Smaller organizations may benefit from selecting a software-as-a-service (SaaS) model with specialized keys only for key sensitive data handlers within an organization.
When reviewing email management systems, SMEs must consider how these will incorporate the latest industry standards to help combat any foreseeable security issues. Collaborative standards like those set by the Transglobal Secure Collaboration Program (TSCP) deliver security in a form consistent with regulatory requirements and industry best practices.
The TSCP has designed specifications to meet the most stringent information security standards for use in high-security environments within Her Majesty’s Government, the U.S. Government, the Ministry of Defence and NATO. This specification was piloted successfully by a number of organisations including Lockheed Martin, Thales, Raytheon, Cassidian and General Dynamics for the Signed and Encrypted Email Over The Internet (SEEOTI) initiative, sponsored by the U.K. Council for Electronic Business (UKCeB). The TSCP standard framework provides a foundation that can be applied to interpersonal communications (email, IM and conferencing), group collaborative working (document sharing and access to applications) and automated data exchange (product life-cycle and supply chain management) solutions. The framework will ultimately deliver the benefit of a common approach for organisations.
Today, with email as the primary method of information sharing, provisions must be made to ensure both customer and partner information is kept secure. Secure email management combined with a standards-based approach that ensures the correct person receives the appropriate email is needed for any SME to protect intellectual property and to compete in the global business environment.
About the Author:
Vice president of business development at Intercede
Mr. Peter Cattaneo has been active in the security field for more than 15 years. At Sun Microsystems, he managed the successful worldwide adoption of Java Card technology for mobile telephony, payment, logical access and physical access. At Intercede, he is responsible for reducing the cost and complexity of deploying real world solutions that link digital identities with strong authentication for logical and physical access. In addition to traditional badge solutions, he also is working to develop mobile-phone capabilities that interoperate in the same environment.