Buyers, continue to question and evaluate vendors, says Huawei
Huawei has released its December 2014 white paper, which focuses on what buyers should ask their technology vendors.
Titled ‘Cyber Security Perspectives: 100 requirements when considering end-to-end cyber security with your technology vendors’, the report documents the top things Huawei customers ask in relation to cyber security.
Huawei says while the white paper is based on questions posed to them, it provides insight into cyber security processes and best practices. To ensure consistency in this area, Huawei scanned more than 1,200 ‘standards’ or best practice articles.
The top 100 provides a starting point to mitigate risk when evaluate a suppliers capability on cybersecurity.
Key areas addressed in the white paper include: strategy governance and control; verification; third party supplier management; manufacturing; delivering services securely; issue, defect and vulnerability resolution; and audit.
Over the past year, a more pragmatic approach to cyber security has been seen on a global scale, says Huawei, and standards relating to enterprises, governments and end users have been gradually formulated as a result.
The next phase, according to Huawei, will be the development of an accepted set of cyber security standards for hardware and software manufacturers.
John Suffolk, Huawei, global cyber security officer, says, "In almost every walk of life governments, regulators, industry and consumers have worked together to improve product quality and safety, yet in the security safety of ICT this has not really happened. We hope our white paper will go some way to start this process."
We are moving into a time when it is necessary to ask conisistent evauluation questions to all suppliers and for service providers to have the answers, says Huawei. They say the more demanding the buyer and the more consistent buyers are when asking for high quality assurance, the more likely ICT vendors are to invest are to raise their security standards.
Huawei says more companies will be forced to detail the approach they take to cyber security and what analysis and assessment they undertook on their technology vendors and service providers.
Bruce McConnell, EastWest Institute, senior vice president, says, "Huawei’s report provides much needed support for addressing one of the most vexing problems in cyber security today. The list of questions across 11 categories provides a strong foundation for valuable dialogue between customers and their vendors and suppliers."
Vendors, buyers, companies and policy advisors are encouraged to make suggestions on how the white paper could be improved.