Every once in a while supply chain experts rattle off a list of things that concern them about how well the supply chain works or doesn't work. One of the items often topping the list is the integrity of information moving up and down the supply chain.
Gartner, in fact, recently said global IT leaders will identify IT supply chain integrity as a top-three security-related concern by 2017. Specifically, Gartner predicts that enterprise IT supply chains “will be targeted and compromised, forcing changes in the structure of the IT marketplace and how IT will be managed moving forward.”
The firm defines supply chain integrity as:
- The process of managing an organization's internal capabilities, as well as its partners and suppliers, to ensure all elements of an integrated solution are of high assurance. The need for integrity in the IT supply chain is necessary, whether the solution is developed in-house or purchased from a third party.
I'm not sure if supply chain integrity is less of a concern now, compared to a few years ago, or why the concern will markedly increase five years from now. For as long as I can remember, the threat to trustworthy data-sharing practices has always been there, and people long have mentioned the importance of being able to safeguard internal capabilities, and receive and send sound data among suppliers, customers, and other trading partners.
Gartner, however, points out that as the IT supply chain has become even more complex and global the possibility for volatility and compromised data has also increased. Complicating matters is the fact that hardware vendors are more frequently outsourcing, not only manufacturing, but design work to contractors in Asia and India; and more established Asian suppliers are beginning to outsource work to emerging economies, such as Brazil, Vietnam, and Indonesia. According to research vice president Ray Valdes:
IT supply chain integrity issues are expanding from hardware into software and information. They are growing more complex as IT systems are assembled from a large number of geographically diverse providers, and, now of mainstream concern to enterprise IT.
These issues are not just about defense and intelligence. This has significant implications for businesses, governments and individuals moving forward in a world where the integrity of the IT supply chain is no longer completely trustable, and where all layers of the IT stack will be targeted for supply chain compromise.
Considering the expanding range of platforms used in today's information- and software-based economy, Gartner suggests that activities around IT supply chain integrity must extend to:
- Software supply chains, which include components, frameworks, middleware, language platforms, virtual machines, operating systems and software infrastructure
- Information supply chains, which could include integrated information from partners, suppliers and cloud-based services, such as data from Google Maps, Twitter, Facebook and Amazon
Given the vast number of ways by which companies relay supply chain information nowadays, Gartner may be on to something: Better to think of this issue now before a threat becomes a reality.