In today's retail sector, supply chains are more vulnerable than ever to cyberattacks, natural disasters, and other disruptions. But how can companies protect themselves in such a complex world while simultaneously ensuring communication with their partners and customers?
We spoke with Joshua Roach, Head of Sovereign Communication at Schwarz Digits, about these and other questions. In our exclusive interview, learn how sovereign communication strengthens supply chain resilience, why end-to-end encryption is essential in retail, and how the zero-trust model protects companies from human error and cyberattacks.
Intrigued? Read the full interview to find out how secure communication can revolutionize the future of retail.
Secure supply chains: Protecting the Achilles heel of the retail sector
Retail supply chains are often described as the Achilles' heel of a functioning society. How can sovereign communication help strengthen the resilience of these supply chains, especially in light of increasing cyberattacks and data breaches?
Joshua Roach: “For a globally operating group of companies with thousands of suppliers worldwide, this is naturally one of our central issues that we have to address. The increasing number of cyberattacks we have seen worldwide since Russia's war against Ukraine, and the business interruptions that such an attack on one of our suppliers can cause, are particularly problematic. For example, if a dairy is hacked, its production lines stop, and it can no longer produce, we have a problem in certain regions.”
Therefore, real-time communication via specific services to which we can connect our suppliers will be groundbreaking in the future. We can then communicate globally in real time if a supplier experiences delivery problems, has been hacked, or encounters other delivery difficulties, be it logistical issues or a blockage of the Suez Canal. The sooner the supplier can inform us, the sooner we can take countermeasures, implement other measures, or restructure our logistics routes and supply chains. This ensures we remain consistently able to deliver and have everything in stock in our stores that people need.
Trust through encryption: Why zero trust is indispensable in retail
Secure communication typically includes end-to-end encryption, ensuring that even the provider cannot decrypt the data. Why is this level of security so crucial when dealing with sensitive information in retail, such as inventory data, delivery schedules, and customer information?
Joshua Roach: “On the one hand, we have a huge responsibility with our loyalty programs, which now have over 100 million users worldwide. That alone represents an enormous amount of data. Our ambition at Schwarz Digits is to become a European hyperscaler with STACKIT as our cloud provider. Therefore, we have very high standards for IT security, data protection, and compliance. At the same time, however, this also makes us a target, because attackers know that we hold a lot of data. As a result, attacks are increasing daily. We counteract this by saying: If the data is already encrypted in the cloud, then we no longer make ourselves an attractive target.”
For example, with the Wire service we use, we have end-to-end encryption. This means the data resides only on the end devices. If I attack the middleman, i.e., the cloud or the platform, I can't extract any data because it's either not stored there or is unencrypted. So I actually have to access the end devices themselves. If you were to operate this centrally, you would have to hack 600.000 end devices, which is correspondingly complex and time-consuming to access the chats. This model is called the Zero Trust model. With this approach, not even the operator can see the data and shouldn't even have the data stored centrally, in order to protect themselves.
Boundless security: How sovereign communication is revolutionizing collaboration
Sovereign communication enables you to stay in constant contact with external partners. In an industry heavily reliant on collaboration with suppliers, freight forwarders, and other external service providers, how does this function improve the efficiency and security of communication – even across company boundaries?
Joshua Roach: “Wire isn’t just for creating secure guest links. The challenge was how to communicate securely with partners and suppliers or exchange files that don’t use Wire. That’s essentially where end-to-end encryption falls short. If I’m using a secure tool, but the other party isn’t, then I have a security gap.”
That's why we opened the service to external users. I can invite external parties to Wire on our server without bringing them into the internal company network or opening any doors. I invite them to a chat group for a limited time, where they can communicate with us. However, they are marked as guests to prevent the same situation that occurred in the US with Signal and to ensure certain levels of trust. I know exactly who are internal employees and with whom I am allowed to share confidential or internal documents: Who are external parties, service providers, or suppliers? This is all displayed in our communication services. This is important to prevent data breaches or human error.
We can go a step further: For example, we can federate our own server, which we run here with Wire. This is where the decentralized architecture comes into play: One of our suppliers could also have their own server, which we could link to ours. Then we would also have digital identities, because I know via my company ID that every employee on the service is indeed that employee. The other party can likewise ensure that all their employees are indeed themselves. When we federate these, the identities are mutually linked. And we know that the person we're dealing with is truly who they claim to be.
This is the major problem with centralized communication. Services like WhatsApp run on a single server where all users are simultaneously present. Here, identity is linked to a mobile phone number, which can be faked, stolen, or manipulated. You never have the certainty that it's really that person and, equally important, how to verify their identity. We see the associated problems in the numerous social engineering attacks: all these manipulations on a psychological level using WhatsApp and other services, where fraud is perpetrated, cyberattacks are launched, and viruses are distributed. There's a plethora of fake accounts on WhatsApp, Telegram, and other messengers. On the Wire platform, which we use, there are no fake accounts at all. And especially in times of AI, deepfakes, and voice changers, we absolutely need this security of digital identities.
Compliance and data minimization: Less data, more security
How does secure communication help retailers comply with internal and external rules, particularly through features such as self-deleting messages and decentralized storage of personal data?
Joshua Roach: “Firstly, it’s obviously crucial: This end-to-end encryption helps us immensely. We only store the data for as long as necessary, it’s always encrypted, and it’s only decrypted on the end devices. This means that the operator, in this case our cloud provider STACKIT, is exempt from most compliance and data protection requirements. And this is despite our data protection certification, even though no data is actually stored or processed there. Data protection obligations only apply when personal data is stored, processed, or shared.”
Since the data is encrypted, it is no longer considered personal data under the GDPR because it is unreadable. That's one way we mitigate this. The second way, of course, is to link the login process to the business email address via Single Sign-On (SSO). We don't link any personal phone numbers, dates of birth, addresses, or other personal data. We keep it to a minimum and only collect as much data as necessary, not as much as possible, as is the case with WhatsApp or Facebook. That's a different approach.
Real-time crisis resilience: The key to future security
More secure communication is also something that will become increasingly important in the future. For example, how can secure and real-time communication strengthen a company's crisis resilience?
Joshua Roach: “We are also addressing this issue very intensively. Crises are becoming faster, more diverse, and more frequent worldwide. For a corporate group with a presence in 34 countries, this is a topic that affects us daily. When we look at the recent natural disaster in Spain, where we have many branches, the question always arises: how do I, as a company, protect my employees? We have many crisis management tools and software in place that provide us with early warnings of crises.”
But the problem is always how to disseminate warnings and alerts to thousands of employees across a country. How do I communicate them correctly, and how do I reach them all in real time? It's obviously fantastic when everyone uses our communication platform, allowing us to quickly and instantly warn them about a forest fire, an earthquake, or other hazards. And it's even better when we can also warn our suppliers and the supply chain about such issues. This includes logistics centers and truck drivers. We've made this kind of real-time communication, which is both secure against eavesdropping and fail-safe, possible with Wire.”
Featured image: © Bussari – stock.adobe.com