Learn more about three third-party security risk factors and what you can do to mitigate risk from the software you get from your vendors.
As we build our budgets for 2016, many organizations are examining 2015 pitfalls in order to strategize where to spend money in the upcoming year. With the recent influx of security breaches, many are concerned about third parties and vendors with whom they share data. What can we do to reduce the likelihood of a breach internally, or involving our third parties and vendors?
From my point of view, there are three components to assessing third-party security risk:
When examining third-party risk, we’re often focused on the money we spend with the third party and the strategic nature of the relationship, rather than the actual services being performed by the vendor.
Synopsys is a vendor. As such, we’re often asked:
Security practitioners are spending too much time focusing on the storage of data. Instead, the focus should be on how the data is used. I would want my organization to spend more time with a vendor that runs an application which collects my customers’ data, rather than a vendor to whom I’m shipping data for back-end processing.
The BSIMMsc is working to shift this mindset by evaluating whether your organization’s vendors are undertaking the right activities to maintain application security. While we may still see breaches where the data was left in the wrong location, the greatest risk lies in the applications that collect the data.