Supply-chain companies that are digitizing and leveraging data and document sharing will have the mostto gain in the new shipping economy.
But there remains a concern: Companies worry that moving their own and their customers’ proprietary information to digital platforms exposes them to a sinister and serious list of security risks.
In many ways, the concerns are justified; there is a lot of nasty stuff out there. Here are some most people and businesses should be aware of:
So, what should smart businesses do ifthey want to take advantage of the opportunities of the digital revolution? Hesitating,and missing out on the latest technological advances might mean continuingpractices that are just as risky if not more so.
Take documentation for example:Submitting forms via email comes with the risk of your data and documentsending up in the wrong hands if they get forwarded or posted in an insecureway. Even sitting in your network behind a firewall, your documents and datacan be exposed to a world of malware that's sometimes introduced to your systemby trusted partners without their knowledge.
But security and creativity need notbe in a tug of war.
Here are five ways that TradeLens offersthe benefits of digitization while also ensuring business and personalinformation is kept secure.
TradeLens uses Hyperledger Fabric, apermissioned blockchain that ensures the immutability and traceability of shipping documents while protecting data using the world's most advanced encryption technology. The IBM Blockchain platform is built on Z/System and Linux ONE security to prevent ransomware from locking data. Plus, permissioned blockchain protects against spoofing because every organization and user have cryptographic certificates.
Permissioned is an important differentiator. It's very different from non-permissioned, public blockchains that are vulnerable to a “51% attack.” With permissioned blockchains, networks are able to choose their members, specify their level of access and determine their level of control. Tampering and repudiation are discouraged because the IBM Blockchain Platform records who did what. TradeLens members are also protected against information disclosure by data segregation with channels.
We understand that, in an industry built on trust, no one can afford to jeopardize the security of their or their customers’ private data.
Unsurpassed security standards andunparalleled processes ensure every entity and user in the TradeLens ecosystembelongs in the ecosystem. It's an invite-only network: organizations areon-boarded after thorough checks. The process of adding users includes accuratemanagement and monitoring of who has access to what using the PermissionMatrix.
Access is secured through the use ofuser IDs and passwords managed by IBM ID. And authentication can be delegatedthrough the use of OpenIDConnect Federated Authentication and OAuth2.
Businesses maintain complete control of their documents, including organization onboarding, certificates creation, etc. through the Document Store — on a segregated and encrypted blockchain node. To use blockchain-enabled document sharing, participants post trade documents to the IBM Blockchain Document Store, housed on a blockchain node. Any documents stored in nodes managed by IBM that contain personal data are considered to be "processed" by IBM. IBM will process such personal data only within the limits of the Data Processing Addendum (DPA) with the participant.
TradeLens uses the same comprehensivesecurity embedded in mission-critical platforms that IBM manages for Fortune500 companies. All TradeLens users benefit from the same standards of security,robustness, and scalability that underpin platforms used by some of the world'slargest corporations.
From the earliest development, through implementation and its continuous evolution and support, TradeLens relies on IBM secure development processes that include source-code reviews, industry-standard encryption algorithms, and vulnerability management. Never ones to take security for granted, we use third-party specialists for penetration testing and ISO 27K compliance.
Every communication and all dataexchanged to and from TradeLens is secured to the highest level in the world onHTTPS over TLSv1.2. This guarantees all our APIs are secured, and an imposingCloudflare Firewall protects the entire solution from a multitude of threats,including Denial of Service.
All data handling processes on TradeLens meet stringent GDPR requirements. IBM is an authority in General Data Protection Regulation (GDPR) which governs the use of personal data of EU citizens by third parties.
IBM's rigorous compliance with GDPR ensures that the TradeLens platform and its members comply. IBM is a “processor” of personal data provided to the TradeLens platform; participants are considered “controllers” of that data, obligated to obtain or verify consent from those customers whose data will be processed by IBM.
In addition, IBM's DPA specifies, a) the types of personal data that IBM will process in offering the TradeLens solution, b) the types of processing activities that IBM may undertake with personal data, c) the security measures in place to protect personal data, d) the location(s) where the processing activities will take place, and e) the procedure for requests for access and/or deletion of personal data contained on IBM's systems.
We understand that, in an industry built on trust, no one can afford to jeopardize the security of their or their customers’ private data. TradeLens is sworn to protect ecosystem information, ensuring appropriately permissioned organizations can only access the information they are permitted to see. That translates to higher standards than mandated by GDPR or any other authority.
TradeLens standards are anchored by the practice of using blockchain technology to implicitly ensure people only have access to data and documents appropriate to their business and role.
TradeLens recently obtained ISO27K certification, which includes:
The processes supporting these certifications include P-D-C-A cycle (Plan, Do, Check, Act) and continuously test and improve our solution security capabilities.
Connecting supply chain partners so they can share information without hesitation or reservation is an endeavor that hinges entirely on trust. It’s because of that that we focus with equal intensity on both innovation and security.