Understanding and implementing the 14 Cloud Security Principles – Part 8: supply chain security
Looking in detail at each of the 14 Cloud Security Principles and the specific guidance offered by National Cyber Security Centre’s (NCSC) on how to configure, deploy and use cloud services securely, next on the list is principle number 8: supply chain security.
What is supply chain security?
Supply chain security relates to the specific security measures applied to a company’s supply chain, its supply chain management and how threat-driven requirements are approached, mitigated and, ultimately, dealt with.
The company that is providing your business with cloud services must ensure that its own supply chain is supportive of each of the security principles being implemented. Many service providers will rely on third party products and services, so any compromise within the supply chain could undermine the security of the service and other security principles leaving your business exposed.
In order to review and understand supply chain security in relation to your company, the NCSC has some useful insight and advises that there are five common goals you should aim for. “You should understand and accept:
• How your information is shared with, or accessible to, third party suppliers and their supply chains.
• How the service provider’s procurement processes place security requirements on third party suppliers.
• How the service provider manages security risks from third party suppliers.
• How the service provider manages the conformance of their suppliers with security requirements.
• How the service provider verifies that hardware and software used in the service is genuine and has not been tampered with.
Having confidence in your supply chain security is a ‘must-have’ for every business. If after reading this blog post you have any queries about the 14 Cloud Security Principles and how to implement them successfully, please feel free to give any of our expert team here at etiCloud a call or drop us an email.
Next up: Secure user management