Rapid cloud uptake threatens supply chains

Date: 23.05.2013

Experts have warned companies about cloud-based risks as firms like CEVA Logistics sign for cloud services

Rapid cloud uptake threatens supply chains

Rapid cloud computing uptake threatens supply chain security

By Sean Muir | May 23, 2012

Experts have again warned businesses about cloud-based security risks as global growth in supply chain management (SCM) software skyrockets.

Global research firm, Gartner this week announced global supply chain management software grew to about $8 billion in 2012, up 7.1 percent.

The research follows Gartner’s past predictions that the total public cloud services market size will expand to more than $200 billion by 2016.

Contributing to the growth are companies like CEVA Logistics, which yesterday announced it had signed a four-year contract with IBM to use a new cloud-based information exchange for its supply network.

CEVA estimates the cloud service will reduce the company’s IT-related supply chain costs by more than 5 percent during the
contract, resulting in million-dollar savings.

"Market conditions are driving requirements for visibility and control across global operations," CEVA Chief Information Officer Peter Dew says.

But University of Melbourne IT Security and Risk Manager Wayne Tufek has cautioned Australian supply chains to tread carefully when it comes to cloud security.

Tufek will present on cloud computing risks at CeBIT Global Conferences’ cyber security conference, held May 28-30 in Sydney.

"The common thing about cloud is that all of a sudden your internal company data is being moved to another data centre that someone else manages and controls and can even be located in another country," Tufek says.

He says this data relocation results in major transparency risks regarding the safety of company data.

"What I mean by that is you don’t often get good visibility of the types of control, policy, process, procedures, and what the vendor has actually implemented to protect your information and safeguard it," Tufek says.

Tufek says companies also need to be aware they may be giving company data to a third-party that also provides services to competitors.

"One of the important aspects of cloud is customer segmentation – so what that means is if you have a third-party service provider often they will be providing services to more than one organisation.

"The question is: how do they keep their different customers segmented from each other and, in the simplest case, stop one customer from seeing another customer’s information?"

"Various hackers have been able to show they were able break the customer segmentation."

Tufek says companies need to look carefully at customer segmentation when assessing a cloud service provider.

He says there are various other steps businesses should also take to mitigate security risks.

"The first step is to understand what the data is – so exactly what pieces of information are going to go to the third party," he says.

"Then you need to engage with the data owner. There will be onus for different types of information – so financial information is owned by the CFO, HR information by the head of HR, etc. So then you basically go and perform a high-level risk assessment, because when you move data out of your own data centre you lose control. But also having the data in a third-party data server you start introducing continuity risks, because the system needs to be up and available in order to use it."

Ahead of Gartner’s Security
and Risk Management Summit in June,
Gartner's
research vice president Andrew Walls says the core mission of security and risk teams is to move ahead with confidence.

"As threats to the enterprise shift and new platforms for conducting business operations emerge, security and risk leaders have to be nimble and flexible to adapt their strategies to optimise the benefits of new ways of doing business while maintaining the integrity of infrastructure and the reliability of information processing environments," Walls says.

The world’s top five supply chain management software vendors, according to total software revenue in 2012, were SAP, Oracle, JDA Software, Ariba, and Manhattan Associates.

In 2012 the total global cost of cybercrime was estimated to be $110 billion. IT security service spending in the Asia-Pacific is expected to reach $7 billion in 2015.