Considering the supply chain is integral to a sophisticated and holistic security strategy, according to one expert.
Speaking at the Security Development Conference 2013, Edna Conway, chief security strategist at Cisco Systems, said that including the supply chain ensures security processes have the integrity they need to protect modern business.
She explained that Cisco sees the supply chain as a “crucial differentiator” to make the organisation more secure.
“The supply chain is a critical element of a secure network and if software developers fail to get it right then we all fail,” said Ms Conway.
She said that the company is appealing to its developers to think about the things it can do to improve the security of the forward supply chain. These measures could include anti-counterfeiting systems, designing in traceability and secure technologies.
By focusing on these key areas – as well as the misuse of intellectual property – the base level of security can be increased in finished products and services.
“We need you, we are on the same team, and this is a great time to be in security,” she said.
“Supply chain security as the foundation of security is what customers have come to expect.”
True security needs to be considered from start to finish through the supply chain; from development, through logistics and fabrication and then scrap management. Without considering each stage organisations cannot be certain that their security measures are thorough enough.
"Adopting limited and integrated international standards will prevent 'balkanised' efforts,” she said, explaining that efforts need to be uniform but also relevant to the time, place and practice.
"Set and communicate goals. Define security practices. Scan your macro environment,” Ms Conway summed up.
In recent years businesses have had to completely reconsider their approach to the supply chain and logistics, as supply chains have become more convoluted and globalised. Previously firms would have had a much clearer idea of where products originated, but this is no longer the case, meaning steps must be taken to tighten security.