
Supply Chain Visibility Stories
The Supply Chain Visibility Stories Podcast brings you experts and insights into what makes your supply chain tick, from COVID disruptions to containers to serializing to journey mapping…. We’ll even toss in some food trays and some rolls of toilet paper.
Supply Chain Visibility Stories
Securing the Supply Chain: Software Hygiene and Cloud Risks
With host Bill Wohl and Twanna Jones, Manager of ACSIS Customer Support
In this episode of Supply Chain Visibility Stories, host Bill Wohl speaks with Twanna Jones, Manager of Customer Support at ACSIS, about the critical role of security in supply chain technology. They discuss software hygiene, cloud security risks, and best practices for safeguarding integrated systems. Tune in for expert insights on mitigating vulnerabilities in a rapidly evolving digital landscape.
Narrator:
Welcome to the supply chain visibility stories, the podcast for supply chain managers, brought to you by ACSIS, the 100% supply chain visibility cloud solution provider, supply chain visibility stories is hosted by Bill Wohl, a technology industry veteran and enterprise software professional.
Bill Wohl:
Well, thanks everyone for joining us in this next in the series of discussions exploring the intersection of technology and business. We're talking supply chain. our podcasts are designed to be brief and focused and we're hoping this format inspires you, our audience, to think about how technology impacts your organization and to engage with us. I'll have information about how to engage with the series and our guests at the end of today's discussion. Hi, my name is Bill Wohl and I'm honored to be the host of this series brought to you by ACSIS. I'm always fascinated by the business challenges faced by companies and how those challenges can be addressed by technology with a focus on the supply chain. Our podcast series topics have ranged from talking macro trends to global systems integrations to so-called edge devices all around the renewed focus on global supply chain. And during the course of our podcast, one of the recurring themes is capturing data and especially in the gaps along the supply chain. Of course, you can't talk about supply chain data and integrations without talking about security. And that'll be the focus on today's segment with our guest Twanna Jones. She's the manager of customer support at ACSIS. So, Twanna, welcome to the program.
Twanna Jones:
Hi, Bill. Thank you so much for having me.
Bill Wohl:
Well, it's great to have you on the program. So, let's start talking about your role at ACSIS, I know you're the manager of customer support. How long have you been working in the supply chain business?
Twanna Jones:
I've been with ACSIS for 23 years, actually, this is my first job out of college. So I love what I do. I've gone up in the ranks. I started off just coming in and configuring the equipment that community case for our software, and then I started to install our software and then I started supporting our software. So I've been supporting our software for about 13 years now. And you know it's been very rewarding to help our customers get through their issues and concerns with our application.
Bill Wohl:
So that makes you an IT pro for your entire career and always with a focus in the supply chain. So most people would assume they understand the role of the manager of customer support but don't always hear about customer support person focused on security. How did that start to happen?
Twanna Jones:
Well, it doesn't happen so much, but you know, as time as the software evolved, you know, security has become more and more of a concern, you know, of of something that we brought to the forefront mostly because you need to make sure that your software meets the meets the requirements of the customer as well as, you know, the security mechanisms that's out there so that you can handle threats and things of that nature. If if something happens to happen with someone you know infiltrating the system or something like that and especially now that we're in the cloud you know we security is very important in the supply chain because that's how information get leaked so you want to make sure you are prepared to handle those threats you know you understand what the threats are and you can kind of move forward and and make sure the customer feels comfortable with implementing your software.
Bill Wohl:
It seems to me that working with a customer support group that a lot of the questions might be around software installation, configuration and updates. How often are you talking to customers about security issues? How top of mind is that for customers these days?
Twanna Jones:
Well, I mean actually you know within my department you would be surprised that it's not very talked about. You are right because our customers are especially the customers that use the onrem software you know they handle their own IT infrastructure. So usually those mechanisms are in place and it's just really a matter of if we bring our software into the mix if that will comply with what they have in place.
Bill Wohl:
Listening to a lot of CIOs talk about security issues, the word hygiene comes up a lot. It really for most, sort of describes having the discipline to make sure that you're always thinking about security every time you make a move to change your infrastructure and configuration. What does good software hygiene mean to you?
Twanna Jones:
Well, good software hygiene means that your soft evolves as you implement newer technology and making sure that your software can comply with, you know, the security mechanisms with the newest technology and just to kind of make sure your software can fit into that customer's environment and and work cleanly.
Bill Wohl:
Good hygiene really is often about making sure the software is up to the latest version, right? That becomes really important.
Twanna Jones:
Absolutely. the latest version. You want to utilize the latest technology. You want to make sure the companies that you work with are comfortable with what you're implementing, and you want to make sure you are broadcasting, you know, when updates and things are available for your software so that the customer is readily available to implement that software.
Bill Wohl:
So, you're raising a really important point because as we've discussed in this podcast series, there are players all along the supply chain, manufacturers, wholesalers, warehousers, shipping companies, anytime any one of them with very tightly integrated systems along the supply chain, when any one of them is making a move to upgrade, modernize software change their infrastructure configuration, there is a potential impact upstream or downstream on that software change, right?
Twanna Jones:
Oh, absolutely. Absolutely. You have to make sure that compatibility is important, right? Compatibility is important because your versions have to comply with what's implemented in that customer's environment and make sure it's compatible with what's compliant and supported by the third parties that you utilize. For example.
Bill Wohl:
I think you made a really good point about the shift in security emphasis that people who have software that's deployed on premises as they make the move to the cloud, as they make that shift, the they're thinking about security, what they own and what they're responsible for versus others tends to shift. So I suspect a lot of your conversations on security are around people who are making that move to the cloud?
Twanna Jones:
Absolutely. And especially because you need to know what's in the cloud, right? Because if you're not storing customer data, you do think about security a little differently and the customer thinks about security in your environment a little differently because they're not as concerned. Whereas if you're storing data and you have personal information, the risks are very high and your concern, you know, is very legitimate because you want to make sure no one comes in and compromises that information. No one comes in and grabs that information and is able to distribute that information.
Bill Wohl:
And that gets pretty complicated for customers that have data and applications running on multiple clouds because now you're really thinking about a variety of different approaches and lots of different I suspect you're often asked advice on that. What do you say to people about the work that ACSIS does to asssure that its own software is secure and constantly being updated to new threat vectors?
Twanna Jones:
Right. Well, what we say is we are constantly investigating, you know, doing research to ensure that we're familiar with the threats that are out there. We're making sure that our security measures are up to date and we're making sure that we utilize the security measures as an ongoing process. It needs to be in your everyday thought process so that you are grabbing the technology that you're keeping your systems updated and that you can try to be proactive and handling any threats that come in versus being reactive.
Bill Wohl:
You probably hear from customers about security challenges, configuration challenges all the time. We often on this podcast series talk about customer examples without any names because security is a rather private matter. Are there any particular, is there any particular example that really highlights a challenge that customers face from a security perspective that you could share with the audience?
Twanna Jones:
Absolutely. So we have a customer that's very highly regarded in the chemical space that has been analyzing their infrastructure, and with that analyzing they've been going through upgrades of applications. So, they've been looking at all of the software applications that they have in their environment and looking to see what needs to be upgraded and what doesn't need to be upgraded. Now, they've been in the space for a very long time and when you're in the warehouse like that, you get comfortable and your users are comfortable using the same technology. So, things tend to be there for an extended period of time. So what they've been doing recently is working with their vendors to get the software that they have there upgraded. And if that newer software implements the newer technology as well as you know applying to the applying security measures to mitigate against any type of security risk.
Bill Wohl:
And I'm assing as they are making that move then they've got to be discussing those changes with all of the companies that are integrated into their systems. So everyone understands the upgrade is taking place when that's happening and they're all watching for how that upgrade may or may not change not only the actual integration but the security protocols around it, right?
Twanna Jones:
Absolutel. That's absolutely correct when you are a larger company like that you have multiple vendors so you need to bring those vendors together and make sure the integration is seamless when you do these software updates because sometimes you know you can run into that incompatibility that we talked about earlier.
Bill Wohl:
I know from talking to some of our previous guests on this program that access user access to systems is a challenge because in a complicated supply chain some suppliers have access to some data but they shouldn't have access to other data. when you work with customers on configuration, how do you help customers make sure that the right people can get the right information but not the wrong information? That must be a configuration concern.
Twanna Jones:
That is a configuration concern. And it's also, you know, when you're doing as the software vendor, you have people in your organization that needs access, right? So, you want to work with the customer to limit the people that's going to interact with their system. And when you do and you know and everyone is actually conforming to the everyone needs to have their own access. So, the best method for that is to provide a set limit of users, give those users access to your environment and in that configuration only limit them to the things that they are required to access.
Bill Wohl:
Lots to think about in the configuration of software security certainly adds a big component on top of that, and it's good to get the perspective from where you sit at a software manufacturer listening to customer concerns. And that's great. I would say, though as we start to think about wrapping up our discussion, I think for many customers, the focus is I got to get my supply chain up and running. I've got to get all my partners a part of it. Security is this enormous headache, but the risks are really big. And it can be a little imposing to think about how to manage security on top of everything else they're responsible for. Help our audience understand how do you get started on good software hygiene? What for you is the most important first step?
Twanna Jones:
Well, for me, the most important first step is to partner with a software company or security company that has already done that leg work, right? And they can come in and they can offer the solutions or at least advice on how you can move forward. But the best place, the best way to get started is to partner with someone who has that familiarity and who can offer you the advice to move forward.
Bill Wohl:
Always fascinating on this series to touch on a range of important topics. Security is certainly at the top of that list. A big thank you to Twanna Jones from ACSIS for joining us on the program. Thanks for being with us.
Twanna Jones:
Thank you, Bill.
Bill Wohl:
That wraps up today's podcast. My thanks to the folks at ACSIS for making this podcast series possible. We welcome your comments and questions about the discussions on these podcasts. You can engage with us at the official ACSIS Twitter and LinkedIn accounts and many of you have been doing that. So, thanks. Please be part of the discussion. I'm your host, Bill Wohl. And for everyone at ACSIS, thanks for joining. We look forward to our next podcast. We'll talk soon.
Narrator:
Thank you for listening to supply chain visibility stories brought to you by ACSIS, the 100% supply chain visibility cloud solution provider. Visit us on the web at ACSISinc.com. That's acsisinc.com or join the dialogue on social media. Look for ACSIS Inc. on LinkedIn and Twitter. Join us next time for supply chain visibility stories brought to you by ACSIS.