The Five Foundations of Securing Digital Supply Chains and Operations
By Robert Kinkade, Digital Operations Leader, EY and Richard Watson Asia-Pacific Cybersecurity Lead, EY
These days, a cutting-edge manufacturer can automatically predict demand for its products and optimize where they should be warehoused for sale. Retailers let customers show up and walk out with items they bought online without interacting with staff. A utility can monitor its infrastructure remotely and even position repair workers and the right equipment they need, based on weather forecasts, optimized to minimize critical infrastructure downtime.
This is the world that’s possible through digital innovation in areas such as the Internet of Things, big data, automation, machine learning,and geo-spatial analysis. Businesses can strip out cost and complexity through autonomous operations and supply chains, to redeploy financial and human capital to improve customer engagement. The potential is redefining every sector, but this new world also has a potentially dark side.
More and more companies are now steeped in high-risk data that offers a 360-degree view of their customers, yet they’re not used to handling it, resulting in high profile breaches that– given the interconnected nature of the digital ecosystem – could potentially impact customers, employees, vendors and suppliers.
New business models and levels of automation can also impact the supply chain.
For example, established businesses are also partnering with start-ups to help rapidly retool themselves for the future – but this can create a mismatch in governance maturity, with commercially sensitive information, like product development intellectual property, exposed when shared digitally. Automating the entire value chain–from forecasting demand to fulfilling it–is another area of great promise. It requires data to be shared across ecosystems, such as with manufacturers and retailers.
But how can the system’s algorithms be protected, which are themselves highly prized intellectual property? And how can you guarantee that the data is entered correctly? Security of the data is only part of the digital puzzle – it’s also about trust and confidence in what happens with the data.
Bridging the physical and digital worlds – often called “phygital” – also possess its own risks. Outfitting aging assets with smart connectivity and sensors makes them more vulnerable to cyber threats, particularly when contractors and third parties are sharing the data.
Do you know your inventory of what data is out there, and do you have a plan to monitor its handling and the devices involved? Here are five strategies to reduce the potential pitfalls of digital as you capitalize on the possibilities:
1. Know what your most valuable data is. Modern businesses have data streaming in from many corners. Don’t let the immensity of it all distract you from focusing on what is of primary importance.
2. Update or establish policies around digital enablement. No doubt you have existing policies around governance and other issues, but are they still relevant in the digital future you’re building?
3. Understand your new end-to-end operating model.Who’s managing the controls around the data as it moves across operations? If data is lost, can you see where it was lost and who’s accountable?
4. Work collaboratively with your suppliers on a cyber response plan. When problems suddenly surface, you don’t want to make up a response on the spot. Be proactive and think about how to react now.
5. Do your due diligence on the organizations you’re working within your ecosystem. You and your partners will be interconnected, so be able to validate their processes, cultures and technologies.
In a hyper-connected world, each day is different from the last, but careful planning –using these five recommendations as guidelines to avoid potential pitfalls – is timeless. Never lose sight of that in the blur of change that surrounds us.
Headquartered in London, EY is a global professional services firm providing financial audit, tax, consulting and advisory services.