Platform security gets pushed in controlled test; shines

Subscribe to our blog

In the nine months since TradeLens was made generally available to the market, we’ve spoken publicly and with clients, and written about our commitment to security.

One such example is the blog Setting Trade Free with Permissions which touches on the use of a permissioned blockchain to help protect and verify data distributed across the TradeLens platform.

Today, we touch on recent endeavors to stress test the platform in our efforts to deliver enterprise-grade security and resiliency.

In March, we engaged the cybersecurity experts at Coalfire Labs to perform penetration testing. They set loose a team of professional third-party white-hat hackers on TradeLens in an effort to expose vulnerabilities through an intensive validation of the platform’s APIs, application, and network hosted by IBM Cloud.

Penetration testing is a critical process for any hosted cloud application, but especially so for a platform like TradeLens that is now transacting millions of data points every week. The tests are designed to proactively identify and exploit flaws or vulnerabilities that could lead to critical service interruption or the compromise of the systems and data. By providing details on successful attack scenarios and recommendations on how to address these, Coalfire Labs has helped the TradeLens team to protect the platform and ecosystem members from future threats.

After three weeks, the results proved our architecture and implementation practices were indeed serving the needs of those who use the platform every day. It was no small feat, and the results pleased all who have been working so hard to build TradeLens and highlighted the strengths of a couple key design points.

A shared ledger (Hyperledger Fabric blockchain)

We use Hyperledger Fabric, an append-only, distributed system of record-keeping, shared across the ecosystem of industry participants who have permissioned access to document filings, associated supply chain events and actions, approval status, and document audit history.

Use of smart contracts

With smart contracts, cross-organizational business processes can be programmed into the platform and distributed and executed across the network, preventing any member from changing the business logic.

Robust data sharing model

Each TradeLens member, contributor, and user is given appropriate permissions and visibility; transactions are secure, authenticated and verifiable. Cryptography enables permissioned access so only the parties participating in a specific shipment can submit, edit or approve related data.

All transactions are endorsed by relevant participants. Sensitive information, including documents, are visible only to authorized parties to any given shipment. Highly secure access-control permissions guarantee that organizations only have visibility over information that is pertinent to their own business. These standard permissions are available to review in the Tradelens Data Sharing Specification.

Next steps, ISO security compliance

Coalfire’s simulated attacks provide a strong indication that TradeLens is a secure and versatility platform for data exchange. TradeLens is currently in the process of undergoing an audit certifying compliance with the ISO 27001 family of IT security standards, targeted for completion this summer. We’ll post an update here when that work is further along.


Related content

Skyangel joins TradeLens to create an intermodal data network across the US, México and Central America

Skyangel, a leader for IoT and GPS monitoring services in US, Mexico, and Central America, has taken a new step on their mission to connect the supply chain by joining the blockchain-based TradeLens platform.

read more

TradeLens issues the first electronic Bill of Lading in the UAE, strengthening the digitalisation of supply chains

The electronic Bill of Lading (eBL) was issued to Safeline Freight and Fortuna DMCC and facilitated by the blockchain underpinned TradeLens platform.

read more

#dltledgers and TradeLens collaborate to accelerate cross-border trade finance digitization in Asia

#dltledgers announced a plan to incorporate capabilities from TradeLens into the #dltledgers multi-party platform for the benefit of cross-border trade participants. With this collaboration #dlteldgers customers will be able to access critical events and documents for their container shipments through the TradeLens platform.

read more

Talk to us!

Start transforming your supply chain today. Tell us a bit about yourself and the challenge you want to solve and we will contact you as soon as possible.