in one previous article, we talked about the need for organizations to secure data no matter where it resides. The complexity of today’s supply chains brings this need into focus while highlighting some of the challenges of successfully protecting data.
Many companies today rely on a complex web of partners, vendors and suppliers to run their business. As the digital supply chain grows in size and complexity, so does a company’s vulnerability.
One need only look at the infamous 2014 target violationwhich exposed nearly 110 million people’s data through a backdoor inadvertently created by a contractor to recognize that a company is only as secure as the weakest link in its supply chain.
“Collaboration within and across enterprise boundaries is moving sensitive data around the globe at record speed, which means securing the way data is used, shared and created is just as important as accessing it. At Skyhigh Security, we protect your critical data wherever you do business,” said Anand Ramanathan, Chief Product Officer, Skyhigh Security.
Securing the cloud
To collaborate across the extended enterprise, many companies have turned to the cloud. It’s not uncommon to link to content in a system that can easily be shared with a third party or contributor, or invite them to join a specific Teams group or Slack channel.
These collaboration models are all well and good, but what are the security implications?
First and foremost, security professionals in organizations need a comprehensive view of who has access to a specific set of sensitive data exposed through a cloud solution. Not just who has access, but what even what access they have, what they do with the sensitive data when they interact with it, and whether their access can be easily revoked when the project is over or circumstances change.
“Skyhigh Security’s solutions help privacy professionals gain visibility into what data is being shared with the larger supply chain while better understanding data flows and ensuring compliance with security policies.” said Ramanathan.
Securing the supply chain is further complicated by the fact that partners and vendors often need access to any number of an organization’s internal, proprietary applications. Historically, access was managed by requiring third parties to work on the official company network or on a company-issued device.
In today’s hybrid work model, where people are just as likely to work from home on a personal device as they are from an office, this approach doesn’t work. The new model is all about working from anywhere, on any device – while having the right security controls to allow third parties to access internal applications.
Manage the risk
The simple fact is that partners and suppliers need access to an organization’s data to be productive. It’s up to companies to ensure they manage the risk that comes with sharing sensitive data into their supply chain.
“While malware gets the most attention in the public imagination, when it comes to security, users remain at greater risk. Organizations not only need to care about their own users, but about the users throughout their supply chain. Skyhigh Security takes an approach that follows data and users wherever they are, inside and outside the organization,” said Ramanathan.
Data residing across an extended supply chain requires a new approach to security. To mitigate risk, CIOs and CISOs should ensure they have complete visibility into their data, whether it resides in the cloud or in a proprietary system, as well as the ability to effectively manage and control that data secure – all without sacrificing their ability to work seamlessly with the vendors, suppliers and other third parties they rely on to do their business.
Click for more details on data-aware security here.
Protecting Your Supply Chain with Data-Aware Security Source link Protecting Your Supply Chain with Data-Aware Security