Collaboration is essential — from working with vendors to third-party contractors, it is key to getting the job done and staying competitive. While data security may not be top of mind for manufacturing companies as much as it is in other industries, the proof is in the numbers — companies in every industry must be prepared. According to the Identity Resource Center, 2017 was a record year for breaches.
It also is likely no surprise to manufacturers just how valuable their information and intellectual property is — from blueprints, to drawings, to technical specifications and designs — these are the company’s secret sauce, and a breach could mean a big payday for a hacker, and prove devastating for a company. However, there is another consideration to take into account when thinking about improving security controls — government regulations. As cybersecurity becomes a growing threat to U.S. national security, as well as its citizens, the government is taking a closer look at companies to ensure they are doing their part to keep sensitive information safe.
What is NIST?
One of the regulations manufacturing companies need to keep top of mind is the National Institute of Standards and Technology (NIST). NIST has been a partner to the U.S. manufacturing industry for more than a century, and has provided useful tools and assistance to companies of all sizes — from established companies to start-ups.
NIST 800-171 in particular provides guidance for companies needing to protect sensitive unclassified information. It is directed at contractors that have access to Controlled Unclassified Information (CUI), and extends to all data — no matter where it travels. However, it is important to remember that NIST 800-171 is meant to enhance, not replace security protocols that manufacturing companies already have in place.
The Role of Data-Centric Security
As manufacturers regularly collaborate with other organizations and sub-contractors, sensitive information such as drawings, designs, blueprints, technical manuals and proposals must be sent beyond the corporate network. Once this sensitive information leaves the corporate network, however, traditional security solutions, including email and file encryption, are rendered useless.
As the name implies, data-centric security protects information at the data level instead of just protecting devices, applications and the perimeter. Data-centric security allows manufacturing companies to automatically enforce adaptive usage controls on sensitive information, not only controlling who can access information, but what actions (view, edit, copy, print, share or screen share) are allowed once access is given and from which device or geo.
With NIST 800-171 in particular, there are 14 families of security requirements. While meeting these requirements can seem overwhelming, an Enterprise Rights Management (ERM) solution can help organizations comply with many of the critical elements, including:
- Access control
- Identification and authentication
- Audit and accountability
- Media protection
- System and communication protector
Having the ability to control who can access a file, what they can do with that file, which device or location they view the file from / on, and for how long, truly goes beyond traditional security systems to ensure files remain secure and monitored throughout the entire collaboration process, even while a file is being worked upon. As an added bonus, the organization can revoke access even after the file is shared.
What’s Next for the Manufacturing Industry
The data protection market is expected to grow from $57.2 billion in 2017 to $119.9 billion by 2022. A large portion of this is due to the uptick in privacy concerns and implementation of regulations. As different industries are becoming lucrative targets for hackers, and attacks begin to increase in sophistication, new security regulations are meant to be the encouragement companies need to protect their sensitive information.
While manufacturing companies may think their data is not important enough to be compromised, 2017 has shown us that all data is at risk. Every industry, especially manufacturing where collaboration is such an integral part of doing business, needs to take a deeper look at what steps they can take to secure this data. Between new regulations and sophisticated breaches, data-centric security must be a part of any manufacturing company’s overall security plan.
Vishal Gupta is CEO of Seclore.