Supply Chain Transparency Doesn’t Extend To Security

We live in an ever-more unstable world in which massive disruptions, whether natural or man-made, are a frequent occurrence. Companies that make everything from aircraft to mobile phones to cappuccino need to be nimble – sidestepping global calamities that might idle assembly lines or leave customers without their morning cup of coffee. 

Sourcemap Laptop Map
Start-ups like Sourcemap allow companies to use social networking and data analytics to analyze supply chain relationships. But security risk is rarely part of the equation. (Image courtesy of

As in other areas, the benefits of technology advancements like cheap, cloud based computing, remote sensors and mobility are transforming the way that companies manage their vast, global network of suppliers. These days, supply chain transparency is all the rage – allowing companies to share information seamlessly and in realtime with their downstream business partners and suppliers. Firms like the start-ups Sourcemap, and LlamaSoft are offering “supply chain visualization” technology that leverages a familiar formula these days: mobility, social networking, crowd-sourced intelligence, and “Big Data” analytics.

[There’s more to read about supply chain security on The Security Ledger.] 

However, as I write in a post over on BitSight’s blog today, transparency only goes so far. While companies might be able to use social networking like platforms to keep a close tab on delayed deliveries or production slow-downs, they do little to address one of the biggest third-party risks global firms face today: cyber security.

Specifically: despite the ability of global firms to have ever-more granular knowledge of their supply chain, there’s no easy way to grasp cyber risk. As I note:  visualization technology like that offered by Sourcemap might make it easy to see a way around weather-related disruptions or political instability.

They won’t tell you whether an otherwise trustworthy and reliable supply chain partner has been compromised by data stealing malware. And, as we know, the long-term consequences of that breach could be much more damaging to  your organization than a delayed shipment – especially if valuable intellectual property or business plans fall into the hands of a competitor. 

Check out the full post over on BitSight’s blog.

Comments are closed.