Security risks today can come from any source.  Sometimes there are deliberate attacks, sometimes, there are inadvertent security issues and they can come from outside or within your own organization, but one of the most critical points of weakness in the modern enterprise can be outsiders, third-party groups and vendors.  The evidence is clear that the modern enterprise has changed, delivering global product and incorporating global sources through a vast network of global suppliers.  Inevitably, the information bridge between supplier and enterprise must be opened, but with this relationship comes an increased risk of not only a serious breach, but also threats to the liability profile of the parent organization in the event of regulation and compliance issues.

 Security breaches and the trusted supplier

In a briefing with Global Product Positioning Lead for HP Enterprise Security Services, Jeffrey Lewis, the conversation addressed how to improve the position on this organizational threat.  Depending on which sources you are looking at, the statistics are undeniable and eye-opening – by some reports, nearly half of all breaches that are reported can be attributed to a mistake from a trusted supplier.  That’s just what’s being reported.  So you can see that extending your security and compliance throughout the supply chain is a critical task that must be considered in order to keep corporate assets safe.  The challenges are big, there’s lots of red tape to go through, a lack of resources in many cases to secure these kinds of initiatives, but they are critical because noncompliance or incidents can mean big penalties and fines.  Now, most supplier contract arrangements may technically fall within regulatory compliance standards because they have to under agreements.  However, that risk exposure isn’t necessarily gone.  Your enterprise objectives may extend beyond that however, so you must employ a governance strategy that is clearly defined, augmented with technological means, with experienced guidance.

HP’s Supplier Security Compliance Solution

Many CISOs mainly focus on protecting organization from external threats and vulnerabilities, but taking on this supplier initiative means a whole new world of challenges.  That’s where HP’s Enterprise Security Services, through its Supplier Security Compliance Solution is making a big difference, because CISOs have to deal with these threats without impeding information flow or disrupting business processes.  Through establishing tactical business-based security processes that govern interaction between enterprise and its chain of suppliers, the stage is set.  Through HP’s advisory services, elements like routine risk assessments, best practices, metrics compliance, auditing and reporting are introduced into the supply chain picture.  Based on your situation, the services leverage the best in technology and process to achieve the best possible security posture from the supply chain paradigm.  Lewis advises that organizations need to have clear goals and requirements in supply chain relationships and that process and systems must be in place to ensure that these initiatives are reinforced through this framework.  

In all, supply chain security doesn’t have to be a daunting endeavor.  The matters are significant and definitely serious, but governing that interaction between enterprise and suppliers can be secured through excellent process, policy and technologies, the kinds which HP’s Enterprise Security Services is available to provide.