
The National Cyber Security Centre (NCSC) is providing guidance to organisations increasingly reliant on video, voice and messaging, including warnings about technology supply chains.
NCSC said is important that users can trust all aspects of the service including supply chain security and the third-party products and services they depend upon.
"You also need to consider the interoperability of the service with your current technology solutions, and whether it introduces new risks to legacy infrastructure," NCSC said in a post today advising users to assess supply chains for trust and resilience.
"Your reliance upon one service could be an issue from an availability and security perspective and it may be prudent to use multiple vendors and avoid vendor lock-in."
These measures would also to reduce the risks around services that do not permit communication outside their network and therefore raise the likelihood of personnel using alternative, insecure "shadow IT".
"Proactive planning will help to reduce the risk of unsuitable communications services being adopted during a crisis," NCSC advided.
The post provides a framework for action including, understanding the context within which the communication service is to be used and selecting a provider.
It is important to understand details about the provider including their profit model, the countries in which they reside, those suppliers own supply chains, the data centres they use, the contracts they apply and rights in regards to intellectual property and indemnity.
Secure management of users and audit functionality should also be considered among other aspects.