Introduction:
In the past few months, I have received several requests from organizations to help protect intellectual property across supply chains. This prompted me to write a series of blogs that I hope will be valuable to readers. This is part 1 of the blog series.
The challenges before Supply Chains
Supply chains are the lifeblood of most, if not all, businesses today. Keeping all supply chain components running smoothly ensures on-time delivery of products and services, especially with changing consumer demands and supply chain disruptions brought about by the COVID-19 pandemic. The recent war in Ukraine and the turbulent geopolitical situation have further complicated matters.
Supply chains face a broad range of threats, ranging from physical threats to cybersecurity threats. Aside from the continuing physical threats, modern supply chains face an increasing number of threats related to information protection management. This dependence on technology opens new avenues for people who want to disrupt supply chains and obtain sensitive information.
Connecting buyers and sellers, conducting financial transactions, and traceability of goods have been the focus areas across the supply chain. Little attention has been paid to information security across supply chains. Many surveys have identified information security as a top priority across the supply chain.
“Areas of significant risk driving near-term demand include the advent of new digital products and services and the related health and safety uses, as well as third-party risks such as customer data breaches or supply chain attacks,” says a senior Research Director at Gartner.
Information security continues to be ignored by top managers, middle managers, and employees alike. The result of this unfortunate neglect is that organizational systems are far less secure and security breaches are far more frequent and damaging than necessary. There have been isolated calls stressing the importance of information security issues in managing the supply chain effectively, but the information security issues have neither been discussed in detail nor received their due attention.
A large company provides intellectual property to a tier 2 vendor for manufacturing or maintenance work. These companies could be from industries like semiconductors, manufacturing, medical devices, and many others where supply chains are deep. The smaller vendor puts the files in their repository which are still protected but based on their security model. These smaller vendors may be working with other subcontractors. The sensitive files that went out to the small vendor are now with other sub-vendors. These smaller vendors are a popular target for sophisticated state actors. According to analysts, 80% of organizations have experienced a data breach through this kind of vulnerability.
Sharing information with suppliers is essential for the supply chain to function, yet it also creates risks. Of all the supply chain risks, information risk is the least professionally managed. Organizations go to great lengths to secure intellectual property and other sensitive information internally, yet when that information is shared across the supply chain, security is only as strong as the weakest link. Information compromised in the supply chain can be just as damaging as that compromised from within the organization.
According to research conducted by leading organizations, IP (Intellectual Property) protection faces several challenges in most organizations, namely:
- IP is often managed by the legal department where the primary focus is to protect IP through legal contracts. While this is effective, it does not protect the IP from cyber-attacks and from actors who do not obey the law.
- Lack of effective IP protection strategies in organizations as organizations operate in silos and do not have a comprehensive enterprise-wide strategy for IP protection.
- Organizations are still focused on network-level security and have not embraced the idea of data security and implementing Zero Trust Security.
Conclusion:
Protecting information across the supply chain requires the use of Digital Rights Management (DRM). While DRM is not modern technology, its use has not been prevalent in the commercial world due to usability challenges. The introduction of DRM software from Microsoft is making it easier for organizations to deploy and use this software.
In my next blog post, I will discuss more on Microsoft Purview and Govern 365 and how they can help solve supply chain security challenges.
We hope you found this blog useful in understanding the challenges that lie ahead in protecting Intellectual Property across supply chains. Please reach out to us so that we can put our decades of experience in providing enterprise-grade security solutions to work for your organization’s Digital Transformation journey.