Can You Trust Cloud-Based Supply-Chain Systems?
Supply-chain software is increasingly being offered in a cloud-based or software-as-a-service (SaaS) system that are hosted by service providers and accessed by customers over a network.
This development raises the question of the security of those connections. That is one of the issues discussed in a recent white paper authored by Gregory Braun, senior vice president for sales and marketing at C3 Solutions.
Selecting a supply-chain system should revolve around considerations of functionality. Costs also obviously enter the equation when deciding between comparable systems.
When a cloud-based system is under consideration, decision makers must also develop a degree of comfort with the security from external and internal threats that the cloud system affords.
“With supply chain systems, it is inevitable in the increasingly connected world that external parties
will need access to your system and data,” the white paper notes.
It is relatively easy to secure internally hosted if there is no connection with the outside world. But that scenario is increasingly unrealistic. “Once you require a connection,” the white paper says, “your system’s security against external breaches will then depend on the competence and trustworthiness of either your internal IT staff or the contractor managing a web-based portal for you.”
The paper makes the case that cloud provider is likely to maintain better security. “Because it is the service provider’s own business at stake, they should have taken extreme measures to ensure their system is secure,” the paper says. “This includes measures such as firewalls, encrypted logins, and an audited data center, just for starters.”
If a breach happens in a cloud environment, the hacker will be directed to a dead end inside the dedicated application. Because the SaaS application operates independently of the client’s main systems the client’s systems and data are protected, according to Braun. “A SaaS system may provide even better security,” he argues. “Since the outside users are not accessing your internal systems, but only those of the SaaS provider, your own core systems are protected.”
Internal security threats must also be considered. Research has shown that that lost or stolen devices account for 31 percent of data security breaches, accidental misuse by an employee accounted for 27 percent, and malicious insiders perpetrated 12 percent of breaches. In other words, internal vulnerabilities are responsible for a total of 70 percent of breaches.
“Since the perpetrator of this security breach is an insider with access to company systems and data, there is likely little difference in the threat to either SaaS or licensed software users,” says the white paper. “However, with the licensed software, the malicious employee would be able to access both the front end and back end of the system. With SaaS, the client’s employee would only have front-end access, and would likely not be able to bring the whole system down.”