Page 2 of 2
Meanwhile, software can also be vulnerable. Middleware, language platforms, virtual machines and operating systems are frequently targeted and should be checked for package tampering and valid certificates.
"People attempted to insert back doors into Linux," Gartner's MacDonald said. "Open source is great and convenient, but a lot of these libraries are vulnerable. Some research suggests as much as 39 percent of the libraries are vulnerable. This is as much of a supply chain issue as selling contaminated hamburger. You cannot in good conscience bring the product to market."
MacDonald also related an example regarding back doors that came pre-installed on ZTE Score M smartphones being shipped to the United States.
"ZTE says it was just a software bug, but if that was the case, why wasn't it on all of the handsets, not just the ones going to the United States?" he asked.
These issues clearly factor into concerns by the U.S. and other governments about the use of equipment from ZTE and Huawei.
"Nothing has been publicly disclosed that shows that Huawei has done anything," MacDonald said. "But there are clear concerns about their alleged ties to the Chinese government, the formation of the company, how it is managed and similar factors. There is a genuine lack of transparency, and questions about whether or not they are truly independent from the Chinese government."
MacDonald added that Australia, Canada and the U.K. are also questioning the relative security of Huawei products. He expects that other countries will follow suit.
Gartner predicts that by 2016, a new, publicly disclosed, IT supply-chain-integrity-related incident, costing millions in remediation and data loss, will affect at least 25 percent of the Global 2000. The company further predicts that more than one-half of the data in enterprise storage will be encrypted by 2020, compared to five percent this year.
"There is no perfect security but that does not mean that we cannot raise the bar," MacDonald concluded.