Bookmark and Share

Securing What You Share: Improving Third-Party Security

This roundtable had a very active conversation because third-party security is such a critical topic. In fact, because it has been such a popular point of discussion these days, the group had to ask—why is it still a concern, after all this time? Why are teams unable to satisfactorily manage third-party risk? The issue is new technology being implemented in the security world and in third party products. For instance, a major new development is cloud data storage and management. Most organizations choose to use the cloud to store data, craft their infrastructure, and more—and even some third parties are using other vendors to maintain their own cloud structure. As such, much of your organization’s digital infrastructure and data are no longer in your control, and the concrete walls your security team once had are falling away in favor of this cloud space. Furthermore, there’s a need to maintain an assessment procedure with third parties to manage risk. This can involve tactics such as questionnaires and on-site evaluations. However, these processes can be tedious when working with multiple vendors; and on the vendor side of things, they may be fielding multiple assessments from various customers. The answer, then, to make this process smoother is automation—anything that can be done to revise the assessment procedure to be more automated and efficient can be beneficial to the overall process. Regarding on-site evaluations, these can be very expensive. In response, technology exists to allow vendors to complete this evaluation for you, so teams can focus their budget on more important aspects of security. Overall, processes that can make third-party risk assessment more efficient, cost-effective, and adaptable to changes in implemented technology as security evolves can be beneficial to your team and to your vendors.