How Secure is Your SaaS-Based Multi-Carrier Shipping System?

Parcel shipping ecosystems house all sorts of personal information, including names, addresses and phone numbers. So, if you are investing in a multi-carrier shipping system to manage parcel delivery through your carriers, then security has to be a top priority. Especially if you are using SaaS software.

The average cost of a data hack is approximately $4 million (and $8 million in the US).  Just as significant though, a data breach is also a violation of your customers’ and partners’ trust, a black mark on your reputation, and a violation of individuals’ privacy, which due to tighter privacy regulations in Europe or now in California, can quickly land you in court.

With digital transformation comes new – and continually increasing – security concerns, particularly with regard to privacy, access, and data location. Cloud applications exacerbate these concerns, and with Gartner predicting that cloud computing application revenue will hit $113.1 billion by 2021 (a 30% increase from 2019) these security concerns are not going to disappear.

Adding to the anxiety: clouds cast shadows.  Today, organisations are struggling to manage what’s known as shadow IT: IT projects (like cloud services) that are managed outside of, and without the knowledge of, a company’s IT department – severely compromising security.  Security solution provider McAfee reports that shadow IT cloud usage is at least 10 times larger than known cloud usage.

 

Five ways to check your SaaS-based Multi-Carrier Shipping System is secure

With data hacks routinely in the headlines, it is no surprise that cybersecurity is usually identified as a top priority when considering a SaaS-based multi-carrier shipping solution. With more and more companies migrating to SaaS, we’ve identified five critical criteria to use when evaluating a SaaS-based multi-carrier shipping system.

1: Insist on transparency

Our experience tells us that shippers aren’t looking for “perfect” as much as for “transparency”. Make sure your multi-carrier shipping solution vendor can provide evidence of their transparency in the form of audit logging, customer security portals, and similar.

2: Check out their Leadership and Security Team

Your ability to maintain a secure shipping environment is as much about the people behind the technology as it is about the technology itself.  Learn where the security team sits on your vendor’s organisation chart and meet the individual who leads them. Effective security teams are managed by an executive, with C-level sponsorship and access, and the team itself is comprised of security – not just shipping – experts.

They should have solid experience of responding to changes in the marketplace like GDPR, as well as building and optimising security practices and technology throughout their careers.

3: Ask about their global strategy

There is a plethora of global data privacy and security guidelines, standards and laws, such as GDPR, CCPA and PIPEDA which impacts every software company regardless of where they are based.  Make sure your solution provider’s security team has a global strategy with regard to data security and privacy. Ask the vendor what their audit plan is for monitoring and addressing security and privacy legislation both on the home front and across borders.

4: Ensure that contracts with sub-processors have data protection built-in

Almost every company moves data through sub-processors. Ask your solution provider: how are you protecting my data at every point in the data journey? It’s critical not to overlook this, since recent privacy regulations fail to differentiate between a processor and a sub-processor.  It views the relationship as the same as that of a processor and the primary data controller. This means contracts between processors and sub-processors need to have data protection obligations that are identical to those in contracts between processors and controllers.

5: Understand their Disaster Recovery and Business Continuity Plans

Unfortunately, our world is fragile.  Whether the fault lies with Mother Nature or the damage is self-inflicted, the unthinkable can – and frequently does – happen.  Check that your multi-carrier shipping solution provider has solid disaster recovery and business continuity plans. Ask them about their redundancy mechanisms and insist they provide evidence of proven failover.

 

Ginni Rometty, former CEO of IBM, said that if data is the basis of competitive advantage, then cybercrime is the greatest threat.  Whilst this is true, there are steps you can take to gain more control over your data protection and these criteria for evaluating SaaS-based multi-carrier shipping solutions are a wise place to start.