HPE is dedicated to enhancing and sustaining a secure and resilient supply chain environment to protect its customers against cyber threats, thus ensuring the security and efficiency of their business operations. The company is committed to investing in cybersecurity measures across its value chain and developing innovative solutions to reinforce the safety and transparency of its supply chain.
In order to safeguard its customers, HPE implements stringent factory controls, access restrictions, and physical security protocols to prevent unauthorized entry into the supply chain. The company utilizes secure factory transmissions for both internally and externally developed applications, ensuring that data is transmitted securely over protected channels and hosted in a secure environment. Regular virus scans are conducted on updated and patched systems to maintain the integrity of the supply chain.
HPE has taken steps to minimize potential infiltration by reducing the number of software build environments and conducting quarterly assessments of software vendors to ensure compliance with security protocols. Software Bills of Materials (SBOM) are generated and managed using secure system tools throughout the product lifecycle to enhance supply chain security.
The company refers to research by Cybersecurity Ventures, which predicts that software supply chain attacks will result in global economic losses of $60 billion by 2025 and $138 billion by 2031. HPE attributes the increase in these security threats to the widespread use of open source software, coupled with the lack of software provenance, leaving software supply chains susceptible to cyberattacks. Attack vectors such as code signing, software updates, and open source code pose significant risks to supply chain vendors and their customers.
Oseloka Obiora, the CTO of RiverSafe, emphasizes that the complexity of modern supply chains, which rely on intricate digital connections, inherently presents security risks. HPE’s dedication to enhancing supply chain security reflects a proactive approach to addressing these challenges and protecting its customers from evolving cyber threats.
Overall, HPE’s commitment to investing in cybersecurity measures, implementing strict security protocols, and collaborating with external partners exemplifies its dedication to safeguarding its supply chain and ensuring the resilience and transparency of its operations. By actively addressing cybersecurity threats, HPE underscores its commitment to securing its products and services and maintaining the trust and confidence of its customers in an increasingly interconnected and vulnerable digital landscape.
Article Source
https://supplychaindigital.com/articles/hpe-protecting-supply-chain-software-from-security-attacks