Parasoft(link is external) is showcasing its latest product innovations at embedded world Exhibition, booth 4-318(link is external), including new GenAI integration with Microsoft Visual Studio Code (VS Code) to optimize test automation of safety-critical applications while reducing development time, cost, and risk.
Third Parties: Know the "Who" and the "When"
November 26, 2018
With the rise of next-generation technologies, businesses have access to more data than ever, creating opportunities to develop new channels for revenue. Contributing to the increase in data is a growing reliance on the external supply chain. However, with the influx of data comes the necessity to understand the entire third-party ecosystem; its benefits and risks.
Some of the most devastating breaches have been attributed to a third party, so it should be no secret that mitigating third-party risks is crucial. Because vigilance is key, organizations must get their entire vendor ecosystem in check to lower the risks that enterprises encounter when granting third-party vendors and non-employees' access to their network and data.
Assess Your Hygiene
According to research(link is external) from the Ponemon Institute, 50 percent of organizations don't know who has access to their data, how they're using it, or what safeguards are in place to mitigate an incident. This is largely due to the lack of resources to track third parties, the complexity of business requirements and technology, and a breakdown in communication.
Businesses can start by assessing their security hygiene and enacting a multilayered defense strategy that covers the entire enterprise to include lifecycle management capabilities to manage the coming and going of third party, non-employees, as well as encryption and multifactor authentication for all network- and data-access requests from third parties. The business is going to hire non-employees, so organizations need to be prepared to track and manage risk at both the vendor and identity level.
Select Third-Party Providers That Improve Security, Not Jeopardize It
Some third-party vendors only need access to your network whereas others need access to specific data. No matter how much you trust a third-party vendor you must continuously assess the vendor's security standards and technology as well as track who is being granted access from those vendors once approved. Those companies with robust due diligence and third-party governance stand to benefit in many ways.
Do the Regulatory Changes Affect You
With the increasing data laws to include the EU's General Data Protection Regulation (GDPR) and the dozens of individual United States data policies, organizations must rethink their entire compliance process.
Organizations should restrict third-party access to sensitive data, complete an information audit to determine the data flow to third parties, collect only the data that serves a legitimate purpose, and make sure that all major leaders are aligned.
In the event that information has to be shared with third parties, companies should make certain they know who each person is that was granted access, have a way to manage those identities and, more importantly, have a process by which access can be removed in the event of a breach notification.
It's Not One-and-Done
Successfully managing third-party vendors is ongoing practice, not a one-time task. Companies must recognize that assessing the risk of the vendor is just one side of the coin. Once a vendor has been approved, companies need to be able to track and manage the individuals being brought in from those vendors and take action against the non-employee populations.
All businesses have a responsibility — to themselves and their customers — to implement measures that are appropriate to their unique risks and requirements.
Industry News
March 06, 2025
JFrog announced general availability of its integration with NVIDIA NIM microservices, part of the NVIDIA AI Enterprise software platform.
March 06, 2025
CloudCasa by Catalogic announce an integration with SUSE® Rancher Prime via a new Rancher Prime Extension.
March 05, 2025
MacStadium(link is external) announced the extended availability of Orka(link is external) Cluster 3.2, establishing the market’s first enterprise-grade macOS virtualization solution available across multiple deployment options.
March 05, 2025
JFrog is partnering with Hugging Face, host of a repository of public machine learning (ML) models — the Hugging Face Hub — designed to achieve more robust security scans and analysis forevery ML model in their library.
March 05, 2025
Copado launched DevOps Automation Agent on Salesforce's AgentExchange, a global ecosystem marketplace powered by AppExchange for leading partners building new third-party agents and agent actions for Agentforce.
March 05, 2025
Harness completed its merger with Traceable, effective March 4, 2025.
March 04, 2025
JFrog released JFrog ML, an MLOps solution as part of the JFrog Platform designed to enable development teams, data scientists and ML engineers to quickly develop and deploy enterprise-ready AI applications at scale.
March 04, 2025
Progress announced the addition of Web Application Firewall (WAF) functionality to Progress® MOVEit® Cloud managed file transfer (MFT) solution.
March 04, 2025
Couchbase launched Couchbase Edge Server, an offline-first, lightweight database server and sync solution designed to provide low latency data access, consolidation, storage and processing for applications in resource-constrained edge environments.
March 04, 2025
Sonatype announced end-to-end AI Software Composition Analysis (AI SCA) capabilities that enable enterprises to harness the full potential of AI.
March 03, 2025
Aviatrix® announced the launch of the Aviatrix Kubernetes Firewall.
March 03, 2025
ScaleOps announced the general availability of their Pod Placement feature, a solution that helps companies manage Kubernetes infrastructure.
March 03, 2025
Cloudsmith raised a $23 million Series B funding round led by TCV, with participation from Insight Partners and existing investors.
February 27, 2025
IBM has completed its acquisition of HashiCorp, whose products automate and secure the infrastructure that underpins hybrid cloud applications and generative AI.
