Data Is the New Supply Chain: Learn the Current Methods, Risk Management

DAMA International, the global association of professionals in data management, states that “Data Resource Management is the development and execution of architectures, policies, practices and procedures that properly manage the full data lifecycle needs of an enterprise.” In today’s information driven world, the data needs of an enterprise are very important. Some enterprises are built around providing information to external customers, and others have information of value that is used only with internal customers. In either case, the way data is managed is of great importance. While traditionally an internal IT department is responsible for this data management, now there are enterprises looking at external vendors to provide this management via cloud computing.

In a sit down conversation with Izenda founder and CEO Sanjay Bhatia, we had the opportunity to discuss several topics including cloud computing, cloud vendors, ad hoc reporting, and IT infrastructure. When discussing the direction of data management and cloud vendors, Bhatia noted that it is about “survival of the swiftest”. When an enterprise is seeking the best way to manage their data, the speed that the data can be provided is key. That speed can translate into profit for an enterprise whether it is because it provided an external customer some timely information, or it provided an internal alert to make enterprise operations more efficient.

So what is the common method used by enterprises to manage their data currently?

Current Data Management Methods

Most enterprises utilize various applications that run on their database to manage data. The applications are usually geared towards the various departments and needs of the organization. So there would be applications used by accounting, marketing, human resources, operations, and other parts of an organization to fulfill their role in driving efficiency internally and increasing profitability. While it is great for each facet of business to have a tool geared towards their function, what value would the data they collect and generate add to another part of the company? Can that data be shared with another application that runs on the same database?

Data has always been a supply chain

Often times the communication between the applications within an organization is limited. If that communication is opened and data is made freely available within an enterprise, then a data supply chain is being formed. According to Frank Artale, Managing Director at Ignition Ventures, “Data has always been a supply chain. Now it is just being acknowledged as such since the depth and breadth of the data combined with technologies to enable analysis can be made available to the hands of the business owners and decision makers.”

A supply chain consists of all parties involved, directly or indirectly, in fulfilling a customer request.  The supply chain not only includes the manufacturer and suppliers, but also transporters, warehouses, retailers, and customers themselves.  Within each organization, such as manufacturer, the supply chain includes all functions involved in receiving and filling a customer request.

That is defining a physical supply chain, but the same concept can be applied to data management. With multiple applications serving as the manufacturers and suppliers generating a data stream within an enterprise, you can see how a supply chain approach would be beneficial. Once these streams are linked to a common pipeline with ease of flow, the data instantly becomes an item of value to all that are tapped into that pipeline.

The decision makers within an enterprise will be able to see the internal workings better, and in turn be able to determine areas of improvement to increase efficiency. If an enterprise functions as an information provider to external customers, the supply chain will mean more information on hand for their access. Not only will a supply chain management approach create more efficiency for an enterprise with their existing data, it will also allow for growth.

More data feeding the supply chain

As mentioned, technology is advancing. Users are being educated about the tools that they have at their disposal. The access to analytic tools coupled with user education means that users will be generating more data to feed into the supply chain. A survey from InformationWeek found that the top five data sources are financial transactions, email, imaging data, Web logs, and Internet text and documents. These are all common data types to all industries and organizations. They will only increase in volume in addition to the increase of new data coming from the educated users. All of this of course points to big data. The supply chain would allow for such an influx of data.

Managing Risk with Data

With such a large amount of free-flowing data and multiple user access, the major concern is security and compliance for sensitive data within an enterprise supply chain. The U.S. Government Accountability Office released a report earlier this year stating, that “Reliance on a global supply chain introduces multiple risks to federal information systems and underscores the importance of threat assessments and mitigation. Supply chain threats are present at various phases of a system’s development life cycle and could create an unacceptable risk to federal agencies.” Some of the threats listed include installation of malware, dealing with bad service providers, and unintentional vulnerabilities like defective code.

Another report from the National Institute of Standards and Technology centers on risk management practices for federal information systems. It breaks down 10 risk management practices that can be tailored around an enterprise’s system and needs.  The 10 practices are:

  • Uniquely Identify Supply Chain Elements, Processes, and Actors –By identifying all parts of a supply chain, it will be easier to identify the presence of an undesirable element.  When/if errors occur, the source of the error and the solution can be reached quicker.
  • Limit Access and Exposure within the Supply Chain – Keep access limited to what is necessary for a user or application to perform their jobs.
  • Create and Maintain the Provenance of Elements, Processes, Tools, and Data – Knowing where data came from, how it was changed, and who changed it will keep the integrity of the data intact.
  • Share Information within Strict Limits – Only share information with those that need it for their job.
  • Perform Supply Chain Risk Management Awareness and Training – Risk cannot be limited without educating the users. All should be informed about policy, procedures, and applicable management, operational, and technical controls and practices.
  • Use Defensive Design for Systems, Elements, and Processes – Defensive design techniques explicitly address contingencies in the technical, behavioral, and organizational activities that could result in adverse supply chain events.
  • Perform Continuous Integrator Review – This done to ascertain that defensive measures have been deployed.
  • Strengthen Delivery Mechanisms – Delivery can be both physical (e.g., of hardware) and logical (e.g., software modules and patches). Both physical and logical element delivery mechanisms should adequately protect the confidentiality, integrity, or availability of systems and elements delivered through the supply chain.
  • Assure Sustainment Activities and Processes – This would involve maintenance, upgrade, patching, element replacement (e.g., spare part, alternate supply) and other activities that keep the system or elements operational.
  • Manage Disposal and Final Disposition Activities throughout the System or Element Life Cycle – Poor disposal procedures can lead to unauthorized access to systems and elements.

With growing technology, educated users, and data increase; data management currently is (and will continue to be) a very important part of enterprise success. Supply chain principles applied to data management help to make enterprises more efficient and can make them more profitable. The risks associated with the supply chain are being noted and practices have been given to limit those risks. Setting up a data supply chain is no small task, but in the end it is about working smarter, not harder.