Platform security gets pushed in controlled test; shines

Subscribe to our blog

In the nine months since TradeLens was made generally available to the market, we’ve spoken publicly and with clients, and written about our commitment to security.

One such example is the blog Setting Trade Free with Permissions which touches on the use of a permissioned blockchain to help protect and verify data distributed across the TradeLens platform.

Today, we touch on recent endeavors to stress test the platform in our efforts to deliver enterprise-grade security and resiliency.

In March, we engaged the cybersecurity experts at Coalfire Labs to perform penetration testing. They set loose a team of professional third-party white-hat hackers on TradeLens in an effort to expose vulnerabilities through an intensive validation of the platform’s APIs, application, and network hosted by IBM Cloud.

Penetration testing is a critical process for any hosted cloud application, but especially so for a platform like TradeLens that is now transacting millions of data points every week. The tests are designed to proactively identify and exploit flaws or vulnerabilities that could lead to critical service interruption or the compromise of the systems and data. By providing details on successful attack scenarios and recommendations on how to address these, Coalfire Labs has helped the TradeLens team to protect the platform and ecosystem members from future threats.

After three weeks, the results proved our architecture and implementation practices were indeed serving the needs of those who use the platform every day. It was no small feat, and the results pleased all who have been working so hard to build TradeLens and highlighted the strengths of a couple key design points.

A shared ledger (Hyperledger Fabric blockchain)

We use Hyperledger Fabric, an append-only, distributed system of record-keeping, shared across the ecosystem of industry participants who have permissioned access to document filings, associated supply chain events and actions, approval status, and document audit history.

Use of smart contracts

With smart contracts, cross-organizational business processes can be programmed into the platform and distributed and executed across the network, preventing any member from changing the business logic.

Robust data sharing model

Each TradeLens member, contributor, and user is given appropriate permissions and visibility; transactions are secure, authenticated and verifiable. Cryptography enables permissioned access so only the parties participating in a specific shipment can submit, edit or approve related data.

All transactions are endorsed by relevant participants. Sensitive information, including documents, are visible only to authorized parties to any given shipment. Highly secure access-control permissions guarantee that organizations only have visibility over information that is pertinent to their own business. These standard permissions are available to review in the Tradelens Data Sharing Specification.

Next steps, ISO security compliance

Coalfire’s simulated attacks provide a strong indication that TradeLens is a secure and versatility platform for data exchange. TradeLens is currently in the process of undergoing an audit certifying compliance with the ISO 27001 family of IT security standards, targeted for completion this summer. We’ll post an update here when that work is further along.


related content

TRADE FINANCE GLOBAL'S FIRESIDE CHAT WITH CONTOUR AND TRADELENS

Daniel Wilson recently spoke with Contour as part of Trade Finance Global’s fireside chat series. He outlined how the TradeLens platform brings shippers’ ecosystems together. The discussion covered interoperability and how TradeLens is working with other platforms to achieve end-to-end digital solutions for customers.

read more

GATEWAYRAIL BECOMES INDIA'S FIRST RAIL OPERATOR TO JOIN TRADELENS

GatewayRail, India’s leading intermodal logistics service provider and rail-linked Inland Container Depots (ICD) operator, has become the first rail operator in India to join TradeLens. The association between GatewayRail and TradeLens is a major milestone in digitizing India’s vast inland container logistics ecosystem with a significant impact on efficiency gained by exporters and importers.

read more

Measuring and maximizing ROI for real-time transportation visibility

A common dilemma in organizations working with global logistics operations is: while the benefits of various products focused on digitizing supply chains and providing an extended track and trace functionality sound so appealing, is it worth the money?

read more

stay informed, stay ahead

Explore how TradeLens is shaping the future of global trade. Learn how TradeLens can benefit you by clicking on the information below.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.