Trends & Issues_III

Securing Procurement: Fortifying Transactions with Data Encryption Strategies

Maintaining data privacy and security in procurement is challenging. Encryption is crucial for data at rest, data in transit, and data in use, but it needs regular management to remain effective. - BY Debra Jenkins

 Encryption is at the core of any security process. Technology has streamlined sourcing and procurement, delivering excellent opportunities to expand and diversify supply chains. At the same time, it creates portals for privacy and security vulnerabilities that can seriously harm a business in multiple ways. Encryption is necessary for data transmission and data stored in databases and servers. However, even the best encryption systems remain strong only when critical management practices are faithfully followed. There are many cases in which data was hacked because one person failed to follow security procedures.

In Transit, Resting, and in Use
Encryption plays a significant role in securing data. There are three types of data from the security risk perspective, per TechTarget.

One is data in transit or data in motion, which is data sent from one location to another. Data in motion may include things like email attachments, mobile networks, file downloading, or data transfers. Data travels from a local storage device to the cloud, between virtual machines in the cloud, or between networks or devices. Encryption for data in transit protection secures data while it is traveling from location to location.There is also a need for encryption for data at rest. This data is not being transferred. It may be stored on a device such as a hard drive on a desk computer or laptop, a flash drive, a local or third-party server, or any other device. Common states of digital data include corporate files, data file storage for backup, cloud storage, and archived files. Data at rest is sometimes considered more secure than data in transit, but that is not necessarily true. Not only can hackers find entry points into systems, but this data is at risk of misuse by employees or others who are familiar with or have access to the storage systems. Insider threats are considered the easiest to secure but just as important as external ones.

Data at use includes the data available to be accessed, processed, updated and read by users or systems. Examples of data in use are documents, PowerPoints, PDFs, or any other files in office applications. This category also includes RAM data and CPU data.

Effective encryption and management practices depend on the privacy and security of all three data types. Encryption is thus a safeguard that protects the privacy of individuals and organizations by preventing unauthorized access to sensitive data.

Data Encryption Strategies for Procurement

 Data encryption technologies are constantly changing in response to hackers' increasing sophistication. There is also a growing set of legal compliance requirements. For example, the European Union’s General Data Protection Regulation (GDPR) names the obligations for data processing and methods to ensure compliance. The U.S. has a confusion of laws and regulations, mainly concerning protecting consumer privacy in data collection, use, and storage.

Procurement must first identify and assess the data vulnerabilities to secure the supply chain. What and where are the most likely threats to data flows in the supply chain? The strategy development process includes assessing supplier security, because a supplier's vulnerability can threaten corporate data safety. Once the vulnerabilities and types of threats are identified, a suitable encryption method is selected. There are a handful of common encryption algorithms used today. The U.S. government and other organizations use the Advanced Encryption Standard (AES), which is considered heavy-duty encryption. The RSA encryption algorithm is the standard for encrypting data sent over the Internet. It uses a pair of keys - a public key to encrypt and a private key to decrypt. Blowfish is an encryption algorithm used for different purposes, including password management. These are just a few examples. However, encryption is a work in progress.

For example, quantum computing is a highly complex and sophisticated new technology close to practical use, but it comes with an increased risk of security threats. Supply chain experts believe quantum computing’s benefit will be in modeling to optimize activities like logistics and sharing of data through the complex network of supply chain partners. The National Institute of Standards and Technology (NIST) is working on four new algorithms able to withstand quantum computer attacks.

Three Takeaways for Successful Data Security

 The World Economic Forum discussed current technologies, specifically blockchain, for data protection, creating three key takeaways. Takayuki Suzuki, Financial Information Systems Sales Management Division at Hitachi, brings home the point of the first takeaway, the need for management practices. For audit purposes, it is important when planning a new blockchain solution not to put requirements solely on the technology being used. Instead, it’s better to co-design technology and business processes together to ensure sound audit results. For example, handling confidential data on a public blockchain may be technically resolved by encryption, but that is not sufficient from an audit perspective. There must also be a design for the audit process itself for things such as the security level of encryption and healthy key management.

The second takeaway is that encryption should not be considered a fixed solution. Procurement is challenged by the fact the supply chain is a mixed bag of cybersecurity vulnerabilities. Procurement needs a full slate of resources to stay current.

The Thales Group conducted a cloud security study in 2023 and found that 79% of companies have more than one cloud provider, and 75% said they store at least 40% of sensitive data in the cloud. The study also found 38% of the respondents said their SaaS was the main target for hackers. However, only 22% said over 60% of their cloud-based data is encrypted. These are alarming statistics, given that many procurement functions use SaaS. The third – and final – takeaway to keep in mind is that encryption standards will continue to change as cyberthieves develop ways to circumvent existing algorithms. Companies can protect themselves by adding layers of security, but they should also ensure their technology experts maintain current knowledge.

Related Articles

Premium Articles

'
Health Care

Virtual Vitality: Strategies to Improve Employee Health with Virtual Care

'
ESG Strategy

The Board’s Expanding Leadership in ESG Governance

'
DISABILITY Works

Empowering Entrepreneurs Who Are Redefining Disability Through Business Triumphs

'
Minorities in STEM

Achieving True Inclusion in STEM by Embracing Intersectionality

'
TRENDS & ISSUES-III

Leveraging Blockchain and IoT for Tech-Driven Supplier Trust

'
TRENDS & ISSUES-II

Empowering Supply Chains with Digital Technologies & Data-Sharing Platforms

ABOUT US   |    CONTACT US   |    MEDIA KIT   |    COPYRIGHT TERMS & CONDITIONS   |    ADVERTISEMENT POLICY