How to deal with supply chain network security problems
With the rapid development of economic globalization and information technology, the global supply chain of network products and services has evolved into a complex system. Problems with any product component or supply chain link can compromise the security of network products and services, making many countries around the world realize how important it is to establish a safe and reliable supply chain of key information infrastructure for national industrial security, economic security, and long-term social stability.
Governments have successively formulated corresponding laws, policies, and standard requirements in recent years to guide and promote the development of the supply chain security market. Globally, the European Union, the United States, South Korea, and China place a high value on supply chain network security and have created a nearly perfect ICT supply chain security framework and environment.
EU: created a common certification framework for ICT products and services Through the network security law, the EU has established a unified certification framework for ICT products and services within the EU to ensure the integrity and authenticity of ICT products and services sold by the EU, and there are no known vulnerabilities in software and hardware. The general standard (CC) and the corresponding ISO/IEC 15408 and ISO/IEC 18045 standards form the foundation of the certification.
United States: increased supply chain security risk assessment and restrict foreign competitors The United States prohibits American individuals and entities from purchasing and using ICT technology equipment and services designed and manufactured by foreign countries that the United States believes may pose security risks to the United States by issuing an executive order. In collaboration with a number of government departments, the White House has established special organizations such as the federal procurement Security Committee and the CISA supply chain risk management task force to increase the review of supply chain security risks and centrally manage supply chain security from top to bottom.
China: reviewed of network security products and services According to China’s “network security review measures,” network products and services purchased by key information infrastructure operators must be subject to network security review in order to ensure the security of the key infrastructure supply chain. The relevant review will focus on whether the product has malicious tampering vulnerabilities, illegal remote control functions (such as using hidden interfaces, unspecified function modules, loading components that disable or bypass the security mechanism), and other risks of illegal control, interference, or destruction of key infrastructure, according to the requirements of the terms.
South Korea: authorized specialized agencies to carry out safety certification for ICT products South Korea’s act “promoting the use and protection of information and communication networks” indicates that the Ministry of science and information and communication technology may authorize specialized agencies to certify products related to information and communication technology networks. At present, the Ministry of science and information and communication technology has established an IT security evaluation and certification plan, which takes CC as the evaluation standard and authorizes the IT Security Certification Center (ITSCC in the National Security Research Institute as the certification body. The certified products can be affixed with the ITSCC certification mark, indicating that they have passed the ITSCC certification.
For most enterprises, cloud data security is the primary issue. But sometimes, the security mechanism also has its side effects. In actual work, embarrassing cases that backup data cannot be restored because everyone does not remember the password at the time of backup continue to occur. Due to the adoption of hardware level encryption measures, the new tape drive cannot support the previous encryption method when upgrading the tape drive (which means that the backup data on the old tape will not be restored).
If the enterprise server has major problems and needs to be fully restored, you can reinstall the operating system first, then reinstall all necessary software, and then restore data according to the backup files. However, time is often an important factor in disaster recovery. The time spent directly recovering the entire system is far less than the time spent recovering data after reinstalling the operating system and software. More importantly, it is difficult to manually configure a server, which is completely consistent with the previous server configuration parameters. The whole system can be backed up without considering these thorny problems. Vinchin Backup & Recovery provides the most powerful and reliable backup solutions for Xenserver backup and other mainstream platforms too.