Providers of managed security services should take note of a security concern which gets nowhere nearly as much attention as hackers, viruses and the like, but is vital to the success of almost any technology-oriented business and rapidly growing as a global concern. Namely, IT supply chain integrity.
Recent Gartner Maverick research indicates that IT supply chain integrity, defined as the process of managing the internal capabilities of an organization and its partners and suppliers to ensure all elements of an integrated solution are of high assurance, will be identified as a top three security-related concern by Global 2000 IT leaders by 2017.
The 3 Types of IT Supply ChainsGartner advises companies with enterprise IT systems to use either in-house-developed or third-party (where MSPs have an opening) solutions to ensure IT supply chain security. There are three distinct types of IT supply chains, which are all intertwined: hardware, software and information. Following is a brief overview of the inherent risks facing each type of IT supply chain today.
Hardware – Gartner points out that most hardware systems are a conglomeration of components and subsystems procured from a large number of individual providers. Manufacturing and design are both routinely outsourced to third-party suppliers in a variety of emerging economies where regulatory oversight may be less rigorous than found in more established economies.
Software - This includes components, frameworks, middleware, language platforms, virtual machines and operating systems, as well as the software infrastructure and environment for software distribution and updates such as DNS, identity, application store packaging and digital certificates. Increased offshoring of software development, the relative ease of cloning software and the need for security patches and updates all compromise software supply chain security.
Information – The emergence of “Big Data” means organizations are taking in a huge amount of unfiltered data from sources beyond the corporate firewall, such as social, mobile and cloud-based systems. Individual pieces of data can be interconnected and the sources of “metadata” can be almost impossible to trace.
MSPs Play Crucial RoleEffectively managing IT supply chain integrity and security is a potentially vast undertaking not easily solved by simply purchasing and implementing a third-party solution. Most organizations will need to implement a variety of solutions and services to fully protect extended IT supply chains (much of which now only exists in a “virtual” sense). Even large organizations will sophisticated in-house IT security practices may find maintaining the integrity of their IT supply chains an overwhelming task. Companies using cloud-based or “BYOD” technology are especially at risk to IT supply chain disruption.
MSPs with wide-ranging security expertise should investigate how they can create a package of managed services that will allow clients to protect their IT supply chains with the proverbial “flick of a switch.” The task will hardly be easy for MSPs to undertake, either, but with great effort comes great reward.