Alert: Securing The Cyber Supply Chain
SECURITY PROS DRAW A LINE AT THE FIREWALL—what happens “out there” might be beyond their control, but a secure perimeter is intended to protect the data and systems within. That view, however, fails to take into account the role of developers, vendors, customers, users, and others along the supply chain of IT systems, hardware, and software coming into the enterprise. A new school of practice advocates a more encompassing approach to security that leaves none of those touch points unchecked.
It’s called the cybersecurity supply chain, and, as it sounds, it applies the principles of supply chain management—product assembly and acquisition, data sharing among partners, governance, and more—to the security of IT systems and software. “Organizations need to realize that their borders are porous,” says Jim Lewis, director and senior fellow of the Center for Strategic and International Studies’ technology and public policy program. “We’re no longer living behind a moat. It’s not just how secure you are, but how secure the people you connect with are as well.”
About the Author
J. Nicholas Hoover has been a technology scribe for InformationWeek since 2005, variously writing about networking, Microsoft, collaboration and cloud computing before moving into the government beat in 2009. Prior to joining InformationWeek, Nick was a graduate student in journalism at American University, where he was a general assignment intern for the Washington Examiner and news editor of an online magazine at American. He found his reporting itch after blogging about the Iraq War in 2003.
Be the first one to comment.