Cloud Security Perspectives and Insights

A Tale of King Arthur's Supply Chain Risk

Greg Jensen
Sr Principal Director - Security - Cloud Business Group

We have all heard the rumors about trusted technology vendors who were compromised by nation states through supply chain compromises (SCM), but this is an age-old issue.  Hundreds of years ago, kingdoms were born out of the dirt, and came into power by consolidating their armies and resources behind mighty fortresses.  Even in the times of King Arthur, castles sometimes fell by the sword, sometimes by mythical dragons and sometimes because of food supplies. The untold story of the castle was the supply chain risk.  For those at this week’s Oracle MBX Conference, this conversation is being shared.

The ability of the castle model to work was based upon, four key factors. 

  1. The ability to secure the keep (the crown jewels/gold) and the royal family
  2. The ability to provide security for the kingdom using the king’s armies
  3. In return, the people, provide the provisions and materials that the kingdom consumes
  4. Inner-kingdom trade is ensured to the people by the kingdom

The challenge for any king is, how do you ensure materials and goods, are not compromised? How do I ensure that a 500% increase in grain does not alert my enemies to my plans for war, by marching my armies? How do I ensure somebody is not skimming grain out of every delivery to my customers while accepting the full price of silver?  These are the concerns that keep kings and CEOs awake at night.  

The threat landscape today is very much like that of the past.  Supply chain is under risk of financial fraud, theft, and worse…an attacker slipping a dead fish in a supply of dairy, has the potential of injuring or killing the king’s army.  This is a supply chain compromise and we see it in modern times with the risk of attackers penetrating supply chain systems to receive counterfeit chip-sets in the production of a TV or video conference system. Little did anybody realize, but a video processing chip produced in Austin, was replaced with one made by a foreign intelligence agency for the sole purpose of collecting information on their adversary or gaining an advantage in the IP wars. 

Oracle Cloud Applications have undergone tremendous strides in recent years to ensure the security of the cloud platform itself, but to help identify areas of supply chain risk, highlight potential fraud and look for suspicious behaviors that we can identify through our edge control technologies in Oracle Cloud Infrastructure

Today, the kingdom has more tools than ever at their disposal to help mitigate the risks targeting their suppliers and providers.  The key question is, are you driving this strategy like a king, or just entertaining it like the court’s jester?  Time for serious planning. 

For more information on how Oracle and KPMG can help you with uncovering the risks and threats of your own “kingdom”, download your free copy of the Oracle and KPMG Cloud Threat Report 2019 where we highlight the challenges and leading practices for a secure cloud application journey.

Also, join Brian Jensen (KPMG) and I as we discuss these key application challenges around SCM, ERP, HCM and CX, in our April 17th webcast event. Register now for the KPMG ERP Risk Series: Oracle and KPMG Cloud Threat Report webcast and start your planning, regardless if you are a CEO or the king of your castle.

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.