Do you know who’s on the other end of your network? A while back I was working on a project with a client. This particular client was a very typical Fortune 1000 company. They were a very active business and industry with lots of transactions and sellers and customers. We were going over his particular security posture, working on a set of policies.
And one day I noticed something, they were having a discussion about a certain delivery of supplies that strangely enough was the right items they ordered but they did not know who the supplier was. A short investigation ensued and they found out that the supplier whom my client had ordered the supplies from, had subcontracted it out to another supplier to get quick delivery and service; my client’s supplier just had their subcontractor send it directly to my client.
This type of thing happens and it is not that big of a deal. Poor communication the supplier should have notified my client but nothing too serious. But is it? In the pre-automation world, it would not be. But now in our times of supply chain automation, who you do business with is very important.
Who’s On The Other Side?
Who you do business with determines many things. But from a supply chain and security perspective, it determines even more. Going back to our previous discussion about the trust model you can see how all of a sudden you are doing business with a supplier who is untrusted.
And if you are doing business with a supplier who is untrusted your data security is exposed. Plain and simple you are at risk. Who is at the other end of your network? But this is more of an unusual circumstance. What about your regular suppliers or your customers down the line?
Do you know their security posture? Could you come up with a list of suppliers and have a rating of what their security posture is at any given time? Could you show who is at the other end of your networks? What would you do if a particular member of the supply chain is compromised? These are potentialities that need to be accounted for in order to maintain a secure environment.
The Future Of Supply Chain
Gartner says that “by 2018 50 percent of organizations in supply chain relationships will use the effectiveness of their counterpart’s security policy to assess the risks in continuing the relationship, up from 5 percent in 2015.” What this means is that you will be evaluated on the security of your supply chain to determine the safety of doing business with you.
So let’s look at the scenario above again. One of your other suppliers or a customer finds out you are doing business with an unknown or untrusted entity. How will they react? Will you have problems? Will you get the same preferential treatment as your previous relationship?
The simple fact is you will need to show the efficacy of your security posture and policy structure to your customers and suppliers on an ongoing basis. But this can only happen if you are successfully implementing a cogent, well communicated, and updated security posture at all times. As you can see once again, these are strategic concerns and not technical.