ID Number: G00238476



Maverick* Research: Living in a World Without Trust: When IT's Supply Chain Integrity and Online Infrastructure Get Pwned
5 October 2012
 
Neil MacDonald   Ray Valdes  

Enterprise IT supply chains will be targeted and compromised, forcing changes in the structure of the IT marketplace and how IT will be managed moving forward. (Maverick research deliberately exposes unconventional thinking, and may not agree with Gartner's official positions.)





*
Unavailable for individual purchase
For information on how to gain access to this and other documents,
click here.













Contact Gartner




For information on how to gain access to this and other documents, click here.
 You or your organization may already own this document. Register now to find out. Your Gartner Membership Administrator can supply the needed License Key(s).
You will not lose your document during registration.
Sign in here:
Username:

Password:
Forgot your username
or password?







This document is not available as part of your current Gartner subscription. For pricing and availability of the full document, please contact your Gartner account representative. Your account representative can also give you more information about your current subscription and other access options that may be available to you. If you do not have a Gartner account representative, call +1 203 316 1200 for assistance.

Table of Contents

Contents
  • Analysis
    • *Maverick Research
    • Supply Chain Integrity Is Increasingly Relevant to Enterprise IT
    • Supply Chain Integrity Is Not New, but Problems Are Increasing
    • Why IT Supply Chain Integrity Is Becoming a Critical Issue Now: Motivational Changes
    • Why IT Supply Chain Integrity Is Becoming a Critical Issue Now: Technical Changes
    • The Result: Unmanageable Complexity, Unmanageable Risk
    • Insights and Recommendations From Recent IT Supply Chain Issues
      • Incident No. 1: Counterfeit Cisco Routers in the Supply Chain
      • Incident No. 2: Huawei Banned From Western Government Deals
      • Incident No. 3: Stuxnet Cyberwarfare Attack on Iranian Nuclear Infrastructure
      • Incident No. 4: Flame Disclosed as Reconnaissance Element of Stuxnet
      • Incident No. 5: ZTE Phone Backdoor
      • Incident No. 6: 2012 Backdoor in Chinese-Manufactured FPGAs
    • Other Examples of Potential IT Supply Chain Integrity Compromises
      • Recommendations
    • Absolute Trust in IT Supply Chains Is Naive: Adopt Mistrust as a Guiding Principle
    • Rebuilding Trust in the IT Supply Chain: Maverick Implications
    • Changes in Mindset for Enterprise IT
    • Trust Resiliency
    • Bottom Line
  • Recommended Reading
Figures
Figure 1.
Typical IT Supply Chain for Hardware
Figure 2.
Typical IT Supply Chain for Software
Figure 3.
Shifting Attacks Up and Down in the IT Stack
Figure 4.
Physical Differences in Counterfeit Cisco Routers
Figure 5.
Vulnerable Library Downloads
Figure 6.
RSOT
Figure 7.
Trusted Processor and Virtualization Platform




© 2012 Gartner, Inc. and/or its Affiliates. All Rights Reserved. Reproduction and distribution of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner's research may discuss legal issues related to the information technology business, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The opinions expressed herein are subject to change without notice.




Resource Id: 2188715