Check Point® Software Technologies Ltd. has been recognized as a Leader in the latest GigaOm Radar Report for Security Policy as Code.
Third Parties: Know the "Who" and the "When"
November 26, 2018
With the rise of next-generation technologies, businesses have access to more data than ever, creating opportunities to develop new channels for revenue. Contributing to the increase in data is a growing reliance on the external supply chain. However, with the influx of data comes the necessity to understand the entire third-party ecosystem; its benefits and risks.
Some of the most devastating breaches have been attributed to a third party, so it should be no secret that mitigating third-party risks is crucial. Because vigilance is key, organizations must get their entire vendor ecosystem in check to lower the risks that enterprises encounter when granting third-party vendors and non-employees' access to their network and data.
Assess Your Hygiene
According to research from the Ponemon Institute, 50 percent of organizations don't know who has access to their data, how they're using it, or what safeguards are in place to mitigate an incident. This is largely due to the lack of resources to track third parties, the complexity of business requirements and technology, and a breakdown in communication.
Businesses can start by assessing their security hygiene and enacting a multilayered defense strategy that covers the entire enterprise to include lifecycle management capabilities to manage the coming and going of third party, non-employees, as well as encryption and multifactor authentication for all network- and data-access requests from third parties. The business is going to hire non-employees, so organizations need to be prepared to track and manage risk at both the vendor and identity level.
Select Third-Party Providers That Improve Security, Not Jeopardize It
Some third-party vendors only need access to your network whereas others need access to specific data. No matter how much you trust a third-party vendor you must continuously assess the vendor's security standards and technology as well as track who is being granted access from those vendors once approved. Those companies with robust due diligence and third-party governance stand to benefit in many ways.
Do the Regulatory Changes Affect You
With the increasing data laws to include the EU's General Data Protection Regulation (GDPR) and the dozens of individual United States data policies, organizations must rethink their entire compliance process.
Organizations should restrict third-party access to sensitive data, complete an information audit to determine the data flow to third parties, collect only the data that serves a legitimate purpose, and make sure that all major leaders are aligned.
In the event that information has to be shared with third parties, companies should make certain they know who each person is that was granted access, have a way to manage those identities and, more importantly, have a process by which access can be removed in the event of a breach notification.
It's Not One-and-Done
Successfully managing third-party vendors is ongoing practice, not a one-time task. Companies must recognize that assessing the risk of the vendor is just one side of the coin. Once a vendor has been approved, companies need to be able to track and manage the individuals being brought in from those vendors and take action against the non-employee populations.
All businesses have a responsibility — to themselves and their customers — to implement measures that are appropriate to their unique risks and requirements.
Industry News
September 12, 2024
JFrog announced the addition of JFrog Runtime to its suite of security capabilities, empowering enterprises to seamlessly integrate security into every step of the development process, from writing source code to deploying binaries into production.
September 12, 2024
Kong unveiled its new Premium Technology Partner Program, a strategic initiative designed to deepen its engagement with technology partners and foster innovation within its cloud and developer ecosystem.
September 11, 2024
Kong announced the launch of the latest version of Kong Konnect, the API platform for the AI era.
September 10, 2024
Oracle announced new capabilities to help customers accelerate the development of applications and deployment on Oracle Cloud Infrastructure (OCI).
September 10, 2024
JFrog and GitHub unveiled new integrations.
September 10, 2024
Opsera announced its latest platform capabilities for Salesforce DevOps.
September 09, 2024
Progress announced it has entered into a definitive agreement to acquire ShareFile, a business unit of Cloud Software Group, providing SaaS-native, AI-powered, document-centric collaboration, focusing on industry segments including business and professional services, financial services, healthcare and construction.
September 05, 2024
Red Hat announced the general availability of Red Hat Enterprise Linux (RHEL) AI across the hybrid cloud.
September 05, 2024
Jitterbit announced its unified AI-infused, low-code Harmony platform.
September 05, 2024
Akuity announced the launch of KubeVision, a feature within the Akuity Platform.
September 05, 2024
Couchbase announced Capella Free Tier, a free developer environment designed to empower developers to evaluate and explore products and test new features without time constraints.
September 04, 2024
Amazon Web Services, Inc. (AWS), an Amazon.com, Inc. company, announced the general availability of AWS Parallel Computing Service, a new managed service that helps customers easily set up and manage high performance computing (HPC) clusters so they can run scientific and engineering workloads at virtually any scale on AWS.
September 04, 2024
Dell Technologies and Red Hat are bringing Red Hat Enterprise Linux AI (RHEL AI), a foundation model platform built on an AI-optimized operating system that enables users to more seamlessly develop, test and deploy artificial intelligence (AI) and generative AI (gen AI) models, to Dell PowerEdge servers.
