In a previous article, we talked about the need for organizations to secure data wherever it resides. The complexity of today’s supply chains brings that need into sharp focus, while highlighting some of the challenges of successfully protecting data.
Many organizations today depend on a complex web of partners, vendors, and suppliers to run their business. As the size and complexity of the digital supply chain grows, so does an organization’s vulnerability.
One need only look at the infamous Target breach of 2014, which exposed the data of nearly 110 million individuals due to a backdoor that a contractor inadvertently created, to realize that an organization is only as secure as the weakest link in its supply chain.
The scope of this problem is serious enough that it has gotten the attention of the US government’s Department of Commerce, which released new guidelines for addressing cybersecurity supply chain risk in May 2022.
The bottom line? If organizations are going to be sharing sensitive data with an extended supply chain, they need to take the proper steps to do so in a secure manner.
“Collaboration within and across company boundaries is pushing sensitive data around the globe at record speed, which means that securing how data is used, shared, and created is just as important as how it’s accessed. At Skyhigh Security, we protect your critical data anywhere you do business,” said Anand Ramanathan, Chief Product Officer, Skyhigh Security.
Securing the cloud
To collaborate across the extended enterprise, many organizations have turned to the cloud. It’s not uncommon to create a link to content in a system that can easily be shared with a third-party contractor or supplier, or to invite them to be a member of a specific Teams group or Slack channel.
Those collaboration models are all fine and well, but what are the security implications?
First and foremost, the security professionals at organizations need comprehensive visibility into who has access to a particular set of sensitive data that is made available through a cloud solution. Not only who has access, but what level of access they have, what they are doing with the sensitive data when they interact with it, and whether their access can easily be revoked once the project comes to an end or circumstances change.
“Skyhigh Security’s solutions help data protection professionals gain visibility into what data’s being shared with the larger supply chain, while better understanding dataflows and ensuring adherence to security policies,” said Ramanathan.
Don’t forget internal applications
Securing the supply chain is further complicated by the fact that partners and vendors often need access to any number of an organization’s internal, proprietary applications. Historically, access has been managed by requiring third parties to work on the official company network or to work on a company-issued device.
In today’s hybrid work model, where people are just as likely working from home on a personal device as from an office, that approach doesn’t work. The new model is all about working from anywhere and working from any device – while having the right security controls in place to allow third parties to access internal applications.
Manage the risk
The simple fact is that partners and suppliers need access to an organization’s data in order to be productive. It’s up to organizations to make sure they’re managing the risk that comes with sharing sensitive data with their supply chain.
“While malware gets most of the attention in the public imagination, users remain a bigger risk when it comes to security. Organizations don’t just have their own users to worry about, but the users in their entire supply chain. Skyhigh Security has an approach that follows data and users wherever they are, inside and outside the organization,” said Ramanathan.
Data that resides across an extended supply chain requires a new approach to security. To minimize risk, CIOs and CISOs should ensure that they have full visibility into their data, regardless of whether it resides in the cloud or in a proprietary system, as well as the ability to effectively govern and secure that data – all without hampering their ability to seamlessly collaborate with the vendors, suppliers, and other third parties that they rely on to get business done.
For additional details about data-aware security, click here.