Dave Lewis writes for Forbes about what he feels is a lack of attention on the important topic of digital supply chain security. A reliance on IT outsourcing for the help desk, code development, and expansion of partner networks means that information has to be protected just that much more thoroughly as it is passed along or even stored by third-parties.
Firewall for All
Lewis describes one incident in which security was not up to snuff:
At one organization that I worked for I went trawling through the tickets for passwords, configs and SNMP strings. What I found was very troubling. The worrisome aspect was that all of this information was stored in the databases of a third party that was located overseas. The transport was over HTTP and I had no idea as to the state of the database or if any record contained within it was encrypted.
The CIO had foregone proper security in the pursuit of getting the project up and moving. Gartner believes that IT supply chain security will be a top-3 security-related concern by 2017, but Lewis argues that time has already arrived. He has another example of a US-based firm that outsourced code development to a Russian firm, but the US firm did not have proper security in place and the Russians had access to encryption in a product set being developed. If you want to think about more ways you need to stay vigilant, you can read Lewis’s full article here: http://www.forbes.com/sites/davelewis/2014/07/28/digital-supply-chain-insecurity/