PLM security: data and classification complexity

PLM security: data and classification complexity

security-plm

Security. It is hard to underestimate the importance of the topic. Information is one of the biggest assets companies have. Data and information is a lifeblood of every engineering and manufacturing organization. This is a key element of company IP. Combined of 3D models, Bill of Materials, manufacturing instructions, suppliers quotes, regulatory data and zillions of other pieces of information.

My attention caught Forrester TechRadar™: Data Security, Q2 2014 publication. Navigate to the following link to download the publication. The number of data security points is huge and overwhelming. There are different aspects of security. One of the interesting facts I learned about security from the report is growing focus on data security. Data security budgets are 17% as for 2013 and Forester predicts the increase of 5% in 2014.

forrester-data-security-plm

The reports made me think about some specific characteristics of PLM solutions – data and information classification. The specific characteristic of every PLM system is high level of data complexity, data richness and dependencies. The information about product, materials, BOMs, suppliers, etc. is significantly intertwined. We can speak a lot of about PLM system security and data access layers. Simple put, it takes a lot of specifics of product, company, business process and vendor relationships. As company business is getting global, security mode and data access is getting very complicated. Here is an interesting passage from report related to data classification:

Data classification tools parse structured and unstructured data, looking for sensitive data that matches predened patterns or custom policies established by customers. Classiers generally look for data that can be matched deterministically, such as credit card numbers or social security numbers. Some data classiers also use fuzzy logic, syntactic analysis, and other techniques to classify less-structured information. Many data classification tools also support user-driven classification that users can add, change, or conrm classification based on their knowledge and the context of a given activity. Automated classication works well when you’re trying to classify specic content such as credit card numbers but becomes more challenging for other types of content.

In my view, PLM content is one of the best examples of data that can be hardly classified and secured. It takes long time to specify what pieces of information should be protected and how. Complex role-based security model, sensitive IP, regulation, business relations and many other factors are coming into play to provide classification model to secure PLM data.

What is my conclusion? I can see a growing concern to secure data access in complex IT solutions. PLM is one of them. To protect complex content is not simple – in many situations out of the box solutions won’t work. PLM architects and developers should consider how to provide easier ways to classify and secure product information and at the same time be compliant with multiple business and technical requirements. Important topic for coming years. Just my thoughts…

Best, Oleg

Share

Share This Post