Enterprises rely on the Internet to deliver critical services, yet the security of the routing infrastructure that connects customers, partners, and applications remains largely outside traditional enterprise risk management. Internet routing operates across thousands of independent networks. When failures or attacks occur anywhere along this chain, enterprise services may be unreachable, intercepted, or degraded — regardless of how well the enterprise has secured its own perimeter, applications, or data. As a result, routing security represents a material but under-managed supply chain risk with direct operational, financial, and reputational impact.
This risk affects enterprises across all common connectivity models, including SD-WAN deployments, cloud-hosted services, CDN and DDoS platforms, and direct Internet service delivery. In each model, a small number of external providers effectively determines service reachability and resilience. Yet today, enterprises lack clear guidance on what routing security controls they should expect from their providers — and what responsibilities they themselves should take on — leading to a market stalemate where neither side drives improvement.
Breaking this cycle requires explicit enterprise engagement. MANRS has demonstrated that shared norms can significantly improve routing security across the Internet ecosystem. So far, MANRS has focused on peer-to-peer relationships between network operators. However, customer demand can also be a powerful driver of improved routing security. To address this gap, a working group is developing more stringent security controls and auditing requirements for connectivity and cloud providers who agree to an elevated tier of MANRS participation, which would give enterprises greater assurance of their routing security protections.
The next step is to clearly define what routing security means from an enterprise perspective: which controls matter most, how they should be measured, and how enterprises can embed these expectations into procurement, governance, and risk management processes.
A new MANRS paper, “The Internet Routing Supply Chain: Your Most Overlooked Dependency” outlines the business case for enterprises to demand better routing security from their providers. If you are a cloud provider or content delivery network, this is a blueprint for how enterprise customers will increasingly evaluate routing security as part of its supplier risk decisions. If you operate an enterprise network, this paper explains the need for requiring stronger, verifiable routing security practices from the providers you depend on and how making routing security a first-class requirement in procurement, governance, and risk management will benefit your bottom line.
Ultimately, this is a call for enterprises to include routing security in their corporate risk management efforts, especially as far as their supply chain is concerned. A future MANRS Enterprise Program could help by clarifying requirements, creating market demand for stronger routing security, and strengthening the resilience of the Internet paths their businesses depend on. Please stay tuned and share your thoughts with us at [email protected] or via the website.
The post The Internet Routing Supply Chain: An Enterprises’s Most Overlooked Dependency appeared first on MANRS.