The zero trust supply chain: Managing supply chain risk in the absence of trust

Zachary A. Collier*, Joseph Sarkis

*Corresponding author for this work

Research output: Contribution to journalArticleScientificpeer-review

4 Citations (Scopus)

Abstract

The modern supply chain is characterised by an ill-defined and porous perimeter, allowing entry points for potential adversaries to intercept sensitive information and disrupt operations. Such supply chain attacks are increasing in frequency and their impacts can be costly to an organisation. Trust between supply chain partners is commonly thought to be a risk management tool, where increasing trust results in reduced risk. However, increased trust may actually expose the supply chain to more risk, not less. In this paper, we propose the concept of the zero trust supply chain. Originating in the field of information technology and cybersecurity, a zero trust philosophy assumes that all actors and activity are untrusted. In contrast to perimeter-based security, which attempts to keep adversarial actors out, a zero trust-based security posture assumes that adversaries are already inside the system, and therefore imposes strict access and authentication requirements. In this paper, we map zero trust concepts to the supply chain, and discuss the steps an organisation might take to transition to zero trust. We set forth a research agenda by examining zero trust through the lens of several organisational theories and propose a number of research propositions.

Original languageEnglish
Peer-reviewed scientific journalInternational Journal of Production Research
ISSN0020-7543
DOIs
Publication statusPublished - 17.02.2021
MoE publication typeA1 Journal article - refereed

Keywords

  • 512 Business and Management
  • organizational theory
  • risk management
  • security
  • supply chain
  • technology management
  • trust

Areas of Strength and Areas of High Potential (AoS and AoHP)

  • AoHP: Humanitarian and societal logistics

Fingerprint

Dive into the research topics of 'The zero trust supply chain: Managing supply chain risk in the absence of trust'. Together they form a unique fingerprint.

Cite this