We often return to this point: a great deal of data is collected on the SRM (Supplier Relationship Management) level and the increased sharing of information between businesses and their suppliers through collaborative solutions suggests this trend is on the rise. High in quantity, these data are also important due to their strategic and sensitive nature, a worrying factor for all businesses, whatever their domain.
Issues around securing data
Of course, the major issue is around data leaks but also data corruption. All too often such incidents are the result of human intervention rather than technical problems. The complexity level of internal processes and the number of people involved naturally increase this risk. Procurement data, including contractual data and technical data, are to a large extent critical, which means awareness on the subject needs to be raised.
The less direct issue is that of a break on change: due to ignorance of SRM solutions and how they work, many business departments or procurement departments think twice about installing a tool they see as a risk, inasmuch as it opens up channels internally but also externally, the exchange platform being open to suppliers. This external openness can provoke mistrust among businesses that do not want to see their data exposed to the risk of loss, piracy or damage. It is therefore important to rely on environments that help counter these risks.
Security risk, the natural successor to the opportunity of innovation
Securing data is a question that has recently come up for many businesses, including at the level of CIOs. This is the flip side of digital transition. We create new tools and in the process we forget about the risks they bring with them. Innovation is invariably succeeded by risk, which is followed by the development of protective systems. We cannot protect ourselves from a non-existent risk, which is why security is a matter calling for vigilance and constant observation. The arrival of linked objects (IoT) is a good illustration of this: we started by connecting objects, now the question arises as to securing the flow of data.
How to protect procurement departments against the risk around securing data?
Firstly, we must take into account that data protection is naturally only a very recent priority. Technology has given us the means to gather, store, hierarchize and manage date, but not to appreciate the limits of these new systems right away.
We can look to bodies like the NSA, which uses former criminals to test and break its systems in order to get a handle on the question of securement. Being able to bring in an outside eye to look for security flaws objectively is crucial. It is important to detect the flaw and find a solution to the problem.
Also key is raising awareness among users. In the first instance, it is necessary to carry out an audit of the business’s SRM systems and procurement processes using non-standard criteria, to understand the particularities of the business. It then becomes possible to set up a charter for the users of the solution in the business. This makes it possible to transmit a culture of security, sharing good practice through emphasizing how important it is. For example, changing passwords every three months can be tedious but businesses need to be given the means to bring their workers on board by making them aware of the risks involved.