Protecting and Securing Supply Chain Data throughout its Lifecycle
Principal Investigator: Bharat Bhargava
Enterprises operate in a global economy and their manufacturing and supply operations are dispersed throughout the world. This makes supply chain a critical and integral part and offers research challenges. There are multiple stages in supply chain and each stage generates data that is shared and transferred among different steps, divisions, or processes. In large enterprise systems, it is difficult to understand and track the sharing and dissemination of sensitive information. The sharing of data across multiple processes and divisions in a supply chain complicates and magnifies the problem further. The effect of shared data being compromised is one of the key risks in the supply chain. Vulnerabilities of business processes are as important as vulnerabilities in network attacks, viruses and malwares). Common existing approaches, standards, and guidelines ensure security but the focus is on the protection of data inside the private domain of an organization and do not address the protection in a decentralized supply chain. Current approaches rely on service level agreements or contracts, or perform audits to provide a level of assurance at the top level of their supply chain. In this project, we propose an end-to-end security framework that would ensure data protection (security and privacy) throughout its life cycle and enable organizations to securely share and disseminate data in their supply chains steps.