By Kaitlyn Dotson, Chief Operating Officer of CalcuQuote, and Matt Konda, CEO of securityprogram.io
There are several layers of digital enablement that are essential to generating the significant dividends promised by smart manufacturing or “Industry 4.0.” The foundational layer is the ability to collect and share data in real-time. This is as true in the supply chain process as it is in the design or manufacturing process. Securely sharing data and turning that data into actionable intelligence is at the core of digital transformation.
Secure, sharable real-time data is an absolute requirement for digital building blocks like applications or automation. With security critical for our business, CalcuQuote works hand-in-hand with securityprogram.io to ensure that customers’ data is safe. Here are a few of the things we’ve learned along the way.
In the case of CalcuQuote, it’s pretty straightforward: we are helping our customers to accelerate the quoting process by transmitting data on real-time pricing and availability from different component distributors and suppliers. Since we are not only handling our customers’ data but also their customers’ data, we take our responsibility for security extremely seriously. This kind of data, like almost all data used in digitally transformed processes, is commercially sensitive. It may contain intellectual property for an unreleased product, commercially sensitive data (like which Electronic Manufacturing Services (EMS) company is bidding for which customer), or sensitive data related to process control.
As we move to a digitally enabled world, more data is transmitted from one location to another and stored in the cloud. This is true in our daily lives, in business and in manufacturing and supply chains. That real-time data is essential to businesses staying competitive, and hence data privacy and security are absolutely key for any organization and absolutely essential for EMS companies.
Fears about security have led people to struggle with the debate of where data should be stored. Initially, a lot of businesses felt strongly that data had to be held on-site and not in the cloud, but that creates its own restrictions and problems.
A clear benefit of cloud storage is the ability to have data available anywhere, anytime. If manufacturing data for a build is stored in the cloud and utilized in multiple locations, it is easier to ensure that any update or engineering change is instantly available at the point of use regardless of access location. This also means that applications, like those from CalcuQuote, can be updated remotely and on-the-fly. Not only is this important for maintaining accurate information, but also application updates sometimes contain security updates or improvements that need to be accessed as soon as possible.
Cloud storage has also allowed us to complete much faster deployments or installations, and in many cases, faster also means more affordable. Standing up a new client to use CalcuQuote’s software would be a much slower and more costly process if each installation required a site visit to ensure that all the right hardware and connectivity is in place. With the system in the cloud, this can be done very quickly and almost seamlessly.
In many ways, cloud storage has enabled the whole software-as-a-service (SaaS) revolution, as we move from a capital expenditure (capex) solution to an operating expense (opex) model. Many would agree that this has been beneficial for those purchasing the software, as well as those developing and selling. The SaaS model results in a much more value-driven relationship between vendor and customer, as well as a real-time ongoing relationship that allows the vendor to monitor the products’ use and make and deploy continuous improvements.
And while this SaaS revolution has been happening, those providing the cloud storage, like AWS (Amazon Web Services) and Microsoft, have also developed better solutions and have continued to improve their own security systems and protocols. These leading providers’ commitment to the best possible security practices is why CalcuQuote uses their services plus some additional security controls for our data storage.
The threats of cyberattacks or hacking are both constant and constantly changing. This means that the approach to security needs to be proactive not reactive. That proactive approach works all the way along the cloud value chain. For the web service providers, it means constantly watching for potential breaches and constantly testing their own systems.
For specialists like securityprogram.io, it means being aware of the latest threats and ensuring the systems are in place to protect against them. It also means providing data to their partners to ensure they are aware of any risks and are able to manage and mitigate those risks.
For companies like CalcuQuote, that are trusted with critical data, it means sharing security advice as it comes in, like warning customers of potential phishing emails or other scams designed to steal their password. It also means taking advice from security experts and making the relevant updates within our own code and systems to ensure we continue to protect against any new challenge.
The clearest lesson learned is the importance of not trying to do everything yourself. Cloud security is a specialist science and you really do need someone on it every minute of the day. Threats are constantly present and constantly evolving. While the value of stealing or corrupting data remains high, the effort of those unscrupulous enough to want to do so will also remain high. While they have their specialists trying to hack in, make sure you have yours keeping them out!
The recent CMMC (Cybersecurity Maturity Model Certification) discussion and audit has underlined the further importance of security as we continue the move into digital transformation. Over the past years, business processes across industries have and will continue to move online and the importance of security will continue to be in the forefront.
To learn more about our security journey, check a previous panel discussion featuring security expert Matt Konda and ITAR lawyer Michelle Schulz.