Cutting Through the Noise: Identifying Secure and Trusted Technology

Companies don’t do business with vendors they don’t trust. To complicate matters, some vendors sling fear, uncertainty, and doubt (FUD) at their competitors, making it even more difficult to determine which vendors will make the most trusted, secure partners. By asking these three questions, you can cut through the noise and find a partner who has a solid strategic security plan so you can rest easy using their hardware, software, services, and solutions to build your IT infrastructure.

1. Does the vendor build security holistically into its products and services throughout their lifecycle?

Security needs to be a priority from the top down, with senior management integrating security into every step of the product lifecycle, from the initial proposal all the way through development, testing, release, and beyond. If security isn’t a top priority for the C-Suite, it will not be a top priority for product managers, engineers, support, or other crucial functions with the vendor’s organization.

At Lenovo, the CSO reports directly to the CEO and always has a voice at the table, ensuring security is a priority and taken seriously. Security leaders collaborate cross functionally to synchronize and integrate security. Lenovo has also created an extended leadership team that’s comprised of those cross functional stakeholders. As a result, security is top of mind throughout the entire organization, and a key consideration from the very beginning of every product and service it brings to market through its life cycle.

2. Does the vendor have a strong security infrastructure?

This doesn’t just include following best practice for network and data security. Facilities must be physically secure, and their supply chain must be fully vetted to include not just suppliers, but also suppliers’ suppliers.

Lenovo implements best practices across the company to ensure network and data security, with strong encryption of data, rigorous patch management, and a zero-trust approach to the network.  The company thoroughly vets suppliers through a rigorous process that ensures each adheres to high standards for security. Materials are shipped only by authorized, vetted distributors and products require tamper-proof packaging.

3. Have trusted organizations and government authorities vetted the vendor?

There are certainly some valid concerns about state-sponsored cybersecurity attacks. But just because a company has a heritage associated with a “rival” country doesn’t inherently pose a security risk, especially if the company is a publicly traded, multinational organization. If, for example, the vendor sells to the U.S., the E.U., or other democratic governments, a rigorous security audit will occur.

Over four decades, Lenovo has grown into the world’s largest PC vendor, a Global Fortune 500 company dual-headquartered in Beijing and North Carolina that provides organizations in 180 markets with hardware, software, solutions, and services. U.S, Canadian, and many Western European governments have deployed Lenovo products and services. The Committee on Foreign Investment in the United States (CFIUS) has cleared all five of Lenovo’s acquisitions of United States businesses, including the IBM PC and X86 business and Motorola Mobility.

“At Lenovo, we maintain the highest standards for excellence in product and services security through our own product development processes and our resilient and secure supply chain,” said Skip Mann, Managing Director, Chief Security Office at Lenovo. “Our products are trusted by governments around the world to provide the highest level of safety and security. We prioritize security within our entire organization’s structure, and it’s an integral part of our company’s culture.

To learn more about Lenovo’s commitment to building a security-focused culture, visit the company’s StoryHub.