When you or your business purchases a piece of hardware, whether it be a laptop, PC, or server, do you stop and think about where the individual components come from? Most likely not. However, it is entirely possible that, during manufacturing, vulnerable components may be installed or introduced into the supply chain. Particularly when purchasing hardware second hand, there is no guarantee the devices have not been tampered with or components replaced in order to sabotage an organization. In a world where supply chains are constantly under attack, it is crucial for businesses to do their due diligence in finding trustworthy hardware vendors.
Lenovo represents one of the largest computer hardware suppliers and manufacturers across the globe. They specialize in designing and selling personal laptops, tablets, mobile phones, workstations, servers, and other business solutions. But what makes them a trusted and secure vendor?
Lenovo prides themselves on their commitment to securing the supply chain and promoting a "secure by design" principle within their manufacturing process and for the past several years, Lenovo's product supply chain has been listed in Gartner's' Top 25 rankings. Additionally, in May of 2024, Lenovo was one of the first tech enterprises to sign CISA's "Secure by Design" pledge, a sign of their commitment to "demonstrating their continued leadership and advancements in this area, collaborating closely with CISA to instill customer confidence in the safety, trustworthiness, and integrity of the technology they rely on."
How does Lenovo accomplish this level of security?
From the development process, Lenovo "defines security requirements when products are first being conceived in order to balance needs of security and data availability." This refers back to the concept of secure by design. Before any hardware is crafted or installed, Lenovo's product development teams ensure their products are up to security standards. Lenovo also makes sure that the suppliers it partners with are qualified to securely distribute their products to customers. Lenovo’s Trusted Supplier Program sets high security standards for its suppliers, who must pass stringent evaluations and regular audits. This program focuses on intelligent components that could impact product security, requiring suppliers to have robust security measures and incident response capabilities.
Lenovo also implements a robust risk management system to identify potential risks to the supply chain and detect issues early so that production is not delayed, and threats can be mitigated quickly. This includes auditing suppliers and vendors to ensure compliance and security while also examining internal security practices.
Another core element of Lenovo's secure supply chain is the manufacturing of their products. They require their manufacturing sites to invest in strong physical security that includes practices and controls to protect their personnel and physical plants. Visitors and deliveries are monitored, and access controls prevent unauthorized entry. Once the products are completed, they are then inspected and tested to ensure they meet the security criteria set out for them in the development process. Once the products are ready to be sent out, Lenovo uses tamper-evident packaging and collaborates with qualified logistics partners to ensure its safety during transit. Shipments are monitored from Lenovo’s facilities to the customer’s location, ensuring that any tampering is immediately detected and investigated.
Lenovo’s comprehensive approach to securing its supply chain and hardware against cybersecurity risks exemplifies industry best practices. By leveraging advanced technologies, stringent supplier standards, and continuous monitoring, Lenovo not only ensures the integrity and security of its products but also sets a high benchmark for supply chain security in the technology sector.
CorpInfoTech is a managed service provider (MSP) that offers IT and security solutions to SMBs seeking to protect their business assets. As a Lenovo partner, CorpInfoTech utilizes their secure products to make sure that both the software and hardware they use works toward greater security. When building our clients IT infrastructure, we rely on Lenovo's servers and laptops for both security and efficiency.
Our services include firewall management (xDEFENSE), vulnerability scanning (v360), security and risk assessments, compliance aid, and managed IT. Through partnering with Lenovo, we are able to deliver enterprise level security to small-medium sized businesses.
Contact us today to learn more about Lenovo and CorpInfoTech work together to secure your business!