Data is the gold of digitalisation and thus represents the most valuable asset in companies and organisations. We can use the metaphor of liquid gold for this. It is produced at a starting point and then flows through the company along the value chain, driven by the different processes. This perspective allows us to look beyond the end of our nose. It ensures that for the holistic protection of data, not only the internal creation and use is taken into account, but also the ecosystem involved and its players.

Why is this so important?

Digitalisation has led companies to open up the protective walls to the outside world. Thus, external partners now also access the heart of the company, the business suite with its various functions. This circumstance particularly affects classic production, which enables new forms of external collaboration with the projects within the framework of Industrialisation 4.0 and the new possibilities offered by the “Internet of Things”. However, this opening also increases the potential points of attack.

Suppliers play a special role here. They are involved in the company at the most diverse steps of the value chain. They not only access the already existing “liquid gold”, but are also actively involved in its creation themselves.

“Value Chain Control Systems”: our proposal for the secure flow of your data gold.

For some time now, we have observed among our clients that the existing internal control system, or “ICS” for short, for the security of data and processes is being extended to the external ecosystem. The big driver for this is the integration of suppliers into the value creation process. Due to the current situation, these projects are now gaining momentum again and are being re-evaluated. The analysis of data access and use is an essential aspect of these projects in order to intercept the increased cyber threats before they occur.

Management, control and defence against threats for the externally networked enterprise

As security experts, we see three essential tasks for the ICS:

  • Control of the company
  • Control for compliance with rules and
  • defence against dangers.

This raises the question of which controls are to be carried out when and why. We see the function of controls in three different aspects:

  • Preventive – preventing potential conflicts from arising in the first place: through reliable role management in the business suite.
  • Reactive – finding and resolving conflicts quickly: through continuous monitoring of transactions.
  • Analysing – active risk management instead of standstill: through data mining, which checks incidents against a defined rule set, controls them and reports conflicts in real time.

These tasks of the ICS can be structured organisationally and implemented technologically and require the integration of business processes into the technology. The highest priority in these tasks is the perspective of data flow: from where to where does our data flow, who accesses it and when?

The supplier audit for more security

From our experience, we know that when suppliers are integrated into the value chain, the aspect of “data flow” is only considered very selectively. This disregards processes in their entirety, which consequently opens the door to various external attackers.

We have therefore put together a special service that remedies precisely this weak point. It allows you to analyse and take preventive action before it is too late.

Do you also have business partners involved in various process steps in your company? We would be happy to discuss with you how you can organise your data flow, access and use so that your company remains secure and compliant.

Priska Altorfer, Managing Partner wikima4 AG