One field-tested security strategy for information systems and digital content is to address the problem through processes, people and technology. On the process front, all companies involved in the production of digital IP should, by now, be adhering to a proven information security framework that fully addresses supply chain risks. That includes making sure your digital IP is protected at all times, even during post-production (or maybe we should say especially during post-production, given recent incidents).
Fortunately, there is a ready-made cybersecurity framework that companies can use, at no charge, thanks to the US federal government, which has done some sterling work in this area, namely the NIST Cybersecurity Framework.
The current version is a great way to get a handle on your organization’s cybersecurity, and the next version, currently in draft, goes even deeper into the need to maintain cybersecurity throughout the supply chain. For that reason, the draft is worth quoting at length:
“The practice of communicating and verifying cybersecurity requirements among stakeholders is one aspect of cyber supply chain risk management (SCRM). A primary objective of cyber SCRM is to identify, assess and mitigate “products and services that may contain potentially malicious functionality, are counterfeit, or are vulnerable due to poor manufacturing and development practices within the cyber supply chain.”
You may be aware of risks and problems in your own business, but increasingly it’s possible to be exposed to issues by other organizations that you deal with, particularly if you’re buying in IT services.
How can enterprises deal with these threats and ensure that their data and that of their customers is kept safe at all stages of the supply chain? We spoke to Dean Coleman, head of service delivery at service management and support specialist Sunrise Software, to find out.
BN: How difficult is it for larger organizations to manage problems that might occur further down the supply chain?
DC: It can be quite difficult, historically most organizations have a handle on risk in terms of what’s going on in the business, financial targets and so on. But when it comes to IT risks and the supply chain providing IT they don’t have the same visibility. These days IT is everywhere and businesses depend on it so IT problems have a larger impact. The understanding of risk needs to be something that key decision makers are more aware of.
BN: Is this a particular problem when dealing with smaller companies who might not have resources in house?
DC: Yes, from the supplier side of the fence we see that smaller organizations often don’t have the skills in house to deal with security, infrastructure, and so on. They rely heavily on these services but don’t see them as a core part of their business. Because they don’t have the skills and resources they will often turn to third parties to manage these things for them. However, in some cases the third parties also don’t do a very good job, they’ll be providing reactive services rather than the proactive ones that are really needed to predict problems based on risk.
There’s an old expression, “Don’t work harder; work smarter.” Old as it may be, this is one of the adages of New Purchasing: The answer to complexity does not have to be more complexity.
Is this not the reason for enterprise technology? Organizations adopt solutions that enable their employees to work more quickly, more efficiently and with better organization. Really, this is the same reason that many people adopt technology in their personal lives, as well.
If you’re looking to build a website, you no longer need to code everything from scratch. Instead, services from sources like Google and Homestead can do that for you. With Google Domains, you can easily find a domain and build a website for your business, while their innovation services provide developer tools, APIs and other resources for quickly adding novel features. Similarly, Homestead offers you the means to “Get a site. Get found. Get customers.”
Each of these solutions providers offers you a simple, elegant solution for what seems like a pretty daunting task. Wouldn’t you expect the same technology treatment for improving your enterprise procurement?
Just as building a website for a personal blog or corporate website has never been easier, the same is true for creating an online shopping site. Shopify’s solution can help you to create an online storefront for one product or millions – without needing any specific design skills. With a platform like Mobify, you can even extend that digital marketplace with mobile touch points.