Scale, whether it is physical or logical, brings some interesting security challenges. The fundamental issues are oversight, assurance and misplaced trust.
Extended enterprises and supply chains are a contemporary case in point. With IT systems and processes integrated across traditional boundaries understanding the totality of a system becomes nigh on impossible. And if you don’t have that ‘helicopter view’ how can you really assess the threats, exploitable vulnerabilities and most importantly the risk to your information assets that are now out of your control?
Compliance audits can go someway to help, but you’ll still not know what you don’t know. And can you always be sure that your partners’ are absolutely doing their bit to ensure you’re covered?
So, would you sign off, accept and be responsible for the risk on something that you weren’t 100% (or even 90%, 80%, 70%, 60%…. pick any percentage!) sure about? How lucky do you feel?