There are plenty of efficiencies and benefits to such software. There are also lots of legal issues, including privacy and data protection issues.
Businesses need to consider the technical requirements for compliance. Our expert guest writer, Robin King from Deep Secure Limited, comments on these in detail below. I just wanted to add an introductory word to emphasise how important this can be.
Not only do businesses need to make sure they are working collaboratively with their suppliers to tackle the technical issues, they also need to consider the legal issues. In particular, we recommend that there are proper indemnities or other risk management wording within the relevant contracts to minimise any potential liabilities.
If you would like more information on the legal issues mentioned in this article, please contact David Worthington.
The entire aerospace and defence industry faces an enormous challenge to reduce cost, accelerate production and deliver more with less. This is forcing a rethink of how platforms are delivered and all major programmes are facing a cost down pressure.
To respond to these challenges the industry as a whole must collaborate more effectively – however the associated risks are considerable. Protecting information assets, ensuring compliance and protecting intellectual property in a multi-supplier environment makes it very difficult to share information quickly and openly.
Organisations such as UKCeB, ADS and TSCP are working hard to address these problems and this is proving a significant challenge.
When multiple parties need to share information securely, they invariably do not want to share everything. The prominent difficulty stems from the need to enable sharing in accordance with business rules that dictate what can be shared and to do this in a way that is demonstrably secure and compliant.
Today there are two common approaches to sharing information:
It should be clear that both of these approaches carry cost, complexity and risk for all participating organisations.
Even with a fully federated identity infrastructure, the reality is that there will always be a level of exposure when bringing federated users into a network. The main issues are:
Thus, federated identity is not enough – it is necessary to exert control over the way identity is used to access information. For those organisations that have invested in collaboration platforms, such as Microsoft SharePoint, a new approach is available. It is now possible to implement a federated information connector between distinct SharePoint environments. Information is securely exchanged between SharePoint environments under pre-defined business rules allowing sharing parties to continue to use their own environments independently to share information.
With this approach information can be shared securely and processed in accordance with policies that can provide strict control over the exchange of information, to include the ability to ensure compliance with export control regulations, protect IPR and to ensure adequate management of externally sensitive information.
Deep-Secure’s high assurance cyber security products form an integral part of the information federation solution. Delivered through a modular, multi-protocol assured product set, the guards enable the sharing of information securely and efficiently and provide assurance that information is exchanged in confidence and with integrity preserved.
As the adoption of cloud services proliferate, this passes new risks to organisations that need to now protect new security boundaries they had not previously considered. The ability for security architectures to be adapted to, and adopted by, cloud providers is essential and Deep-Secure are working in innovative new ways to map the old ways to the new paradigms.
If you would like more information on this technical area, please contact Robin King, CEO of Deep Secure Limited.