Gartner Says IT Supply Chain Integrity Will Be Identified as a Top Three Security-Related Concern by Global 2000 IT Leaders by

  Gartner Says IT Supply Chain Integrity Will Be Identified as a Top Three
  Security-Related Concern by Global 2000 IT Leaders by 2017

Gartner's Maverick Research Special Report Sparks New, Unconventional Insights

Gartner Symposium/ITxpo 2012

Business Wire

STAMFORD, Conn. -- October 18, 2012

Enterprise IT supply chains will be targeted and compromised, forcing changes
in the structure of the IT marketplace and how IT will be managed moving
forward, according to Gartner, Inc. By 2017, IT supply chain integrity will be
identified as a top three security-related concern by Global 2000 IT leaders.

These findings are produced as part of Gartner's Maverick research. Maverick
research is designed to spark new, unconventional insights. Maverick research
is unconstrained by our typical broad consensus-formation process to deliver
breakthrough, innovative and disruptive ideas from our research incubator.

Supply chain integrity is the process of managing an organization's internal
capabilities, as well as its partners and suppliers, to ensure all elements of
an integrated solution are of high assurance. The need for integrity in the IT
supply chain is necessary, whether the solution is developed in-house or
purchased from a third party.

"IT supply chain integrity issues are real, and will have mainstream
enterprise IT impact within the next five years," said Neil MacDonald,
research vice president and Gartner Fellow. "In the shorter term, the market
for information security offerings will fragment along geopolitical lines. In
the longer term, the same will happen for OSs and other IT system
infrastructure software, reshaping the IT landscape moving forward. Enterprise
IT departments must begin to make changes today to protect their systems and
information in a world where all IT systems are suspect. These changes in
information protection strategies will help enterprises embrace and adopt
cloud computing and consumerization, which have strikingly similar issues with
untrusted systems."

"IT supply chain integrity issues are expanding from hardware into software
and information," said Ray Valdes, research vice president at Gartner. "They
are growing more complex as IT systems are assembled from a large number of
geographically diverse providers, and, now of mainstream concern to enterprise
IT. These issues are not just about defense and intelligence. This has
significant implications for businesses, governments and individuals moving
forward in a world where the integrity of the IT supply chain is no longer
completely trustable, and where all layers of the IT stack will be targeted
for supply chain compromise."

The IT supply chain has become more complex, fine-grained, globally
distributed and volatile in the sense that rapid change provides the
opportunity to introduce compromises. Hardware vendors are increasingly
outsourcing not just manufacturing, but also design to OEM suppliers and
contractors located in Asia and India. In some cases, established Asian
suppliers are outsourcing to emerging economies, such as Brazil, Vietnam and
Indonesia. This is a complex problem, since most hardware systems are a
conglomeration of components and subsystems procured from a large number of
individual providers.

However, Gartner analysts said most hardware systems include software-based
elements (at a minimum, firmware and drivers), with the trend to shift more
intelligence out of hardware and into software. In an information- and
software-based economy, IT supply chain integrity must extend to include the

Software supply chains — This includes components, frameworks, middleware,
language platforms, virtual machines (VMs) and operating systems (OSs), but
also the software infrastructure and environment for software distribution and
updates (such as DNS, identity, application store packaging and digital

Ensuring the integrity of software supply chains is a more difficult problem
because of the increased use of offshore development, the relative ease of
cloning software, and the ongoing need to keep software patched and updated
via trusted mechanisms.

Information supply chains — Information is now becoming available from a
variety of sources — from partners, suppliers and cloud-based services, such
as data from Google Maps, Twitter, Facebook and Amazon. This information can
be incorporated into connected applications, information marketplaces and the
information integrated from partners in an extended supply chain ecosystem.
Critical decisions will be based on information assembled from many other
sources, creating a similar supply chain integrity issue to that of hardware
and software.

Additional information is available in the report, "Maverick* Research: Living
in a World Without Trust: When IT's Supply Chain Integrity and Online
Infrastructure Get Pwned." The report is part of the Gartner Special Report
"Drive Disruptive Innovation with Maverick* Research." This Special Report
explores high-impact future scenarios that help companies think differently to
uncover opportunity and enable innovation. This collection of research is
intentionally disruptive and edgy to help IT leaders get ahead of the
mainstream and take advantage of trends and insights that could impact their
IT strategy and their organization. The Special Report is available at

Mr. MacDonald and Mr. Valdes will provide additional analysis at Gartner
Symposium/ITxpo in Orlando, October 21-25.

About Gartner Symposium/ITxpo

Gartner Symposium/ITxpo is the world's most important gathering of CIOs and
senior IT executives. This event delivers independent and objective content
with the authority and weight of the world's leading IT research and advisory
organization, and provides access to the latest solutions from key technology
providers. Gartner's annual Symposium/ITxpo events are key components of
attendees' annual planning efforts. IT executives rely on Gartner
Symposium/ITxpo to gain insight into how their organizations can use IT to
address business challenges and improve operational efficiency.

Additional information for Gartner Symposium/ITxpo in Orlando is available at Follow news, photos and video coming from
Gartner Symposium/ITxpo on Facebook at!/GartnerSymposium, and on Twitter at and using #GartnerSym.

Upcoming dates and locations for Gartner Symposium/ITxpo include:
October 21-25, Orlando, Florida:
October 29-31, Sao Paulo, Brazil:
November 5-8, Barcelona, Spain:
November 12-15, Gold Coast, Australia:
March 5-7, 2013, Dubai, UAE:

About Gartner

Gartner, Inc. (NYSE: IT) is the world's leading information technology
research and advisory company. Gartner delivers the technology-related insight
necessary for its clients to make the right decisions, every day. From CIOs
and senior IT leaders in corporations and government agencies, to business
leaders in high-tech and telecom enterprises and professional services firms,
to technology investors, Gartner is a valuable partner in 12,000 distinct
organizations. Through the resources of Gartner Research, Gartner Executive
Programs, Gartner Consulting and Gartner Events, Gartner works with every
client to research, analyze and interpret the business of IT within the
context of their individual role. Founded in 1979, Gartner is headquartered in
Stamford, Connecticut, USA, and has 5,200 associates, including 1,280 research
analysts and consultants, and clients in 85 countries. For more information,


Gartner, Inc.
Christy Pettey, + 1 408-468-8312
Robert van der Meulen, + 44 (0) 1784 267 892
Press spacebar to pause and continue. Press esc to stop.