PLM: Data Protection and Security Approaches

data-protectionI want to touch and discuss an issue of data protection. When thinking about Product Lifecycle Management and related disciplines, IP protection and data security are obviously very important. However, I’d like to take in the context of another very important and growing trend in PLM, in my view need to expand Product Lifecycle Management beyond the level of engineering department.

Product Lifecycle Management discipline and implementations are growing. The big potential PLM return can come together with an ability of PLM to proliferate in business process and activity PLM manages to the overall organizational value chain including extended enterprise of various types of subcontractors. In order to achieve that PLM develops and invests various abilities to integrate and exchange information with different organizational systems. But, at the same time, massive product information exposure brings risk that company IP will be lost and get into competitor hands. This is especially true with latest development and trends related to the ability to “socialize PLM”. Internet and other related technologies are very open and put company IP at high risk.

With such an introduction and background, I want to propose few possible approaches how PLM can manage IP protection with everything related to product development, manufacturing and supply chain.

1. Application level. With such approach IP protection will be managed secure access to data in the way a specific set of applications can do so. PDM / PLM / ERP and any other products in IT will have consolidated definition of security and authorization rules. The advantages of such method is in diversification of data protection and, probably certain level of simplicity. The main disadvantages I see are related to overlapped definitions and potential lack of consistency between different application domain.

2. Middleware/IT. This approach assumes the existence of cross-organizational systems (such as enterprise portals, master data management etc.) that place a role of cross functional domain holders for product data and IP. Sometime, specific enterprise application such as PLM or ERP can play a role of the overall umbrella. However, I don’t see it as happens very often. The advantage is the absence of overlap and consistency in the definition. From the opposite view, this approach increase, an overall complexity in product IP management. I do see options 1 and option 2 as co-existing options.

3. Data Level. Let me dream about another possible option data level. One of the possible future directions in data protection is to make authorization and security mechanisms to become a part of data itself. You can get initial conceptual thoughts about that in protection of PDF files and some Web and REST architecture principles.

This is my short analyzes and thoughts so far. I think data protection and security will play a very significant role in planning of future enterprise data management systems. Movement to the Web-based concepts is something I see beneficial. It can create consolidated data and information protection mechanisms.

Best, Oleg


Share This Post