Security considerations of PLM infrastructure options
Supply chain security is a hot topic today, and various recent cyberattacks have indeed used vulnerabilities found in supply chain processes and providers to gain entry and access to their main target. Product lifecycle management services and associated tools play a key role as enabler for competition and as a frontline defense to safeguard essential business assets. Unauthorized access to product data could also potentially compromise end-user security and business operations. Product lifecycle management (PLM) systems must therefore provide services that ensure data integrity, availability and confidentiality, the core tenets of any information security effort. For PLM, as part of an overall corporate enterprise software solution, there are attractive architectural options available to replace or design traditional in-house data processing systems. Cloud- and SaaS-hosted PLM solutions may indeed solve some of the security challenges as compared to legacy mode in-house hosting. Common infrastructures and business services naturally reap the benefits of “economies of volume” and thus are more able to achieve more comprehensive security investment than any separate entities would.
Product data is considered to be one of the key business assets in the Food & Beverage industry, and is part and parcel to most manufacturing industries in general. Indeed, some companies might lose their business advantage just by having their critical product lifecycle data confidentiality compromised. In a military context, revealing sensitive information means a potential loss of life and limb. And, in the case of the Food & Beverages industry, threats are cropping up in the ongoing Cyber War, where some hostile entities might want to intervene using maneuvers that were hereto kept off the table. Hosting your industry-specific PLM services in a cloud environment under surveillance of foreign intelligence, for example, could create additional vulnerabilities and widen the attack surface should that foreign power feel the need to exploit their opportunity. Some years ago, these threat scenarios were as realistic and authentic as they are today. This is why we stress below the importance of selecting the right SaaS or Cloud partner that fits your organizational context well, even more than any other technical capability, contractual statement or business resilience and recovery capacity.
Institutional security and the choice of partners
Simple border-based security architecture was a good choice back in the days of territorially divided and defended regimes, which largely matched the needs of the respective market regime borders. However, corporate security in a global environment may no longer depend on bordered regimes – at least not those based on the concept of territoriality. Global manufacturing industries, service providers and even governments must increasingly operate on a supranational, global level in the cyberspace. Done right, these initiatives require creating new security architectures that facilitate flexibility and global transactions while maintaining tractability, manageability and control over the supply chain, product logistics and delivery. Nevertheless, security regimes in cyberspace are more diverse than ever. Not only are there cloud providers, hosting services, and numerous other software as a service provided, but less is known about their actual security delivery levels, the hand that feeds them, who they report to, etc. Choosing a cloud or SaaS provider to run critical PLM may therefore become the single most important question for a company seeking to secure its global supply chain. On a deeper level, something akin to institutional trust and perhaps even what could be described in words as “shared values” could be one of the core issues in building that relationship.
Outsourcing PLM services to a SaaS provider, or just upgrading the infrastructure to a global level with a cloud provider can be the best way to reach out and embrace the world, to build profitable business and run key resource planning and manufacturing processes with the aid of global, low-cost, cyberspace.
Research has also concluded, according to Tervo 2016, University of Jyväskylä, that enterprise software solution choices create specific coherence within the industry, likely due to their impact on organizational values, processes, approaches and traditions. Therefore, the choice of PLM infrastructure solutions and trust in their security is a major business strategic decision that can bring agility and flexibility to the operations and processes, which is required for any truly global business today. This issue, however, is not just specific to the industry, but perhaps more of an indication of the current process of emerging security establishments and institutions in the cyberspace, disputes between them and the legacy nation-state models. This institutional “friction” should be viewed as business enabler, a gap that can generate profits for shareholders and well-being for communities in dimensions barely never seen before.
SaaS vs Cloud Portability
Global operations and supply chain logistics require global services with data that remain safely accessible throughout the network. Both “cloud” phenomena and the more robust “software as a service” have grown to address this specific issue. Cloud-related topics and discourse started to grow around the trend to build “networks within network” and is aimed to establish a “mythic” cloud – perhaps no better name was available – a separate black-box network available over the public network, which meanwhile leaves the company providing that access room for sufficient manageability and tractability margin. This could, in its ideal vision, deliver companies global presence without having to deploy world-wide infrastructure and all the management that it entails. This phenomena was intrinsically associated with the development of virtualization technologies as well, since, particularly during the early stages, it was more of a concept at the operating system level. This legacy still has its influence, as cloud hosting services for PLM also have been considered better able to deliver when it comes to business infrastructure portability
In-house hosting solutions left complete control and authority to the company wishing to migrate them. The same level of portability is different than the case of cloud- and SaaS architectures – these architectures are already everywhere, diminishing the concept and need for portability altogether. Where cloud service providers might grant access for the end-customer to “export” data and services to be migrated elsewhere, such flexibility may be blocked off completely on the contractual level for many software provided as a “service” only. This is a key issue to address when building contractual frameworks and organizational co-dependence around effective and agile global PLM based on SaaS and cloud services.
Business resiliency may be a critical requirement even when operating in global cyberspace. In any case, companies with global operations and supply chain networks, such as those in the Food & Beverage industry, must ensure their contractual and technological agility, independence and maneuverability, so that they may respond to a diverse array of issues and challenges. Sometimes, in emergency scenarios, local regulatory requirements may even mandate on the level of resilience, data access and availability. The Food & Beverage industry forms a part of the critical infrastructure for a society, and thus, their level of resilience remains high. Just as important is the security of food manufacturing processes.
Regulatory requirements may even enforce certain bans on engaging with specific regimes, or prohibit the transfer of personally identifiable data within such regimes. Your best cloud or SaaS provider will be the key to managing such complexity. For example, the European data protection directive may directly affect any PLM system that processes individual confidential data. Another example is the recent enactment of trade embargo regulations which directly affect any global supply chain processes and their management solutions.