Top 5 Best Practices for Third-Party Security - Security Boulevard

SBN Top 5 Best Practices for Third-Party Security


With the digital transformation of our communication systems and the development of cloud and edge computing, the enterprise perimeter is fuzzier than ever. This has helped to open up communications with an extended, and often global, vendor network.

The new mode of vendor management is about building an ecosystem, often within a complex matrix, where third parties cross the enterprise line by using technology to bridge the divide. This ecosystem is not one-way, either: It has to support multi-directional communications, and this builds even more complexity into the whole community.

DevOps Experience

Technologies such as the Internet of Things (IoT) are increasingly being used to connect the vendor community. Data is flowing across channels and out to the edges of computing, to endpoints that may or may not be known to the parent organization.

This situation is developing within an already-aggressive cybersecurity landscape. Adding in multi-directional, highly-connected, extended endpoints only makes the resulting data matrix more difficult to manage. Over 18.5 million data records are lost or stolen every day, and in a Bomgar survey, 69 percent of respondents said they had suffered a data breach because of third-party vendors.

To manage third-party risk, we must have a set of best practices to follow to ensure that our vendor security is as good as we can make it.

Best Practice #1: Open Your Eyes to Your Vendor Ecosystem

If you have to manage a wide community of vendors, you may not have full visibility of the entire vendor ecosystem. A 2017 Ponemon Institute study of third-party vendor risk found that, on average, 471 partners in the ecosystem had access to sensitive data — an increase of 25 percent over 2016. Having visibility of where data goes and who has access to these data is a critical first step in managing (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Susan Morrow. Read the original post at:

Techstrong Group