Managing risk in the digital supply chain [Q&A]
You may be aware of risks and problems in your own business, but increasingly it's possible to be exposed to issues by other organizations that you deal with, particularly if you're buying in IT services.
How can enterprises deal with these threats and ensure that their data and that of their customers is kept safe at all stages of the supply chain? We spoke to Dean Coleman, head of service delivery at service management and support specialist Sunrise Software, to find out.
BN: How difficult is it for larger organizations to manage problems that might occur further down the supply chain?
DC: It can be quite difficult, historically most organizations have a handle on risk in terms of what's going on in the business, financial targets and so on. But when it comes to IT risks and the supply chain providing IT they don't have the same visibility. These days IT is everywhere and businesses depend on it so IT problems have a larger impact. The understanding of risk needs to be something that key decision makers are more aware of.
BN: Is this a particular problem when dealing with smaller companies who might not have resources in house?
DC: Yes, from the supplier side of the fence we see that smaller organizations often don't have the skills in house to deal with security, infrastructure, and so on. They rely heavily on these services but don't see them as a core part of their business. Because they don't have the skills and resources they will often turn to third parties to manage these things for them. However, in some cases the third parties also don't do a very good job, they’ll be providing reactive services rather than the proactive ones that are really needed to predict problems based on risk.
BN: Is this something larger companies need to address in their service agreements with smaller ones?
DC: Definitely, it's essential that they do. They should be offering services that highlight back to their customers what the potential risks are and what the impact of those risks could be. They also need to highlight where changes and improvements are needed and where investments will be most effective. Information from service providers can allow businesses to make effective decisions.
BN: Is it about more transparency at all levels?
DC: Not only does the customer benefit from having better information to make decisions, it helps the service providers themselves because they're highlighting the risks of, say, a server failure. While service providers might be responsible for keeping systems up and running they don’t necessarily have direct control of the hardware and infrastructure involved. This can leave them in a position where they can highlight a risk -- like a server running short of disk space -- but it's down to the customer to take action.
BN: How much emphasis should there be on education since the human factor is often the weakest link?
DC: There is an element of that, education is always key when it comes to IT. People need to be aware of issues like phishing, although services like filtering are now very effective there’s always a risk of things like fake invoices getting through and catching users unawares.
BN: What challenges will service providers face in future?
DC: One of the struggles for service providers is how they manage risks, keep track of them and make sure their customers are aware of them. They need to regularly report back to customers with risk assessments and the potential impact they can have, plus recommended courses of action. Most providers will now have very good tools to ensure that systems are kept up to date rather than relying on spreadsheets and older methods. they’re now able to link risks not only to infrastructure but to specific services or people they could directly affect.
BN: Does this ultimately lead to providing a better service because you have a more resilient system?
DC: Yes, if you're aware of and managing the risks and have plans to mitigate problems then the services you provide should improve. The availability should increase because you’re taking a more proactive approach, and as a service provider it also leads to opportunity for more revenue, selling services, technology, project management and so on. Greater transparency leads to a better relationship with the customer and the opportunity to quote for more business.
Image Credit: jannoon028 / Shutterstock