Have VANs Kept Pace with Data Security Needs in the Supply Chain?
Posted by Jim Cantrell on July 8, 2011
I’ve covered many aspects of today’s B2B integration requirements and where traditional VAN providers remain relevant, and where they fall short. In this blog, I want to focus on security.
As companies on both the buy and sell side of the market struggle to increase margin, our supply chain becomes more complex, the information being exchanged potentially more sensitive, and the networks carrying the data more risk intensive. Two primary liabilities must be managed: continuity and privacy, both of which impact your data security.
Importantly, the flow of information must not stop. Over the years, VANs have often been the butt of jokes because of a data center going offline. I remember a few years ago, one VAN was out because the drip tray for an air conditioner overflowed. That AC unit was located directly over a data center and when the roof started leaking a few thousand companies quit receiving data. Not too long ago, two VANs went dark for 10-12 hours because of a hurricane. All VANs, SaaS or companies in the “cloud” can experience these types of data stoppages if they are not architected to prevent it. Make sure you check your providers’ redundancy plans.
The other security threat which could be looming over your supply chain is managing who sees your data, who has access to it and how do they keep other people (often malicious) from gaining access to it. Most VANs and hosted EDI providers don’t pass muster. Have you ever seen a VAN or EDI provider boast that their company has billions of dollars worth of documents being carried every year or quarter? Ask how they came to that number? Do they claim to be SAS-70 complaint at the same time? When a company gives you a demonstration of their software online, ask whose data they are showing you, and who would have access to your data.
VANs and other types of EDI providers carry proprietary information such as sales volumes and buying relationships, which could cause a financial or public relations nightmare if the information was obtained by the wrong people. A significant amount of this information traverses the network protected by nothing more than SSL 128 and FTP.
A good provider is architechted and has various systems in place to prevent ‘outages’. They are SAS-70 Type II and PCI compliant and can provide true security for your information. PII (Personally identifiable information) is going to increasingly become a hot topic as the volume of consumer related information increases across supply chains (B2B and B2C).
It goes without saying that the Value Added Network of yesterday can be replaced with a more relevant and current solution provider who can answer today’s business challenges.
Since starting this series, numerous people have said to me: ‘the VAN connects to anyone I want them to’. That’s not enough anymore. Companies who use VANs exclusively must maintain processes internally and manage other integrations, while risking the security of their data. And they must pay for it.
Companies need a provider who is capable of managing data in any format, someone who provides security and can maintain and manage processes. It’s not enough anymore to say the [VAN] connects to so and so, therefore they are good enough. Perhaps, we won’t ever completely get rid of VANs, but question where the ‘Value Added’ is today in the VAN only network.
Tags: B2B Integration, business continuity, data security, EDI VAN, Supply Chain security
No Comments »
No comments yet.