Click to learn more about author Gene Trousil.

Countries are increasingly flexing their regulatory muscles and controlling the way data is collected and used within their borders. This has led to variations in regulations across regions that cover security, privacy, and trade, all of which impact the global supply chain. Some countries even have the ability to shut off internet access to and from the outside world. This means if you’re operating in one of these countries, you’d better have a contingency plan to deal with such a scenario. Fines for violating these regulations can be up to 4.5 percent of the revenue of your company, so you need to take them seriously.  

The European Union’s General Data Protection Regulation (GDPR) is one such measure. On July 16, 2020, with a swipe of a pen, the EU Court of Justice (CJEU) Privacy Shield was struck down. Within hours, companies were scrambling to make sure the EU was not cut off from their U.S. Data Centers based on the jointly crafted and agreed to Privacy Shield. Even California has a similar regulation called the California Consumer Privacy Act (CCPA). Without a doubt, more states and countries will follow.

Supply chains span regional and national borders, so companies doing business across borders, and software vendors supporting them, have to ensure that they can comply with these differing and sometimes contradictory regulations. Then there are the customers who use the software, which has its own requirements, regional sites, and business processes that must be accommodated. Of course, the security and confidentiality of their corporate data is of supreme importance.

The bottom line is that in many situations, you cannot disclose key information. However, your supply chain platform must run globally, across a multitude of trading partners, spanning tiers, transportation modes, and national boundaries while complying with all mandates and customer requirements. A federated network is one way that organizations can leverage these significant challenges.

Defining a Federated Network

A federated network is a group of interconnected networks that has the ability to send data and messages between parties but can also continue to operate when that connection is lost, such that all the networks function as one. However, it’s important to distinguish that networks fall into three broad categories based on where and how they are organized and, specifically, where decision-making control resides.    

• Centralized networks are basically a hub and spoke model with a central organization point, centralized decision-making, and a single point of failure.
• Decentralized networks exist whereno single entity or group controls decision-making or information flows.  
• Distributed networks have their actions performed by different parties, but decision-making and ultimate control reside with one entity.

Both these latter types of networks, decentralized and distributed, can be federated. However, a centralized network cannot because, in an important sense, “federated” means “not centralized.”

A good example of a federated network is the traditional cellphone network. When you make a call from your T-Mobile phone to a friend who has an AT&T phone, that connection is made in the background, and it’s transparent to the callers. To the caller and callee, the call functions as if they are both on the same network. And it’s all done without transferring personal information like billing information, home addresses, etc.

Federated networks for supply chain planning and execution operate in the same way and provide a number of advantages, including:

• A “single version of the truth” (SVOT) for the business and its global trading partners
• A community master data repository that streamlines and standardizes data and information flows across all supply chain functions and all public and private networks
• Unlimited connections among trading partners, including manufacturers, suppliers, customers, logistics providers, and their networks
• Privacy as each can be deployed as a private network

Federated Networks: Supply Chain Friction, Data Access, and Control

Let’s consider a real example of a federated network running today called CMD (Common Master Data) that works with a variety of industries, from healthcare to automotive/manufacturing to foods and more. The CMD stores all credentials and those of your business partners, as well as common master data, such as your sites, parts, items, etc. After signing into an industry network through the CMD, the credentials used to get transferred from that network to the other networks. But it’s only very specific data that is shared for whoever signed in and only the data required for whatever they’re going to do.  

CMD plays a key role in keeping networks and enterprises interconnected, without creating complexity, slowing down the network, and creating redundant data. Also, by using a federated network, organizations can avoid replicating all of the data and infrastructure, and there’s no maintenance on their part. Data errors and data conflicts are minimized as all parties are working from a SVOT, making it far more scalable when dealing with large industry networks where you have thousands of companies and SKUs. Because you’re not replicating data and infrastructure, it’s also more economical to manage and support, and these savings can be passed on to customers to grow competitiveness or improve margins.

The federated network provides a near real-time shared environment that opens up a host of options for sharing data across the network. Data can be open, filtered, modified, and blocked, all depending on the situation:

• Shared: as is, visible to parties with the relevant permissions to view it
• Blocked: so it is inaccessible to all
• Masked: so that only portions of the data are shared
• Anonymized: so the data is shared but without identifying the person who owns the data

Combining these capabilities enables companies to share the data across their business network with multiple parties, but allows counterparts to see only what they need and are entitled to see. Like the cell phone network example, when making a call, only the data that’s needed to make that specific call is replicated from one network and phone to the other. It’s the same with the federated network and transactions across the supply chain.

With a federated network, each company can manage their supply and demand networks according to their corporate governance, values, and objectives, while accommodating regional laws in all the countries that they operate in. Data from any network can be shared across the networks: network to network, partner to partner, and even to firewalled and third-party systems. In unrestricted scenarios, parties can see order numbers, item numbers, quantity, etc. On the opposite end of the scale, the network can block everything so that no one sees anything, or perhaps it is shared only with certain roles in a very specific department within a company, such as human resources or finance.

The more interesting and common cases lie between these extremes of open and blocked.

Anonymizing: Many of these privacy regulations mean that a person has the right to be “forgotten” and wiped from your system. But practical considerations and other regulations require that you can’t just delete transactions that a given person was involved with. So, for example, if you’re moving hazardous material from Point A to Point B, the U.S. Department of Transportation says you need to keep a record of those transactions and movements for a minimum of seven years.

This data has to be treated carefully, so the transaction records are maintained, without identifying the person involved. Yet, it is also required by law that you need to be able to reconstruct the full transaction with the persons involved. So, behind the scenes, you need to maintain some cross-referencing to your anonymized records in case you are required to do that in the future.

Masking: The network can also mask data. This is a common scenario and involves keeping the information in the database, but without presenting it to another party. For example, contact information might be masked, with telephone numbers and email addresses blanked out when a given record is shared, but remaining available for sharing in other contexts. This capability is invaluable in many industries, for example, in healthcare for patient privacy, and in defense when you are dealing with ammunition stores, troop movements, and other classified information.

In supply chain applications, masking enables the business to share an order number to certain parties, while others see a dummy order number. That order number can still be cross-referenced to an order number on another federated network.

A Federated Network Today

Federated networks are scalable and flexible and can manage almost any type of good or service, with customers processing more than 5.6 million transactions a day over a federated network. Two of the top three largest grocery chains in the U.S. are also on a federated network. Another network tracks ammunition for the U.S. Marine Corps and manages grocery produce, automotive parts, and pharmaceuticals worldwide. Finally, a federated network is being used to track all the money, from entry to exit, for a central bank in a major African country.  

You can bet that with the U.S. Dept. of Defense using a federated network, it has been rigorously tested for security, scalability, and for performance in mission-critical applications. Nevertheless, it has a dedicated reserve system that is in sync, so that in the event of a catastrophic failure at one location, the network fails over to the disaster recovery network and continues to run. This takes a huge burden off companies, who no longer have to worry about maintaining, backing up, or losing their data or systems.

This is why, in today’s turbulent world of changing regulations, pandemics, and trade wars, federated networks are coming to the forefront in global supply chain management.