The EastWest Institute held a discussion at its New York headquarters on September 13 to mark the launch of “Purchasing Secure ICT Products and Services: A Buyers Guide”—a unique, breakthrough resource intended for all organizations interested in acquiring more secure information and communications technology (ICT) products and services. 

EWI Global Vice President Bruce McConnell, who also leads the institute’s Global Cooperation in Cyberspace Initiative, moderated the event that featured as speakers Angela McKay from Microsoft, Andy Purdy from Huawei Technologies, and Sally Long from The Open Group.

“We received help in creating this document from many parties around the world, including the White House, India, companies in the business sector, retailers, and many experts,” said McConnell.

“Consumers now care more than just price and feature in ICT products,” he added. “They also want secure products.”

Purdy, the Chief Security Officer of Huawei Technologies USA, said there needed to be a comprehensive approach to curb the risks from the products and services that were provided to consumers.

The Guide is divided into three main sections: a) Enterprise Security Governance; b) Product and Service Lifecycle — from Design through Sustainment and Response; and c) Creating Assurance. Each section includes a brief introduction of the topic and a series of subsections that highlight common sources of risk and associated processes and practices to mitigate them, as well as guidance on advancing the buyer-supplier conversation.

“You need to build security in from the very beginning, from the design phase,” said Long, the director of the Open Group Trusted Technology Forum.

This document offers a structure for conversations between ICT buyers and suppliers, enabling organizations to manage the risks they face from cybersecurity vulnerabilities in the commercial products and services they use.

McKay, the director of Cybersecurity Policy and Strategy at Microsoft, said that it was important to start the conversation with "what are the international standards to consumers and buyers" and use them as the basis.

Related links:

Purchasing Secure ICT Products and Services: A Buyers Guide

EastWest Institute Launches Cybersecurity Guide for Technology Buyers