Computerworld - For the past couple of weeks, I've spent most of my time in meetings to review and select a new product life-cycle management (PLM) application.
Normally, I would just forward a copy of my guide to implementing secure applications and let the project manager go to town. But I have been charged with protecting the company's intellectual property, and this PLM deployment is critical to that strategic objective. Therefore, I wanted to be actively involved in assessing the security controls.
For those of you security folks who haven't had the pleasure of working at a manufacturing company, PLM is an application that's used to document and support the complete life cycle of a product, from planning through product maintenance. Most important, PLM software will help us manage the bills of materials for our products.
I like to think of the bills of materials as the ingredients of our products, and the computer-aided design (CAD) diagrams, along with supporting documentation, as the recipes for putting those products together. Our shopping list, explaining where we get our ingredients, is the enterprise resource planning element, which maps parts and suppliers. Some of the parts are common ones that we get from outside suppliers, while others are built in-house.
The hardware that we make from these ingredients sells for upward of a million dollars. As you can imagine, if someone were to get a hold of the ingredients, recipe and sourcing information and then sell the information or use it to build a competing product, we would be out a considerable amount of money.
As I already said, one of my objectives as security manager at this manufacturing company is to put together a program for protecting our intellectual property. An element of this program is to ensure that the enterprise applications that house our intellectual property are properly written.
In the case of the new PLM application, the goal is simple: We need to restrict users so that each one can access only the information that he needs to do his job, with that access defined by the role the user plays in the company. As many of you know, this is also called the "rule of least privilege."
As we set out to apply the rule of least privilege to the new PLM application, we have two considerations. While it's important to restrict access so that a user has access only to the parts, documents and diagrams he needs to do his job, that same user shouldn't be restricted in his quest
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
