1 May 2022
What do we mean when we say “Information Security Supply Chain”?
We are inundated by news related to the supply chain lately. It makes sense to get a common understanding of the term and add in a little bit of the history. At it’s most basic, “supply chain” refers to the sequence of processes involved in the production and distribution of a product. Investopedia defines a supply chain as,
“…a network between a company and its suppliers to produce and distribute a specific product to the final buyer. This network includes different activities, people, entities, information, and resources. The supply chain also represents the steps it takes to get the product or service from its original state to the (Will Kenton, 2022).”
This applies to goods and services the consumer may receive. The consumer may be an individual or may be another company that uses the product to provide goods and services to another company. A supply chain, when used as a competitive advantage, is complicated and often fluid in nature. So if anything goes wrong in the supply chain, it can have a severe negative impact to the consumers and the supplier.
Another term that came into existence in the early 1980’s – Supply Chain Management or SCM, refers to managing the supply chain as a competitive advantage. More on that in another post.
Consider the US Automobile Manufacturing Industry. With the shortage of just one component from other suppliers, consumers experienced a massive car shortage that is expected to last years! And that was just a misstep in the supply chain management. Imagine what would happen if somebody intentionally tried to disrupt a supply chain.
In today’s global economy, companies use technology as another competitive advantage. But what happens if that technology is compromised? What if it is infiltrated or otherwise interrupted? A company in Los Angeles may be highly dependent on and connected to companies in San Paolo, Lagos, and Singapore, more than at any time in previous history. The more connected each component of the supply chain becomes, the higher the risks associated with producing and delivering goods and services. Many of these companies rely on technology to make and deliver goods and services at lower, more competitive costs.
That’s where information security practitioners come in. They focus on the protection of supply chain components to ensure the basic requirements of confidentiality, integrity, and availability of the technology, information, ultimately the services that makes up the supply chain for many businesses, are preserved.