Third Parties: Know the "Who" and the "When"
November 26, 2018

David Pignolet
SecZetta

With the rise of next-generation technologies, businesses have access to more data than ever, creating opportunities to develop new channels for revenue. Contributing to the increase in data is a growing reliance on the external supply chain. However, with the influx of data comes the necessity to understand the entire third-party ecosystem; its benefits and risks.

Some of the most devastating breaches have been attributed to a third party, so it should be no secret that mitigating third-party risks is crucial. Because vigilance is key, organizations must get their entire vendor ecosystem in check to lower the risks that enterprises encounter when granting third-party vendors and non-employees' access to their network and data.

Assess Your Hygiene

According to research from the Ponemon Institute, 50 percent of organizations don't know who has access to their data, how they're using it, or what safeguards are in place to mitigate an incident. This is largely due to the lack of resources to track third parties, the complexity of business requirements and technology, and a breakdown in communication.

Businesses can start by assessing their security hygiene and enacting a multilayered defense strategy that covers the entire enterprise to include lifecycle management capabilities to manage the coming and going of third party, non-employees, as well as encryption and multifactor authentication for all network- and data-access requests from third parties. The business is going to hire non-employees, so organizations need to be prepared to track and manage risk at both the vendor and identity level.

Select Third-Party Providers That Improve Security, Not Jeopardize It

Some third-party vendors only need access to your network whereas others need access to specific data. No matter how much you trust a third-party vendor you must continuously assess the vendor's security standards and technology as well as track who is being granted access from those vendors once approved. Those companies with robust due diligence and third-party governance stand to benefit in many ways.

Do the Regulatory Changes Affect You

With the increasing data laws to include the EU's General Data Protection Regulation (GDPR) and the dozens of individual United States data policies, organizations must rethink their entire compliance process.

Organizations should restrict third-party access to sensitive data, complete an information audit to determine the data flow to third parties, collect only the data that serves a legitimate purpose, and make sure that all major leaders are aligned.

In the event that information has to be shared with third parties, companies should make certain they know who each person is that was granted access, have a way to manage those identities and, more importantly, have a process by which access can be removed in the event of a breach notification.

It's Not One-and-Done

Successfully managing third-party vendors is ongoing practice, not a one-time task. Companies must recognize that assessing the risk of the vendor is just one side of the coin. Once a vendor has been approved, companies need to be able to track and manage the individuals being brought in from those vendors and take action against the non-employee populations.

All businesses have a responsibility — to themselves and their customers — to implement measures that are appropriate to their unique risks and requirements.

David Pignolet is CEO of SecZetta
Share this

Industry News

November 21, 2024

Red Hat announced the general availability of Red Hat Enterprise Linux 9.5, the latest version of the enterprise Linux platform.

November 21, 2024

Securiti announced a new solution - Security for AI Copilots in SaaS apps.

November 20, 2024

Spectro Cloud completed a $75 million Series C funding round led by Growth Equity at Goldman Sachs Alternatives with participation from existing Spectro Cloud investors.

November 20, 2024

The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, has announced significant momentum around cloud native training and certifications with the addition of three new project-centric certifications and a series of new Platform Engineering-specific certifications:

November 20, 2024

Red Hat announced the latest version of Red Hat OpenShift AI, its artificial intelligence (AI) and machine learning (ML) platform built on Red Hat OpenShift that enables enterprises to create and deliver AI-enabled applications at scale across the hybrid cloud.

November 20, 2024

Salesforce announced agentic lifecycle management tools to automate Agentforce testing, prototype agents in secure Sandbox environments, and transparently manage usage at scale.

November 19, 2024

OpenText™ unveiled Cloud Editions (CE) 24.4, presenting a suite of transformative advancements in Business Cloud, AI, and Technology to empower the future of AI-driven knowledge work.

November 19, 2024

Red Hat announced new capabilities and enhancements for Red Hat Developer Hub, Red Hat’s enterprise-grade developer portal based on the Backstage project.

November 19, 2024

Pegasystems announced the availability of new AI-driven legacy discovery capabilities in Pega GenAI Blueprint™ to accelerate the daunting task of modernizing legacy systems that hold organizations back.

November 19, 2024

Tricentis launched enhanced cloud capabilities for its flagship solution, Tricentis Tosca, bringing enterprise-ready end-to-end test automation to the cloud.

November 19, 2024

Rafay Systems announced new platform advancements that help enterprises and GPU cloud providers deliver developer-friendly consumption workflows for GPU infrastructure.

November 19, 2024

Apiiro introduced Code-to-Runtime, a new capability using Apiiro’s deep code analysis (DCA) technology to map software architecture and trace all types of software components including APIs, open source software (OSS), and containers to code owners while enriching it with business impact.

November 19, 2024

Zesty announced the launch of Kompass, its automated Kubernetes optimization platform.

November 18, 2024

MacStadium announced the launch of Orka Engine, the latest addition to its Orka product line.