The IT supply chain has become more complex, fine-grained, globally distributed and volatile in the sense that rapid change provides the opportunity to introduce compromises. Hardware vendors are increasingly outsourcing not just manufacturing, but also design to OEM suppliers and contractors located in Asia and India. In some cases, established Asian suppliers are outsourcing to emerging economies, such as Brazil, Vietnam and Indonesia. This is a complex problem, since most hardware systems are a conglomeration of components and subsystems procured from a large number of individual providers.
However, Gartner analysts said most hardware systems include software-based elements (at a minimum, firmware and drivers), with the trend to shift more intelligence out of hardware and into software. In an information- and software-based economy, IT supply chain integrity must extend to include the following:
Software supply chains — This includes components, frameworks, middleware, language platforms, virtual machines (VMs) and operating systems (OSs), but also the software infrastructure and environment for software distribution and updates (such as DNS, identity, application store packaging and digital certificates).
Ensuring the integrity of software supply chains is a more difficult problem because of the increased use of offshore development, the relative ease of cloning software, and the ongoing need to keep software patched and updated via trusted mechanisms.Information supply chains — Information is now becoming available from a variety of sources — from partners, suppliers and cloud-based services, such as data from Google Maps, Twitter, Facebook and Amazon. This information can be incorporated into connected applications, information marketplaces and the information integrated from partners in an extended supply chain ecosystem. Critical decisions will be based on information assembled from many other sources, creating a similar supply chain integrity issue to that of hardware and software. Additional information is available in the report, "Maverick* Research: Living in a World Without Trust: When IT's Supply Chain Integrity and Online Infrastructure Get Pwned." The report is part of the Gartner Special Report "Drive Disruptive Innovation with Maverick* Research." This Special Report explores high-impact future scenarios that help companies think differently to uncover opportunity and enable innovation. This collection of research is intentionally disruptive and edgy to help IT leaders get ahead of the mainstream and take advantage of trends and insights that could impact their IT strategy and their organization. The Special Report is available at http://www.gartner.com/technology/research/maverick/. Mr. MacDonald and Mr. Valdes will provide additional analysis at Gartner Symposium/ITxpo in Orlando, October 21-25.