Today’s technology environment is increasingly complex. Businesses must balance multiple competing objectives and deliver on multiple strategies concurrently. Organizations need to focus on hiring the best skills, worldwide, while also protecting critical infrastructure and data from security threats. IT services must secure not just their technology but also their people: a global workforce of employees, contractors, contingent workers and third parties. This process is what we refer to as “securing the services supply chain.”
Tehama’s launch event in New York City brought together IT and security experts from a broad range of industries to discuss the growing opportunities and threats of services supply-chain security. Here are just a few key takeaways.
Extend trust across your global workforce
Tehama SVP Gene Villeneuve introduced the morning with the promise of strategic IT outsourcing as the foundation for innovation. This means businesses must not only hire the best skills to be able to compete at a fast pace, but also implement systems that allow for trust and work delivery across different rings of the workforce ecosystem. (We’ll talk more about this in a future blog post.)
Recognize the security challenges of the supply chain
Top security expert Bruce Schneier discussed the security challenges of a world where everything is now a computer—our phones, our cars, our household appliances—and everything is connected. Bruce commented: "I read an article [that said] you can hack a smartphone through a malicious replacement screen. So the problem is, we cannot trust anyone, yet we have no choice but to trust everyone." He also stressed the continued inevitability of a distributed workforce: "Our industry is fundamentally international, and mostly people are ignoring this problem. I see security starting to fray just as everything becomes connected and critical." Listen to the complete keynote presentation here.
Align your business incentives by aligning new technologies with secure systems
Getting security and business aligned through highly secure systems is the key to innovation, said Mark Ryland of Amazon Web Services, Office of the CISO: “For many businesses, security is just a cost. They think, ‘How can we avoid spending this money? We haven’t been whacked yet.’ The incentives [between business and security] are not properly aligned. At a large-scale provider like AWS, it's exactly the opposite: our interests are strongly aligned with building highly secure systems. Our whole business depends on isolation control of our customers. We're able to innovate and invest an incredible rate to build technologies that no individual customer would ever be able to afford to build because we can amortize that cost over a massive customer base.”
Bob Usher, Head of Risk at Garrison, agreed, demonstrating how new technologies make it possible to provide “the thing that makes business happen at the accelerated rate needed for our digital transformations. When you can say, ’Oh by the way, it's secure’, [the possibilities] are really quite amazing.”
Secure your supply chain to secure your future business
Mike Paylor, VP of Product and Engineering at Upwork, gave an inside look at how the world’s largest freelancing marketplace is securing the future of work: “A secure supply chain is important not only for the continued operation of our business internally, but the growth of our business in categories such as IT and web development. We need continued innovation to foster secure communication, development, and reviews of work such as code reviews.” Mike added that developing systems for protecting customers’ IP is a top priority for the company as they aid enterprise innovation.
Don’t let regulation stop innovation
Supply-chain security gets even more complex when you consider the role of regulatory laws and compliance mandates. Practical implications of regulation were raised by Mark Benson, CTO at Exosite, Mario Camaj, Head of Solution Offering at Netfoundry, and Bradley Cardwell, Global Director of Channel Development at Canonical (Ubuntu). Their big takeaway: Regulation is a challenge but there's something to be said for getting the innovation ball rolling by focusing on a series of small ideas that have measurable impact over time.
Subscribe for more posts (coming soon!) about the event and expert insights.