The vetting and risk assessment process is extensive and controls must be tailored and functional. It is important to capitalize on the capabilities and potential synergies across your entire security structure (as well as potential partners) to implement an effective supply chain security program. Disparate and siloed organizational structures can prove less efficient, less effective and costly.
As highlighted in a technical paper released by Mitre, the continuing strategy changes by our adversaries in attacking various organizations, agencies and companies involves ‘blended operations that take place through the supply chain, cyber domain, and human elements.’ While the nature of these attacks and their methodologies may be well understood in hindsight, the concerted and coordinated effort at all levels to prevent, identify and mitigate them is still evolving. A true risk-based security approach, the report defines, ‘should be viewed as a profit center for the capture of new business rather than a “loss” or an expense harmful to the bottom line.’ While compliance with stringent security standards can be costly, it should not be overlooked or shortcut for short term savings potentially putting future business success or national security in jeopardy.
Recent and rapidly advancing network enablement of many, if not most, business tasks in today’s world provides the benefits of linking multiple internal and external parties to yield amazing progress. However, this enablement also introduces significant security and compliance concerns with regards to identifying and mitigating risk. It’s not feasible to actually deliver uncompromised products/services if the focus is only on the internal supply chain or if suitability is vetted independently by disparate departments.
Although the actual implementation of technology in physical security to assist with data analytics has often lagged behind commercially available product capabilities and the cyber discipline, moving towards a more collaborative and data driven approach is the only sensible way forward. Not only are the tools and information available to physical security practitioners today, the competencies are crossing traditional boundaries to be more proactive and preventative rather than responsive. Through the use of tech enabled tour systems, incident management programs, communication applications, AI cameras, and remote guarding capabilities, to name a few, opportunities to do much more are abundant. Utilizing people and technology to gather data, process and utilize that information in collaboration with information security and other organizational stakeholders increases the potential to mitigate risk.
Successful convergence of information security and physical security departments can present several points of failure, as is the same with any organizational change. While their primary areas of focus are inherently different, there are synergies that can be found in connecting the two and both should be singularly focused on protecting the business enterprise wide. Aligning the larger security mission through a uniformed approach provides valuable and timely insight, best practices and a shared services model that assist leadership and personnel evaluate the risks in business decisions that impact the ability to secure your supply chain. The key take away is that this results in doing more, protecting more, and providing a larger value added service to illustrate and evaluate potential risks before decisions are made.