Sure, vital components that constitute the infrastructure of networks will be exposed to an untold number of threats after deployment - that's the nature of the beast. But how do we defend against threats that are built into those components before they ever reach our doorstep? That's an issue organizations will be increasingly faced with over the next five years as supply chain integrity is predicted to emerge as a top level security concern for Global 2000 IT leaders.
A forecast prepared by Gartner's Maverick Research, titled Living in a World Without Trust: When IT's Supply Chain Integrity and Online Infrastructure Get Pwned, indicates that as the technology supply chain becomes increasingly targeted and compromised, organizations will need to proactively address the increased risks presented by the changing conditions in the IT marketplace.
Complicating the challenge of securing the supply chain are trends in globalization and outsourcing by manufacturers, with the decentralization of production and the rapid pace of innovation in the marketplace giving rise to an increase in opportunities to introduce compromises into the system.
"In the shorter term, the market for information security offerings will fragment along geopolitical lines. In the longer term, the same will happen for OSs and other IT system infrastructure software, reshaping the IT landscape moving forward. Enterprise IT departments must begin to make changes today to protect their systems and information in a world where all IT systems are suspect," said Gartner Fellow Neil MacDonald in a press release.
While vulnerabilities in the production and distribution of hardware have been on the IT industry's radar for some time, the Gartner report says precautions must be extended to the software supply chain as well given the increase in instances of counterfeiting, the off-shoring of development efforts, and the need to ensure trustworthy mechanisms for patching and updating code after deployment.
"IT supply chain integrity issues are expanding from hardware into software and information. They are growing more complex as IT systems are assembled from a large number of geographically diverse providers, and, now of mainstream concern to enterprise IT," explained Gartner's Ray Valdes.
Further controls must be extended to the information supply chain as well, according to the report, as decision makers and the public are increasingly drawing on data from an ever wider variety of available resources through the Internet. Ensuring that the information being tapped is dependable and emanating from legitimate sources may be the biggest challenge of all.
"This has significant implications for businesses, governments and individuals moving forward," Valdes said.