Supply chain security, compliance, and privacy for cloud-native ecosystems
Support
language switcher
Deutsch 日本語 한국어
Login
Get started

Schedule

Book a live demo

Schedule a demo with a Sumo Logic expert.

Watch

Recorded demo

Watch a pre-recorded demo at your own pace.

Click

Interactive product tours

Explore our clickable demos.

Talk

Contact sales

Discuss how Sumo Logic fits your needs.

Try

30-day free trial

Trial the platform and access pre-built dashboards.
Pricing Login Free trial Support
Dojo AI New Multi-agent AI platform
The Platform

Monitor, troubleshoot, automate, and defend
Powered by AI/ML

Proprietary algorithms, machine learning, and generative AI
What’s new

See our latest releases
Dojo AI Dojo AI
New
Multi-agent AI platform
Intelligent Security Operations
Cloud SIEM

Discover threats faster and respond smarter
Logs for Security

Unlock cloud security with powerful log visibility
Intelligent Cloud Operations
Monitoring and Troubleshooting

Log analytics to detect and resolve issues fast
Powerful integrations
opentelemetry page Amazon Web Services – App Catalog Google Cloud Platform – App Catalog Microsoft Azure – App Catalog
Trusted and certified
All an engineer has to do is click a link, and they have everything they need in one place. That level of integration and simplicity helps us respond faster and more effectively.
Sajeeb Lohani
Global Technical Information Security Officer (TISO), Bugcrowd
Read case study

BY SECURITY USE CASE

SecOps Threat detection PCI compliance Security data lake Cloud SOAR

BY OBSERVABILITY USE CASE

Log Management Infrastructure Monitoring Application Observability AWS Monitoring Kubernetes Monitoring

BY INDUSTRY

Education Finance Gaming Manufacturing Public sector Retail Tech/SaaS

BY COMPETITION

vs Splunk vs Google SecOps vs Datadog vs Elastic vs Microsoft Sentinel vs Qradar
APIs Community Documentation Getting started GitHub Integrations Release notes Security response
Gartner Critical Capabilities report
Download report
Secure your Slack environment
Read article
Top five Sumo Logic shortcuts
Read article
How log management protects your security stack
Read article

LEARN

Blog Briefs Competitors Customer stories Glossary Guides

ENGAGE

Interactive Demos Events Partners Videos Webinars Podcast

TRAIN

Support Services Training Certifications

COMMUNITY

Docs Integrations GitHub Open Source OpenTelemetry Collector
About Us Careers Leadership Newsroom Partners Contact us

Schedule

Book a live demo

Schedule a demo with a Sumo Logic expert.

Watch

Recorded demo

Watch a pre-recorded demo at your own pace.

Click

Interactive product tours

Explore our clickable demos.

Talk

Contact sales

Discuss how Sumo Logic fits your needs.

Try

30-day free trial

Trial the platform and access pre-built dashboards.
All blogs

Supply chain security, compliance, and privacy for cloud-native ecosystems

Girish Bhat
3 min read
Table of contents

Think of the software supply chain as every software element in your organization—from software development of internal systems to open source or third-party enterprise software to vendors, partners, and even past suppliers who still hold access to company data or IT systems. Attacks on this software supply chain can damage individual departments, organizations, or entire industries by targeting and attacking insecure elements of your software fabric.

At the Modern SOC Summit, George Gerchow, Chief Security Officer at Sumo Logic, and John Visneski, CISO at Accolade, dove into this hugely important topic of supply chain security.

Six degrees of security ecosystems

The discussion started with a look at attack vectors for software supply chains: internal development, open source software, vendors and partners. Throughout the chain, you need to work with every team to protect your internal and external customers and the entire ecosystem. As George states, “You’re only as strong as the weakest link in your security fabric.”

Supply Chain Attacks" width="625


In a pop-culture twist on the complexity of the supply chain, John thinks of it as ‘six degrees of cyber Kevin Bacon’ indicating that “Not only do you need to be concerned about your direct third parties, you also have to be concerned about how they manage vendors, their ecosystem, and their environment.

Building security relationships

That complexity can grow into an exponential problem as you grow as an enterprise, which is why partnerships are so important in protecting the supply chain. Whether internal or external, it’s all about establishing trust and transparency. “If something is going wrong,” George says, “you need to let your partner know and get it out in the open then work together to mitigate the situation.” Having a one-to-one relationship with each of your vendors or partners is also key, according to John: “You want to build a solid relationship that goes way beyond contracts and payments. You want open communication and transparency.”

Advanced Intelligence Automation" width="625


Today’s organizations don’t just have a single development team, as John pointed out. There are multiple, agile teams across business operations and verticals, and you need to have relationships with those teams, such as your developers and engineers, to educate them as to best practices when it comes to open source platforms and third-party software. For example, in looking at something like open source software, you want to have an honest risk vs. reward analysis with the team.

At Sumo Logic, the focus is on the overall security posture, baking security into the DNA of the company, not just for the security team, not just the compliance team, but making Sumo a security-first company, both internally and externally. And that definitely includes working closely with partners who store or process data on behalf of the enterprise.

John explains that Accolade takes a “tooth to tail” approach to cybersecurity, focusing on the customer’s experience with Accolade. “From the second they log on,” he says, “they need to have an understanding that their data is going to be protected.” Accolade expects that vendors providing professional services need to share that mindset that security is the core of their business relationship with the company.

Cybersecurity resilience

Sumo Logic has built a world-class SaaS-based internal security program. George explains that the security team has worked very closely with the community to outline use cases for capabilities and this drives automated security and compliance towards certifications and attestations, all the way to trusted auditors. And, of course, they feed all of it into Sumo.

John sees the ecosystem like an orchestra that needs to work together. Not everyone is going to be the first chair violinist, he pointed out, but you need the other violins and the rest of the orchestra to make that first chair shine. So, too, in the supply chain: you need to understand how each element supports the other elements. It’s figuring out how to support those “first chair” elements—the core elements of your architecture—with which tools and how many layers.

Defense-in-depth used to be the first layer of protection, moving on to least privilege, and now we’re moving towards zero trust as a framework. It’s really important, George believes, to start outlining and setting those types of goals.

“Tun in” to the rest of the conversation…

Listen in as George and John continue the discussion about supply chain security, including:

  • The pros and cons of bug bounties

  • Access management and zero trust

  • Compliance and policy management


Girish Bhat
VP, Security, Platform Marketing and Competitive Intel

Girish has held leadership roles in Management Consulting, Strategic Planning, Product Management, Competitive and Market Intel, Product Marketing and Marketing at several startups (successful and failed) and brands such as Splunk, Cisco, MobileIron, NetScout.

He has been fortunate to have managed numerous Cloud, Analytics, Monitoring, Security, mobile, ML, virtualization, networking and Open Source solutions across the entire product, GTM and customer lifecycle.

Previous blog
Sumo Logic extends monitoring for AWS Lambda functions powered by AWS Graviton2 processors
Next blog
Analyzing human layer risks with Tessian
People who read this also enjoyed
Meta Gartner Critical Capabilities SIEM Report blog
Why the Gartner Critical Capabilities for SIEM report belongs in every buyer’s toolkit
October 30, 2025
Meta Dojo AI Summary Agent 1
Clarity in the Dojo: The power of the Summary Agent
October 23, 2025
Meta Updates Azure Environments Blog
25 Sumo Logic updates to better monitor and secure your Azure environments
October 16, 2025
Meta SL Academy Blog 1200x628
Introducing Sumo Logic Academy: Your new hub for learning and certifications
October 7, 2025

Company

About us Careers We’re hiring Leadership Newsroom Partners Contact Us

RESOURCES

Blog Customer Stories Demos Webinars Events
Glossary
Log file Log levels Otel Telemetry See all
Guides
AI for Log Analytics SIEM OpenTelemetry Log Analytics See all

PRODUCTS

Overview Dojo AI New Cloud SIEM Logs for Security Monitoring and Troubleshooting New Features
Compare
Sumo Logic vs. Splunk Sumo Logic vs Google SecOps Sumo Logic vs. Datadog Sumo Logic vs. Elastic Cloud Sumo Logic vs. Coralogix Sumo Logic vs. QRadar

SUPPORT & LEARN

Documentation Community Support Training Platform Status Security Trust Center

INTEGRATIONS

AWS CloudTrail Amazon S3 Audit Apache Kubernetes Linux NGINX PCI Compliance View all

INITIATIVE

Modernizing SecOps Cloud migration Application modernization Digital customer experience Tool consolidation

©2025 Sumo Logic

Legal Privacy statement Terms of use CA Privacy Notice
English
Deutsch 日本語 한국어