Blog

Security as a Service for the Defense Supply Chain

Posted by: Mary Pat Simmons September 21, 2016 Compliance, Supply Chain Management

The defense industry is, aptly, in a fight. The fight is to secure data in the supply chain. It’s an uphill battle because the defense supply chain is immense, to say the least, and the challenges are many. Thousands of companies work within the system, and the system is under duress. Cyber-attacks are numerous, and increasing. And the federal government is cracking down. Contractors must comply with the Network Penetration DFARs based on NIST SP 800-171 security controls by December 31, 2017.

One solution that is gaining steam is Security as a Service (SECaaS). It can help greatly to bring everyone in the defense supply chain into compliance with better access controls, secure collaboration, and overall increased security. It’s on the rise, with adoption expected to double in 2017. And with good reason. The benefits are manifold, and across the board.

Access. SECaaS can offer increased control over access across an industry. Suppliers have multiple accounts at different enterprises. It’s confusing and messy for the supplier and prime contractor. Utilizing a supplier portal, a single point of access, prime contractors can enable their suppliers and subcontractors to access multiple applications with a single login, thus streamlining account management. And access needs to be secure, so multifactor authentication (MFA) is a necessity. MFA is access control in which a user is only granted access after successfully presenting at least two of the following: something they know (a password or PIN), something they have (a security token), and something they are (biometrics). The goal of MFA is to create a layered defense and make it more difficult for an unauthorized person to gain access. It’s an integral part of any robust SECaaS solution.

Collaboration. Large government contracts demand cross-enterprise collaboration. With the rise of cloud infrastructure, researchers, supply chain businesses, and any enterprise that wants to tightly control access to their data, can efficiently share information and applications, regardless of location or corporate affiliation. There is also a growing demand for data protection to extend beyond application access controls. Cybersecurity threats and the need to protect sensitive data and intellectual property are driving this demand. Therefore, a well-rounded SECaaS solution must offer a collaboration platform that supports digital rights management (DRM) – a fine-grained document level security that encrypts documents when they are checked out and decrypts and allows access to documents based on the user’s role.

Organizations in the defense supply chain need a solution that delivers robust collaboration with cost and efficiency benefits, one that scales to support a growing community of partners, and preserves information, application security, and compliance. Security as a Service fits that bill. SECaaS can help enterprises protect supplier information and account management, and provide a single place to connect to give access to external suppliers.

Learn more about how Security as a Service can help small and mid-sized companies in the federal supply chain comply with upcoming NIST SP 800-171 requirements in the Network Penetration DFARS in the new white paper from Exostar: Security as a Service – Incorporating NIST 800-171 Requirements into the Defense Supply Chain, by Robert Metzger.