No Risk EDI
Here’s an overview of the main steps to take to assure your transactions and in fact, your business as a whole is secure and doesn’t have gaping holes that competitors or just bad guys in general can turn against you.
In many ways assessing the security of your EDI environment is the same as managing any other portion of your enterprise security. The main point is to know how your data is exposed and where the most vulnerable points are. Once those issues are known it’s a matter of working through standard security processes.
First step: Identify what is to be protected
This may seem obvious but you’re not just looking at your EDI transactions. The chain of processes that go to make up your supply chain connects to everything inside your organization starting with product selections and ending with accounts payable. Your EDI transactions are gateways to your internal processes.
Second step: Determine where your data is sensitive
The individual EDI transactions may not be particularly sensitive as they only identify orders for products. But they can be telling in and of themselves as they include information about your trading partners, your relationships with them, and what products are most important to your company. As single documents they may not tell much of a story. But is taken as a stream of information and evaluated carefully, those transactions can reveal strategies that took years to develop.
Third step: Determine what security needs to be in place
Now that you have identified your assets and what is important it’s time to define what kind and level of protection is appropriate to protect your assets. This is the time to bring in your CSO or other security staff. Alternatively enlist the help of a qualified EDI service provider who has security professionals on staff and offer their services as part of their overall offerings.
Fourth step: Decide what protections to enable
Security measures are changing all the time in response to the ever present intrusions and disruptions caused by hackers and other bad actors. Once you’ve reached this stage in your evaluations there is no substitute for dedicate professional help. As in step 3 you should either enlist your enterprise CSO, hire your own dedicated security staff, or get help from a competent outsource provider.
The current mantra is “It isn’t IF your data will be breached, it’s WHEN!”