Sitemap
The Startup

Get smarter at building your thing. Follow to join The Startup’s +8 million monthly readers & +772K followers.

Member-only story

Everything’s a Supply Chain — Securing the Delivery of Infrastructure in the Cloud

--

There has been a lot of dialogue concerning “supply chain attacks” recently, especially after the SolarWinds incident thrust it to the forefront. When “supply chains” are discussed, most analysis tends to focus on that of the software supply chain — build systems, dependencies, libraries, and other components of the software package that can lead to unintended code execution.

In fact, this is what is believed to have been part of what was at play for SolarWinds; an unexpected piece of code was added to the software early enough in the build process that the final binary was still signed by SolarWinds itself.

But in cloud-based software delivery models, the supply chain encompasses not only the delivery of software, but delivery of the surrounding infrastructure components as well. Consider a modern cloud-based SaaS application. It may have tens, or even hundreds of moving pieces that are each responsible for delivering the complete infrastructure solution: the software build components, shared or imported instance images, infrastructure as code templates, storage buckets, and scores of other proprietary cloud services that combine to deliver the application and its underlying infrastructure to end users.

--

--

The Startup
The Startup

Published in The Startup

Get smarter at building your thing. Follow to join The Startup’s +8 million monthly readers & +772K followers.

Matt Fuller
Matt Fuller

Written by Matt Fuller

Founder of @CloudSploit , acquired by @AquaSecTeam . Former Infra / Security / Manager @Adobe , @Aviary & @Mozilla intern, @RITtigers grad, @NYC resident

No responses yet