Gartner Blog Network


Digital Security for the Supply Chain

by Mark Atwood  |  October 19, 2016  |  Submit a Comment

A digitally vulnerable Supply Chain can lead to disruption of actual operations.  It can also lead to significant damage to brand and reputation, product safety and integrity issues, loss or theft of intellectual property, and substantial fines and fees.  Given the stakes, security is a top concern for Supply Chain leaders.  In our studies of Supply Chain senior executives, “cybersecurity” has been ranked as the top worry for the last two years.

Digitalization has blurred the line between how information is secured and how physical environments are secured, requiring a shared security strategy and planning.  The term “cybersecurity” does not adequately capture the physical and the information worlds that are increasingly merging. This can lead to confusion and incomplete approaches to dealing with the expanded threat to the Supply Chain. Therefore, a new approach to governance, planning and management that Gartner designates as “digital security” is required to denote the digital effects on both information and physical environments of the Supply Chain.

Digital security uses the tools and techniques of IT for data and software as well as engineering-oriented techniques from OT, the IoT and physical security automation and management.  Both types are also used in product security to minimize vulnerabilities, maintain system integrity, allow access only to approved “entities” (human and machine) and protect assets.

Digital security is an issue for all business processes and capabilities.  Supply Chain, however, stands alone in the number of “handoffs” that typically occur from raw material to delivery of finished good with the customer or patient.  All the functional areas of an integrated, end-to-end Supply Chain — plan, source, make, deliver, and customer service — are potential touchpoints where threats could occur.  Also, many products are now combinations of digital and non-digital components.  This is becoming more prevalent with the proliferation of smart products and as a result, focusing on product security becomes increasingly important.  Further, many highly complex and multi-tier handoffs exist between a company and its extended network of suppliers and customers.  Given this, Supply Chain offers nearly immeasurable vulnerable points at risk of harm.

Digital security for the Supply Chain requires the governance, management and development of operational processes.  It uses security tools and techniques for protecting information and physical assets to achieve regulatory compliance, and maintain privacy, safety and resiliency across the supply chain.

Our recently published Best Practices note, Take an Integrated Approach to Improve Digital Security for the Supply Chain, details the digital security risk to the Supply Chain and offers a conceptual framework and recommendations for Supply Chain leaders struggling with this highly fragmented topic.  This research is available to Gartner Supply Chain clients.

Category: information-security  security  

Mark Atwood
Managing VP
11 years at Gartner
24 years IT Industry

Mark Atwood's experience includes more than 23 years of work that spans research, consulting, strategy and operations, and marketing. He also brings an IT end user's perspective to his role. Mr. Atwood is a Managing Vice President within Gartner's Supply Chain Research organization. He is the Team Manager for the Industries Value Chain team, which covers healthcare/life sciences, consumer packaged goods, retail, high tech, industrial, and process chemical from the supply chain perspective. Read Full Bio




Leave a Reply

Your email address will not be published. Required fields are marked *

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.