Security professionals rarely say that things are getting better on the threat side of information security. Underfunding IT security programs is a recipe for disaster.
Supply chain risk needs focus to be able to address the concern. If everything is “a supply chain risk,” then we can’t focus our efforts and hone in on a reasonable, achievable, practical and implementable set of practices that can lead to better supply chain practices for all, and a higher degree of confidence among purchasers.
Can the disciplines of architecture and information security do a better job of co-existence? What would that look like? Can we get to the point where security is truly “built in” versus “bolted on”?
The core dilemma in public cybersecurity: Balancing boundarylessness and data security. The solution isn’t easy, but long-term, it lies in not relying on the security of the pipes or the perimeter, but improving the trust and security of the data itself. Security needs to be associated with data and people; not the connections and routers that carry it.