Securing Your Supply Chain in an Era of Uncertainty

Since the COVID-19 pandemic changed the world as we know it in early 2020, the topic of supply chains has become elevated. Supply chain issues have led to empty store shelves, component scarcity and global efforts to figure how to address the multiple layers of these shortages. While we won’t look to solve all supply chain issues here (we’ll save that for a later report), we’ll focus on two primary supply chain security areas in this report:

1. Access control for all participants across the supply chain lifecycle
2. Software supply chain models for everything in the CI/CD pipeline

Enterprises face major challenges in maintaining a comprehensive set of protection capabilities across a diverse supply chain environment. We’ll focus of developing a flexible and improved supply chain security posture through the combination of:

1. Access controls that are sufficiently granular and contextual in nature,
2. Access governance that ensures proper separation of duties (SoD), least privilege access and active monitoring/modulation,
3. Privileged access management (PAM) that extends into multi-cloud environments for securing administrative access to all supply chain applications and services including MFA, session management, credential security and application secrets management,
4. A security-centric CI/CD pipeline that incorporates all aspects of the cybersecurity policies across the Agile Development methodology, including code review, security testing and vulnerability management.

We’ll also include our Reference Architecture for protection of both supply chains within the enterprise, and share recommendations critical to creating a secure, sustainable and transparent supply chain environment.