Know Your Resellers to Ensure a Secure Supply Chain

As threats continue to grow around a secure supply chain, reducing the potential for risks is paramount when procuring products and services.  The reseller environment can be most vulnerable if risk assessment and appropriate vetting of vendors do not receive the attention it should. 

Security is still the number one concern of the Federal Government and CIO’s alike.  As a pain point, how do you mitigate that risk with an effective strategy?  Sterling’s Sr. Vice President and Secure Supply Chain advocate, Jeff Moore, has spent more than 17 years procuring technology in the Federal government.  With an extensive knowledge of the reseller risks and necessary measures required by the Federal government and military procurement staff, Moore led a task force that focused on a wide array of potential threats ranging from, cyber-attacks to counterfeit or gray market products. Gray market products, while often low cost and easy to access, may contain malicious software that could access and endanger protected data and/or financial information.  Moore outlines these risks in a recent Q & A with MeriTalk. 

Minimizing risk is always the goal.  As a reseller who works with the government and varying industries, companies like Sterling take action to protect customers.  Moore states that, “measures should be taken to protect customers from the potential for cyber threats, whether phishing attempts or ransomware to counterfeit or gray market products with malicious code and economic threats like theft of intellectual property are some that customers may face if supply chain security measures are not taken. These threats all come with varying degrees of complexity and unique risks.” 

As a reseller, companies like Sterling, connect the OEMvendorto the end-user, customer.  This is a great resource for customers who require multiple vendors to fulfill their procurement requirements.  A convenient, one point of contact approach to access multiple vendors, makes a reseller model such as Sterling, so desirable to government agencies and businesses alike.  Thus, the reason a secure supply chain model is firmly in place. 

Large OEM’s have secure supply chain practices of their own, but providing a comprehensive Supply Chain Risk Management (SCRM) plan at the reseller level provides an additional layer of risk assessment.  This will protect all involved to ensure that your reseller isn’t just a couple of guys, setting up shop in a garage with a website.   

The Federal Government and critical infrastructure owners and operators spend $500B annually on Information and Communication Technology (ICT), procuring from thousands of suppliers of all sizes.  Meritalk recently published an article outlining new and more stringent risk mitigation procedures that will continue to protect our three largest Federal Departments.  These include Defense (DoD), Commerce (DoC), and the Cybersecurity and Infrastructure Security Agency (CISA) in the Department of Homeland Security.   

Moore states, “You have to know your resellers. It starts with more time educating and training contracting officers and buyers to look beyond just the bill of materials and part number.”   

Risk and vulnerability exist within the Federal Government as well as, commercial business alike, which would potentially compromise network security and datacenters that house classified or confidential information. Without a secure supply chain where hardware, software, and network solutions and OEMs have been vetted, the vulnerability of a remote attack on those systems would result in unforeseen expenses.  Mitigating a cyber-attack or breach would require replacing compromised hardware, time, and manpower that could disrupt or halt operations or critical missions.  Once the damage has been done, it cannot be resolved.  A breach of classified or proprietary data could be a matter of national security and hinder business continuity.  Moral of the story, know your reseller. Moore and Sterling advocate fiercely to maintain a true secure supply chain. Sterling is O-TTPS Certified (Open Trusted Technology Provider Standard Certification), CMMC certified and has a detailed Supply Chain Risk Management (SCRM) plan in place so customers can be assured of secure product procurement. 

Read more from Sterling Sr. VP, Jeff Moore, on secure supply chain here published by Homeland Security


Share the Post: