Building a Business Case for Services Supply Chain Security

Gene Villeneuve

As an IT or security expert, you already know that to leverage your global workforce effectively, you need to secure your services supply chain. Remote workers, your contingent workforce, and third parties all need controlled and monitored access to secured corporate assets. They also need to adhere to regulatory compliance standards such as GDPR, SOC 2, and FIPS. And for business agility, everyone needs fast and easy access, compliance and collaboration.

But how do you convince the people in your organization who have the spending power? In a large enterprise, that’s the CIO and/or CISO. In a smaller enterprise, it’s the Head of IT. If you’re a vendor providing services to enterprises, it can be any of these people, depending on the size of your company.

The launch event (click here for a recap) included a panel discussion by IT and security experts on Building the Business Case for Services Supply Chain Management. Here are just a few key takeaways.

Building awareness of supply chain security options is key

Our panel experts all agreed that, while many organizations have adopted the strategy of migrating their data centers to the cloud, a lot of people still don’t know about the alternatives to shipping laptops for end-user computing—which is costly, time-consuming, and risky.

Mark Ryland of Amazon Web Services, Office of the CISO, commented that

“A lot of people are just not aware of how easy it is to set up these virtual desktops. They also don’t realize the cost savings of pay-as-you-go pricing compared to traditional virtual desktop infrastructure (VDI), when they needed to buy 20 racks of server gear to run their own VDI solution.”

Bob Usher, Head of Risk at Garrison, agreed that “The expense of old school VDI was huge, and usability wasn't always great.”

Explain that compliance can be easy and automated

For both enterprises and IT service providers, ensuring compliance is paramount. All the panelists had “stories from the trenches” of passwords being sent by email and workers figuring out how to get around security policies because they are onerous and work just needs to get done…somehow. SVP Gene Villeneuve spoke to the need for automation and “a software-defined mechanism to enforce adherence with the policies defined in contracts.”

For small vendors, supply chain security products with this automated compliance built in can reassure a client’s risk officer or auditor that the vendor has the ability to enter into corporate supply chains.

Álvaro Hernández Tortosa, Founder of Ongres, summed up the situation by saying,

“With platforms like, you can make this cost significantly go down for work trouble, at minimal risk levels, while still providing the same warranties to customers.”

Security is not just a cost—it’s a business enabler

The business case for services supply chain security is about much more than cost-effectively mitigating risk and ensuring compliance; it’s also about achieving business agility. Faster onboarding—in days instead of weeks or even months—improves your time to market. Better collaboration increases productivity. And all of this improves your business. “Getting security and business aligned through highly secure systems is the key to innovation, said Mark. “For many businesses, security is just a cost. They think, ‘How can we avoid spending this money?’ The incentives [between business and security] are not properly aligned.” Bob agreed: “Security has become known as “the people who say ‘no’—but new technologies make it possible to provide the thing that makes business happen at the accelerated rate needed for our digital transformations."

Building a business case

For more information about how supply chain security can help you accelerate your business,
visit the website.

More Posts

Subscribe Here!