The Duo Blog
The “great supply chain disruption” is causing chaos around the world for everyone from farmers to automakers to consumers. What is less appreciated is that supply chain changes can pose new challenges not just for logistics, but for IT security as well.
New ways of working can increase the resilience of an organization, but they require additional levels of disclosure and uberrimae fides — utmost good faith — between security teams, and not just a tick-box approach.
For the last few years, one of the main topics in the cybersecurity world has been the dissolving perimeter, which increasingly places resources and assets outside our immediate sphere of control. Critical applications are now held within other computers in the cloud or accessed by remote users on their personal devices.
The response has been an evolution in security, where checks and balances are performed by a variety of controls that authenticate the user, their devices and the data stores at the point of access.
One key area that affects an organization’s security posture is its business relationships with third-party suppliers who provide the parts and content to produce an organization’s products.
In simple terms, there are two main strategies: relying on a small group of critical specialist suppliers or on multiple suppliers. The latter reduces the risk of a single point of failure to production, as if one supplier fails then an alternative can be used to ensure production resilience. Alternatively, an organization may adopt a strategy to focus on a close relationship to reduce costs or simply because there are limited suppliers producing that particular item. Disruption to this element of the supply chain may impact the resilience of the organization severely.
This risk will ebb and flow as the nature of the supply chain changes. For example, when faced with volatile changes in shipping rates, some firms have decided to onshore production to new partners. With closer technology dependencies between organizations and suppliers, s
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.