As you create a collaborative S&OP process, how can you protect your supply chain planning data to ensure that your business data is not vulnerable?
Would you like advance knowledge of your competitor’s promotions? How about the production rates, or the costs that they use for measuring profitability? Just as you would welcome this type of competitive information, so would your competitors’ welcome similar information about your supply chain.
Earlier this month, it was reported that Accenture, a global management consulting firm, exposed sensitive client data through its cloud. It was reported that the unsecured servers exposed information such as secret API data, authentication credentials, certificates, decryption keys, and critical customer information, and other data that could have been used to attack Accenture’s clients.[Read more: How Do You Create a Consistent Data Basis for Planning?]
Supply Chain Planning systems must try to balance the need for easy data access and data exchange to facilitate collaboration, versus the very real possibility that any data exposed on the cloud may be compromised.
Use of an external identity provider is becoming popular. The SAML specification defines three roles: the principal (typically a user), Identity Provider (IdP), and the service provider (SP). In the use case addressed by SAML, the user requests a service from the planning system like access to a dashboard or the ability to enter forecasting overrides. The service provider (planning system) obtains an identity assertion from the identity provider say Facebook, Google, or some other provider. However, if the authentication system of the external identity provider is compromised, then the information exposed by the service provider is also vulnerable.[Read more: How to Develop a New Way of Thinking]
Allowing access to a supply chain planning system using SAML is relatively easy. There are many technologies on the market including Citrix which will manage the connection to legacy systems. This is the preferred approach if you are comfortable with potentially exposing your plans and supply chain planning data. The real challenge is to allow active collaboration while protecting critical segments of your planning data.
It is for this reason that Arkieva maintains a separate area that is exposed to SAML authentication so that our clients can proactively choose what data they want to expose.[Read more: The ‘Secret Sauce’ to Improving Demand Planning]