Buyers Guide wants to help organisations reduce the risk they face from vulnerabilities.
When it comes to cyber security, both Microsoft and Huawei have not had an easy time of it of late. The Chinese tech giant has been blacklisted in the US telecoms equipment market over fears of cyber espionage, while Microsoft is being investigated by Chinese antitrust regulators.
Although under pressure from each others’ governments, the two companies have come together to produce an ICT Buyers Guide focused on cyber security.
The guide, produced with the nonprofit EastWest Institute, is designed to ‘help the buyers, suppliers, and users of information and communications technologies better understand and address the cyber security and privacy risks inherent in information and communications technology (ICT) products and services.’
Aimed at senior execs, board members, CIOs, and CISOs among others, the guide was seen as a necessity by the two companies who cited the £400 billion per year cost of cyber crimes on businesses. As crimes and cyber security risks gather pace, ICT buyers have become more heavily invested in focusing spend towards defences – with the guide offering five principles for cyber stakeholders:
Maintain an open market that fosters innovation and competition and creates a level playing field for ICT providers
Create procurement practices that utilize fact-driven, risk informed, and transparent requirements based on international standards and approaches
Avoid requirements or behaviour that undermine trust in ICT (e.g., by installing back doors)
Evaluate the practices of ICT providers in terms of creating product and service integrity
Create and use tools and approaches to address risk and assign high value to cyber security investments
The Buyers Guide has been ‘specifically designed to help organizations reduce the risk they face from cyber security vulnerabilities in the commercial products and services upon which they rely.’ Split into three sections – Enterprise Security Governance, Product and Service Lifecycle: from Design through Sustainment and Response, and Creating Assurance – the guide aims to facilitate conversation between ICT buyer and supplier, providing ‘guidance and practices intended to assist buyers in developing and implementing security-minded purchasing requirements to reduce risks from product and service vulnerabilities.’
Talking to the Wall Street Journal, Bruce McConnell, vice president of the EastWest Institute, said: “This is an attempt to create objective criteria for buying technology products and services.”
Microsoft and Huawei are named as sponsors of the report alongside Unisys, NXP Semiconductors and Sonus Networks. In the guide, Microsoft was represented by Angela McKay, its cyber security policy and strategy director; Huawei, by Andy Purdy, chief security officer of Huawei’s U.S. unit.
The joining together of the two companies may be part of efforts to shift the cyber security conversation away from politics, specifically tensions between countries like China and the US, instead focusing on the needs and requirements of buyers in a constantly evolving threat landscape.
“If we simply think about the countries of origin (of technology vendors), we are not going to protect ourselves adequately,” said Mr. Purdy in the WSJ interview.