No matter what type of organization you are: third-party vendors impact the security of your organization. Some do a great job at security. Others don’t. And most companies don’t know how (or if) third parties protect their data. Do you know who is handling your data?
There are a number of third parties that handle your confidential, sensitive business information, including encrypters, data collectors, IT pros, coders or code reviewers, data transmitters, data backup companies, cloud security, data destruction companies … and the list goes on.
And guess what? Data sovereignty, bring your own device and choose your own device, business and healthcare compliance and regulations, and laws across national and international borders add to the challenge. And they’re not updated at the speed the risks are evolving. Consequently, the third-party role is evolving.
Security threats used to come from malware measured in days, weeks and months. Now it’s measured in hours, minutes and real time. It’s no longer possible to protect your organization alone in this age of rapidly expanding networks, emerging Internet economy and mobility. That’s where specialized security vendors came into play and offer Security as a Service (SECaaS).
You can choose to take a hybrid cloud security path or go direct to cloud. In the latter, you’ll have to identify where the line between your company’s and SaaS provider’s security practices is drawn. Who is going to make you less vulnerable versus managing security on your own?
According to PwC, The Global State of Information Security Survey 2014 (September 2013), 82% of companies with high-performing security practices collaborate with others to achieve advanced security and threat awareness.
While business partnerships create a better marketplace — from giving customers a simplified, more valuable experience and growing your base of customers, to increasing Average Revenue Per User and customer loyalty — they’re prone to breaches through third-party vendors — that is unless your third-party vendor’s expertise is security.
That’s why it’s critical co-opetition partnerships have clearly defined roles and responsibilities when it comes to protecting data. Know what your partner’s security strategy is and what they do to maintain that security. To find out, ask these questions:
There needs to be a clear outline of the data loss prevention plan, including a clear definition of whose responsibility it is for protecting the shared environment — who owns what burden, and where is the responsibility and liability line drawn?
Security is not one-size-fits-all. Insight offers custom solutions and services to meet your security needs and keep you critical assets protected. And we partner with more than 3,600 software, hardware and cloud specialists that we’ve vetted for the best security practices.