‘IT supply chain integrity, top security concern’

Our Bureau Updated - March 12, 2018 at 02:42 PM.

By 2017 IT supply chain integrity will be identified as a top three security-related concern by global 2000 IT leaders.

Enterprise IT supply chains will be targeted and compromised, forcing changes in the structure of the IT marketplace and how IT will be managed moving forward, according to research and advisory firm Gartner.

These findings are produced as part of Gartner's Maverick research.

“IT supply chain integrity issues are real, and will have mainstream enterprise IT impact within the next five years,” said Neil MacDonald, research vice-president and Gartner Fellow.

“Enterprise IT departments must begin to make changes today to protect their systems and information in a world where all IT systems are suspect. These changes in information protection strategies will help enterprises embrace and adopt cloud computing and consumerisation, which have strikingly similar issues with untrusted systems,” MacDonald added.

The IT supply chain has become more complex, fine-grained, globally distributed and volatile in the sense that rapid change provides the opportunity to introduce compromises. Hardware vendors are increasingly outsourcing not just manufacturing, but also design to OEM suppliers and contractors located in Asia and India. In some cases, established Asian suppliers are outsourcing to emerging economies such as Brazil, Vietnam and Indonesia. This is a complex problem, since most hardware systems are a conglomeration of components and subsystems procured from a large number of individual providers.

However, Gartner analysts said most hardware systems include software-based elements (at a minimum, firmware and drivers) with the trend to shift more intelligence out of hardware and into software.

Software supply chains include components, frameworks, middleware, language platforms, virtual machines and operating systems, but also the software infrastructure and environment for software distribution and updates.

Ensuring the integrity of software supply chains is a more difficult problem because of the increased use of offshore development, the relative ease of cloning software, and the ongoing need to keep software patched and updated via trusted mechanisms.

rajesh.kurup@thehindu.co.in

Published on October 18, 2012 09:59