Buyer beware: Do you know how much supply chain assurance is enough?
May 30, 2018
Supply chain security seemed like child’s play when it consisted of a small handful of companies that operated in a paper- and pen-based world. Then, we didn’t have to worry about supply chains that spanned date lines, time zones and networks.
In today’s global marketplace, supply chains can span dozens of countries and hundreds of suppliers. As a result, supply chain structures and the strategies needed to secure them have changed dramatically. Traditional cybersecurity that’s focused on protecting supply chains from outside attacks doesn’t address 100 percent of the vulnerability. To keep your company safe, you need an end-to-end supply chain solution to guarantee a secure product purchase.
What is supply chain assurance, you ask?
Supply chain security ensures that the product you order is the one you receive. It provides transparency into supply chain operations and tracks a product through the lifecycle of its development, mitigating the risk of tampering, theft or delivery disruption. The result is a protected and secured environment that delivers a higher level of confidence in product quality. Consider what could happen if you connected a maliciously corrupted PC to your mission-critical enterprise systems. In the worst case, your main system could be hacked and business continuity could be interrupted. If this were to happen, your customers could be impacted and your business put at risk for lawsuits and costly fines.
So how exactly does it work?
Supply chain assurance involves discovering and mitigating vulnerabilities in hardware and software in order to uncover backdoors that can allow an attacker to change how your systems work. To limit these vulnerabilities, you and your suppliers need to discover potential threats as early in the supply chain as possible. Supply chain assurance programs are increasing the flexibility and automation of risk mitigation and helping to satisfy compliance mandates for some regulated industries. The National Institute of Standards and Technology (NIST), for example, has established risk management best practices for federal information supply chains. In addition, the International Organization for Standardization (ISO) has standardized specifications for secure management of supply chain systems.
How much is enough?
The question of supply chain assurance doesn’t necessarily relate as much to the amount of assurance but rather to how widely you are covering the risks associated with your supply chain. A multi-tiered approach that protects facilities, operations and systems is considered a best practice across the board. Protocols should be in place to identify, assess, respond and monitor supply chain risks and penetrations. Risk assessment and risk management processes throughout all phases of your supply chain can reduce the threat of an attacker tampering with devices or introducing counterfeit products.
CyberCore is an HP Platinum Partner that can provide supply chain assurance for your business by thoroughly inspecting each link in the supply chain. Our supply chain approach ensures every component maintains the highest levels of security to satisfy NIST and ISO requirements. Download the brochure to see how we can protect your IT purchase from risk.