By Cheryl Tang, Senior Product Marketing Manager, Symantec Corp.
In today’s global economy, it’s no secret that many organizations rely on third parties for critical business activities. While outsourcing isn’t a new concept, the rise of readily available cloud-based and everything-as-a-service solutions is rapidly increasing an organization’s liability and risk landscape – often with limited IT oversight.
Unfortunately many enterprises relying on third-party vendors often assume that these third parties properly protect their sensitive employee, customer and business data. Sadly, this is not always the case. Consider these data points:
- Only 24 percent of respondents require third-party suppliers or partners to comply with baseline security procedures.
- Although 84 percent of senior IT decision makers [were] concerned or very concerned about the risks associated with IT security breaches, 55 percent of CIOs have not tested cloud vendors’ security systems and procedures.
These numbers are shocking when you think about the potential risks that third parties can introduce to an organization’s reputation, business and customers. High profile third-party data breaches have impacted a larger number of major brands beyond the initial breach. According to the Ponemon Institute’s Cost of a Data Breach study, 41 percent of organizations had a data breach caused by a third party. And data breaches caused by third parties increased cost by $26 per compromised record.
With so much at stake how do you ensure that your data is appropriately protected? According to research from the IT Policy Compliance Group, the best performing companies go beyond the contracts to actively manage and hold vendors accountable to requirements. These companies routinely collect information including online surveys and log data on a monthly basis. In addition, the majority of best performing companies automate the process of gathering and assessing vendor information. This automation facilitates a larger number of more frequent assessment requests.
Without ongoing visibility and management of vendor risk, there is no way of telling if your enterprise’s information is adequately protected. Organizations need to consider vendor risk management solutions that can provide the continuous vendor oversight required to protect sensitive data and reduce overall business risk. They allow CISOs to gain visibility into their vendor risk, automate vendor risk assessments and deliver up-to-date information in a timely manner.
The most important message to take away from this post is to not leave your third-party security to chance. In addition to monitoring how third-parties are managing data, it is important for organizations to have the right risk management solutions working for them that monitors and protects information that is internal as well as external to the organization. It only takes a few simple steps to protect your organization’s business assets and reputation. It is time to take the reins. Learn more about how to manage third-party security at Symantec Control Compliance Suite’s home page
 Third Party Risk Management, PwC, April 2012
 Over half of CIOs fail to test cloud vendors’ security, Computing.co.uk, 04-DEC-12