[From iSource Business, June 2001] Forget the annual report. A better way to see where a company is headed is a surreptitious look at its legal bills. Is it planning on going public? Is it merging with another firm or forming a joint venture? Is it bracing for a possible class action suit? Is it about to patent a revolutionary new product design? Gaining access to this information may violate any number of legal statutes, but it's pure gold to a competitor, not to mention shareholders or the media if you are big enough and public enough, like the United Parcel Service.
So when UPS decided to invest in a system that would automate, aggregate and analyze the information in the invoices that are sent from the 50 or so global law firms handling its affairs, executives placed security high on the list of selection criteria. We would have really been fools if we went with a solution that wasn't secure, says Jim Katsafanas, UPS' document exchange product manager.
The number and types of risks a company must deal with these days just keeps growing and growing: being undersold by a startup dot-com that came out of nowhere. Hacker attacks by bored, mischievous 15-year-olds. Public relations fiascoes that spread across the country within hours via e-mail. Volatile and fluctuating financial markets, and, now, B2B security concerns.
Information, or data, security has always been an issue for companies, but it has become especially important over the last 10 years, as corporate espionage has gained a higher level of sophistication. But now, as companies increasingly automate supply chain operations, from research and development to procurement to manufacturing, many would argue that sensitive and competitive information is at an even greater risk than before. A lot of these exchanges and integrated supply chain systems are protected only with rudimentary authentication technologies, says Matthew Kovar, program manager for e-Networks and Broadband Access at the Boston-based Yankee Group.
Legal protections are also rudimentary, in many cases. Inappropriate data sharing in some e-marketplaces is a real concern among many companies, and there is little case law in place to protect or even guide participants.
There are other concerns as well, such as unresolved questions about who owns what information and who can sell it. There is hardly an e-marketplace these days successful enough to ignore one of its biggest profit sources -- the aggregation and sale of market data gleaned from its Web site. And, while consumers have some measure of protection, however limited that may be, businesses do not. Under U.S. law, businesses themselves do not have a right of privacy in their data, says Bart Lazar, partner in the high-tech group of the Chicago-based law firm, Seyfarth Shaw. Unless there is a confidentiality agreement in place, by doing business with an exchange the company is giving the exchange the right to use its information. And often these privacy statements merely require participants to keep other members' information private, but don't restrict the marketplace itself.
For their part, companies are well aware of the risks. In one recent Forrester Research survey, 53 percent of companies contacted said they worried about security in e-marketplaces and 48 percent worried about privacy and abuse of market information. Paradoxically, however, few companies take more than the basic precautions. The level of urgency is not there yet, says Mike Rothman, executive vice president of SHYM Technologies, a Nedham, Mass.-based Internet security company.
This is not to say companies should completely shun the benefits of automating and integrating a supply chain operation -- a stance that, these days, would be akin to embracing the views of the Flat Earth Society. However, there are a few myths about security that should be debunked before a company launches into such a project, or at least before it suffers a serious loss due to lax standards and procedures. As Rothman says, We have all seen the cycle before. People don't develop a sense of urgency about these things until someone else becomes road kill.