0
Image: iStockphoto/shironosov
As technology and its implementation continue to grow in scale and complexity, organizations increasingly look to third-party vendors and partners to help accomplish their goals. In short, with the modern extended enterprise, “there’s a lot more reliance on outsiders,” said 451 Research security analyst Garrett Bekker.
Vendors and partners can be useful in helping enterprises take full advantage of emerging tech tools; however, the extent to which businesses are bringing them into their environment can cause some problems in managing the organization. And this often goes beyond working with a handful of partners — one large financial institution in New York once had around 20,000 external vendors that it dealt with, Bekker said.
In addition to complexity of management, vendors also bring new vulnerabilities into an organization. Partners and vendors have their own processes, their own methods, and their own authentication practices, and could provide a way into your network for attackers. The widely-cited Target hack, in which a compromised vendor led to a data breach for the retail giant, is one example of this.
SEE: Hiring kit: IT vendor manager (Tech Pro Research)
Still, it’s nearly impossible to do business today without working with vendors or partners in some capacity. Fortunately, there are some steps that IT and business leaders can take to protect their organisations. Here are five best practices for proper cybersecurity in vendor and partner relationships.
1. Know what you’re protecting
As simple as it sounds, the first step to protecting your organization is clearly understanding what data you have, where it resides, how much of it is sensitive, and how you can control access to it. Some businesses fail to even understand the scale of their infrastructure. Bekker said that he has worked with companies in the past that, when questioned, think they have around 200 databases — when the real number was revealed to be closer to 5,000.
0