Sandip Patel is information security officer of Truckstop.com.
Note: FreightWaves occasionally publishes commentary from industry sources with expertise, information and opinion on current transportation topics. The opinions expressed in the article are solely those of the author and not necessarily those of FreightWaves. Submissions to FreightWaves are subject to editing.
As with other industries (finance, healthcare, retail), the transportation and logistics industry is undergoing a digital transformation. The advent of the cloud and the adoption of new mobile and digital technologies has us in uncharted digital territory. Data once kept as hard copies in file cabinets now resides in more places across dynamic, distributed, hybrid environments and is accessed by more people, in more ways, and on more devices than ever before.
Taking that one step further, one of every company’s fastest growing critical assets is data—growing at a rate of about 2.5 quintillion bytes of data each day. And while this data has created new opportunities, revenue streams, and other value, it brings with it a unique set of challenges and security risks, including increased risk of cybercrime and concerns about data privacy.
The result is that it’s more important than ever that individuals and companies in the transportation industry understand where their data is and how it is being used. For brokers and 3PLs that rely on proprietary data like customer lists, it’s important to know how your technology partners use and provide access to your data.
Transition from Identity Access Management (IAM) to Identity Data Management (IDM)
The introduction of digital assets and data into a company’s environment made it necessary to understand what was happening with the data being collected. In the past, companies asked, “Why does this person need access to this environment?” – a process more commonly known as Identity Access Management (IAM).
IAM enables the right individuals to access the right resources (or data) at the right times for the right reasons. The main benefits realized from traditional IAM are:
- Streamlined authentication experiences
- Improved ability to meet compliance and security requirements
- Management and monitoring of privileged accounts across an enterprise
- Operational efficiencies gained through centralized access management
Unfortunately, this mindset doesn’t really provide enablement. Today, local laws, federal regulations, and national compliance guidelines drive who has access to different types of data making it increasingly difficult and complex to implement a successful IAM policy.
Enter Identity Data Management (IDM).
According to the Identity Management Institute, data governance is defined as follows:
“The sum of policies, processes, standards, metrics, and roles that ensure that data is used effectively to help an organization realize its objectives. Data governance establishes the responsibilities and processes which ensure that the data being used across the organization is not only of high quality but is also secure. As such, it defines who takes what actions, on what data, in which situations, and using what methods.”
With the exponential growth in unstructured data each year, coupled with cloud and mobile device adoption, it is critical that transportation companies begin to pivot from a traditional IAM program to a comprehensive IDM program. The shift toward developing an IDM program supports and empowers businesses to maximize their data to grow revenue and better serve customers – all while improving the effectiveness of identity management processes.
But why IDM?
IDM enables organizations to quickly and securely provide access to the right company assets on- and off-premise while classifying, governing, and protecting sensitive data. In other words, instead of focusing on users—we focus on data and create controls that support and enable users to do their jobs more effectively. This proactive approach also addresses common questions customers may ask about their own data. For example:
- Why does this technology vendor need this data?
- Why does the data need to be stored?
- What is the vendor doing with my data?
- How do they manage my data and what proofs do they have?
When properly implemented, successful IDM programs provide a protected and uniform experience for employees, customers, and partners by securely enabling access to business environments and data from the cloud, mobile devices, and on-premises. It offers visibility, compliance, privacy, and control over sensitive corporate data that lives on-premise or in the cloud. It also allows businesses to maximize their data to grow revenue, evolve products, and better serve their customers.
IDM enables the identification and classification of sensitive, unstructured data. Once the sensitive data is defined, access governance can be implemented to ensure the right people have access to sensitive data. Data protection controls are also implemented to provide an additional layer of protection beyond access management.
Security and Privacy in one
As we continue to move toward more technological advancement in the industry, people are less likely to need to touch live data. A move toward a holistic, strategic IDM program ensures secure and uniform access to cloud, mobile, and on-premise assets for your organization. Data governance and protection and user lifecycle management is streamlined, providing visibility, control, and governance into who has access to both structured and unstructured data – regardless of its location.
Moving to IDM creates harmony by accommodating security controls and addressing the question of privacy in a single program.