In information technology, organizations often must tackle a trade-off between efficiency and security.
One example that frequently pops up is the way in which cloud-based services improve accessibility and flexibility but also complicate traditional security practices and encryption strategies. Supply chain management is another area that has a serious battle to face in negotiating both efficiency and security. Many of the operational and information technologies that enable critical efficiencies also introduce security risks.
Navigating the terrain between security vulnerabilities and operational impediments isn’t easy. And for many organizations, the compromise has leaned toward lagging security defenses.
Upcoming revisions to NIST Special Publication 800-53 may change that.
Based on a risk management strategy that the NIST has termed “cyber supply chain risk management,” the publication will begin to introduce more aggressive standards for addressing supply chain security risks. The standards will force firms to confront the security issues threatening their foundational systems and require focused effort to achieve compliance.
A focus on secure software management is a wise way to manage the shift toward heightened security standards in supply chain management. Organizations configuring software from the ground up can build security into the development and testing process, making sure their programs are capable of sustained resilience against cyber attacks. Over the medium- to long-term, this approach should prove less invasive against the efficiency of programs, as teams will not have to compromise processes and programs to retroactively apply security standards.
For organizations looking to introduce security into the software development cycle, a couple moves could provide a fast start. First, an assessment of current resources and architecture can offer a clear indication of the kinds of vulnerabilities tending to affect critical systems. From there, teams can begin to close gaps while consulting with security partners to establish a secure approach to development and software assurance practice.
Lunarline offers a range of software assurance products and consultative services that can help your organization achieve a secure development lifecycle for supply chain management programs. To learn more, contact us today.