Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

8 Supply Chain Security Requirements

Complex supply chains have complex security requirements, but secure them you must. Here's where to start.
2 of 10

Look Both Ways

It's common to think of a supply chain as something that ends in an organization, but that can be a limiting and dangerous assumption. "When you're considering how to secure your supply chain, it's important to consider both upstream and downstream. We often think of the vendors that supply us as the target of supply chain security, but the vendors that we supply are also in scope," says Tim Erlin, vice president of product management and strategy at Tripwire.

When it comes to both sides of the supply chain, the first step is knowing which organizations make up the links. "A simple, practical step is to start making a list of all the organizations you deal with, either as suppliers, clients, or customers," Erlin says. "Ideally, you should be able to identify and categorize the data to which any of the organizations that you deal with have access."

Much has been made of API security, but most of the attention has been given to the APIs companies or their suppliers have in service. Equal attention must be paid to the APIs and services customers require a company to use to stay a major step ahead in protecting the total supply chain.

(Image: Delphotostock VIA Adobe Stock)

2 of 10
Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
Ron_Culler
50%
50%
Ron_Culler,
User Rank: Apprentice
5/18/2020 | 9:44:24 AM
We can't forget the Country/Manufacturer of Origin
To often with regards to IoT devices it's easy to overlook who the real manufactuer of the device is. Especially when you see a trusted name silkscreened on the front. Understanding who really makes the underlying tech and accompanying os/application is a must, especially if these devices are being deployed in critical infrastructure, DOD or State/Fed networks. 
Name That Toon: The Lights Are On ...
Flash Poll