A Dive into Software Supply Chain Security with Schneider Electric’s Cassie Crossley

The SecurityANGLE

In this episode of the SecurityANGLE, Shelley Kramer, managing director and principal analyst at theCUBE Research, is joined by fellow analyst, engineer and member of theCUBE Collective community, Jo Peterson, for a conversation with Cassie Crossley, VP of supply chain security, cybersecurity and product security office at Schneider Electric.

Check out the latest from theCUBE, including upcoming tech events https://www.thecube.net/

Before we dive in, we start with some background on Schneider Electric, a French multinational company specializing in digital transformation and energy management. The company combines energy tech, software, real-time automation and services to transform homes, buildings, data centers, infrastructure and industries. 

Earlier this year, the company launched its new Industrial Digital Transformation Services, which are designed to help industrial enterprises achieve future-ready, innovative, sustainable, effective and end-to-end digital transformation.

Follow theCUBE's wall-to-wall coverage as the roving news desk for SiliconANGLE reports live from tech's top events https://siliconangle.com/category/cube-event-coverage/

Why is there a focus on software supply chain security? Supply chain security is the management of the supply chain that focuses on risk management of external suppliers, vendors, logistics and transportation. It's safe to say that today's supply chain and the security of the supply chain play an outsized role in successful digital transformation initiatives. 

The proliferation of software throughout the tech stack potentially exposes organizations to greater risk than ever before, which makes managing and securing the supply chain crucial when it comes to the ability of vendors to deliver software releases that are trusted and reliable and for end-user customers to know they are using software developed with security as a foundational element. 

Our conversation today covers:

• Why the focus on third-party cyber risk management and what makes that so critically important today?

• Crossley shares suggestions for other supply chain pros on three ways a strong supply chain security program can help identify, analyze and mitigate risks associated with working with outside vendors and organizations as part of your supply chain.

• Smaller firms often don’t have dedicated application or supply chain experts. Crossley shares advice on how organizations of any size can implement a software supply chain security program.

• The Lehigh Business Supply Chain Risk Management Index was released on March 29th showing that cybersecurity was identified as the #1 risk for the fifth straight quarter and, not surprisingly, generative AI has become a concern for supply chain managers. 

Zach Zacharia, associate professor of supply chain management and director for the Center for Supply Chain Research at Lehigh, said that thoughts about generative AI and how that might increase their companies’ vulnerability was identified by survey respondents as the second highest risk after worries about customer risk. Crossley shares her thoughts on the risk generative AI poses as it relates to the software supply chain and gives advice on how to think about navigating that.

• We explore the risks that generative AI brings as it relates to software supply chain and how to combat those, as well as give our thoughts on what makes a supply chain resilient.
 
As we wrap the show, we discuss the reality that there are no established, one-size-fits-all guidelines for software supply chain security, and we leave the audience with thoughts on a few of the crucial elements needed to develop a strategy, as well as give advice on how to get started.

Visit theCUBE Research for the latest in tech news https://thecuberesearch.com

To listen to explicit episodes, sign in.

Stay up to date with this show

Sign in or sign up to follow shows, save episodes, and get the latest updates.

Select a country or region

Africa, Middle East, and India

Asia Pacific

Europe

Latin America and the Caribbean

The United States and Canada