Asymmetric Risks in Value Chains

October 28, 2014 / Integration, Security / 0 Comments

Big_&_Small_PumkinsBusiness need to connect with other businesses to trade and add value. Making trading fast and efficient means integrating software systems. And that means risk.

Letters, faxes, and telegrams may seem slow and quaint but at least they had the virtue of being safe. In today’s environment clicking on an unsafe link or opening an innocuous file can potentially lead to a billion dollar loss or even the end of your company.

Following last year’s massive Target breach attention has moved to Wall Street; the JPMorgan breach is causing state and federal regulators to add to the already massive internal pressures to improve security. One particular area of attention is the risk that comes from 3rd party vendors.

New York State’s top financial regulator, Benjamin M. Lawsky, emphasized the gathering danger to the financial system when vendors’ security is lax.

There are several critical problems in dealing with 3rd party risk. The first one is that the risk exposure is hugely asymmetric in most cases: one party has much more to lose than the other. This leads to the second problem which is that the smaller party can’t afford to spend nearly as much as the larger one on cybersecurity. The skill of their security staff will be lower, they will have fewer tools at their disposal, they may even be too small to afford round-the-clock monitoring. They also probably cannot afford enough insurance to compensate their larger partner for losses.

The first instinct of the larger party is to seek to impose their internal security standards on the smaller party; the goal is to avoid the smaller party becoming the weak spot in the fortress wall. This has the effect of raising trading costs. If the smaller party is a vendor then that vendor will need to raise their prices to cover the extra security costs. At some level those costs may become prohibitive; at my previous company we ended up no-bidding certain RFPs because the attendant security overheads were too high relative to the deal size. The next thing to suffer is agility: vendors whose security has been certified become automatically preferred for future work because of the time and expense involved in certifying new vendors. This reinforces the upward pressure on prices as incumbents are protected from new competitors. Innovation suffers as well.

How can businesses integrate with their value chain without taking on untenable, asymmetric risks? The Cloak Labs Global Virtual Bus provides businesses with a way to loosely couple with their partners. Using a combination of cryptographic and network techniques, the Global Virtual Bus can insulate each partner from the security risks of the other. Credentials do not need to be exchanged, firewall ports do not need to be opened, connecting servers do not need public IP addresses.

Learn More! Download the White Paper!

About the author

Dr. Michel Floyd: Michel has spent his entire career in Silicon Valley in a succession of technology and business leadership roles. Most recently Michel was Global CTO at YouGov Plc, a global opinion research company based in London. In that role he helped integrate a large number of acquisitions in different parts of the world. He built up a world-class development team distributed from Germany to Alaska to Peru. His accomplishments include releasing an interactive, 14 country brand tracker which is both the company's fastest growing and most profitable product. Before YouGov Michel was EVP & CTO at Knowledge Networks (subsequently acquired by GfK). There he focused on technology, operations, and driving business efficiency throughout the company. He had P&L responsibility over $13M in revenues and also served as interim CEO. Michel earned his SB, SM, and ScD degrees in aeronautical and astronautical engineering from MIT. He has participated in two IPOs and numerous acquisitions, primarily on the buy side. He has been awarded 4 patents. Dr. Floyd is also on the board of directors of VLAB, the Silicon Valley chapter of the MIT Enterprise Forum.


0 Comments

Would you like to share your thoughts?

Your email address will not be published. Required fields are marked *

Leave a Reply