Why you need to control your data supply chain

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.infoworld.com/article/2910363/big-data/why-you-need-to-control-your-data-supply-chain.html

A year ago, Twitter acquired Gnip, its primary reseller of data. And now,
in an unsurprising move, the company is selecting to not renew its
contracts with other resellers, driving all business to Gnip.

Such vertical integration in the physical world is not unusual. Numerous
businesses choose to control their supply and/or distribution chains,
sometimes for quality reasons but often for pure financial reasons --
margin increase and costs control. This is all the more true when the
product is rare and cannot be procured anywhere else.

In the case of Twitter, the product is unarguably rare: very few sources
provide such broad insight on the daily life of consumers, their sentiment
toward brands, their state of mind. Twitter also provides real-time warning
of earthquakes or floods, pandemics, revolutions, and even traffic jams.
Some traders have even used it to predict stock trends, with surprising
accuracy.

Understanding if this applies to you

If you are making a living of selling data, you should carefully study this
move. You may not have to go as far as acquiring your resellers like
Twitter did, but at least understand the value added, and quality of
service you are getting from them. I am not saying that all cases will
require an actual consolidation -- but you should at least think about it.

Doing business with data in the digital world is not dissimilar to doing
business with manufactured goods in the digital world. Real-time is just
closer to its true meaning, and the marginal cost of replicating the
product is close to zero. But you still have consumers, resellers,
contracts, a supply chain (except it’s not made of trucks and shipping
containers, but of APIs).

Figuring out the go-to-market

The job of your supply chain is to provide data -- either raw data feeds,
or insight. From the business angle, you need to figure out the right
go-to-market model. How much commission or rebate do your resellers earn?
Who owns the relationship and the contract with the end customer? Do you
have the know-how and logistical abilities to handle all this in-house?

The second angle is the quality of service. Is the reseller providing
reliable, scalable access to your feeds? How secure is the delivery
process? In the physical world, access to warehouses is restricted, and
trucks are locked. Your data feeds need to be similarly secured.

Protecting from data theft

Naturally, you want to protect your digital delivery mechanism from data
theft. I am not talking about sophisticated hacking -- unfortunately this
is very hard to prevent. But simple measures, such as providing individual
API credentials to each user, limiting call rates to prevent recursive
bots, will go a long way toward ensuring that only authorized users will
have access to the data you are selling to them.

Key to the future of your data business

There is a huge difference between doing business with an end-client and a
reseller. In a world where duplicating the goods or transforming them
further require no effort, you want to be extra careful about the rights
you grant to each of your clients. Because the future of your data business
depends on it.

And this is exactly why Twitter is regaining control of their own supply
chain.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!