In my previous blog post, I discussed the challenges of information protection across the supply chain. In this post, I will discuss more on the approach to solving this problem.
Protecting Information in Supply Chain
To protect information across the tiered supply chain, one needs to work on several things:
- Keep an updated database of main suppliers and their sub-tiers. This hierarchy can be very fluid, so it must be maintained and used carefully.
- Deploy Digital Rights Management software inside your organization with appropriate labels to use for protecting the files
- Ensure that all Intellectual Property-related files emanating from applications such as CAD Software, Productivity Software, and other types of software are protected using the labels for the appropriate suppliers
- Ensure that all information is always protected appropriately based on the current hierarchy of main suppliers and their sub-tiers
- Ensure that all exit points from the company where sharing of files can occur with suppliers have protection
- Appropriate legal contracts are in place with the main suppliers
- Ensure that external users are registered appropriately in your identity management system to have access to the files
- Restricting trade restricted individuals from accessing critical information as a violation could lead to fines by the government
On the surface, these steps seem simple to implement, however, they are filled with technology, process, identity management, and data collection challenge.
On the technology front, some components are available with Microsoft Purview which comes with Microsoft 365. Netwoven has developed Govern 365, which provides a few additional components, and the remaining items require consulting assistance.
Developing security best practices in the supply chain industry requires a close partnership between Supply Chain, Information Security, Legal, and Information Technology teams. One must obtain senior-level executive buy-in to execute a project of this scale as this could impact thousands of suppliers.
In my subsequent posts, I will discuss each of the above items in greater detail.
I hope you found this blog useful in understanding the challenges that lie ahead in protecting Intellectual Property across supply chains. Please reach out to us so that we can put our decades of experience in providing enterprise-grade security solutions to work for your organization’s Digital Transformation journey.