In the New Normal, Look for More Regulation of Third-Party Vendor Security Measures
By: Ali Gomulu
It makes sense for companies to work with third-party suppliers, sales channels, distribution channels, and integrated IT systems to advance their competitive position, or to lower costs.
While there are many benefits, these relationships also present new risks to enterprises in an increasingly digitally connected world.
Regulators get this and are implementing stricter standards, especially as news of breaches comes out nearly every day – huge breaches which compromise consumer privacy. The EU’s General Data Protection Regulation (GDPR) is one example, the California Consumer Privacy Act is another. These regulations hold companies responsible, not only for their own actions but also for the actions of any party doing business on their behalf.
Risk can come from third-party service providers and even IT platform providers that those service providers use to run their businesses.
When companies where trying to evaluate third-party risks during COVID-19, they quickly concluded having multiple clouds, applications, connected systems, and remote workers creates even more risk.
One of the biggest challenges in risk management is that companies often experience different points of vulnerability as they work with large numbers of other companies, service providers, and contractors.
Extending Privileged Access Management (PAM) solutions to third parties is key. Visibility into third party activities, including those being done by privileged users, must be continually monitored – and the monitoring must be automated with measures that can be implemented quickly when threats are first detected.
When thinking about the return on investment in managing third-party risk using PAM for vendors, consider that the total costs of non-compliance include not only damage to the brand, bottom line, and fines from regulators, but also investigation and monitoring costs associated with stricter regulations.
As your organization recalibrates for the next new normal, are you thinking about these key issues associated with third-party access to systems?
- A contractor may accidentally or maliciously cause an outage or a data breach
- With access to enterprise systems, a malicious contractor could pose as an employee to improperly access sensitive data
- A former employee of a third-party firm could retain access rights if they do not have the proper procedures and software in place
- A contractor may be tempted to work with large criminal organizations, a risk that is rising as uncertainty grows and earning a potentially large sum of money could cause that individual to give in and give up sensitive data
- From a compliance perspective, not knowing who is accessing confidential data or modifying systems or stealing data could be expensive and devastating, especially at a time like this
Ironsphere’s PAM solution provides a streamlined way to authorize, monitor, manage, control, and report on the activities of all privileged users, including third-party contractors.
With highly intelligent automation and smart policies across the entire environment, access can only be granted when needed. Access can be instantly revoked when the need expires, or when the system detects unusual behavior before the worst happens.
Be prepared – and streamline your security operations by implementing PAM with our modern approach, which is also implemented in days or weeks – not months or even years. We don’t have another minute to spare.
At The Crossroads of Risk Management and Privileged Access Management, Hyper-Automation Matters
There are few things in business that come with no risk. In fact, the future truly belongs to the bold, and those enterprises who push themselves to innovate more and accelerate digital transformation across their offerings are winning. The greatest risk of all today may be doing nothing, hoping that the status quo will be enough to keep existing customers and win new customers.
The Hidden Costs of an IP Breach: How to Analyze, Plan and Protect Priceless Digital Assets & Secrets
Corporate networks are breached for many reasons, but among the most frightening to the C-Suite and Board of Directors are attacks that target the theft of intellectual assets.
As Digital Transformation Accelerates, The Risk of Theft of IP Grows
Over the past two decades, with the rise of the Internet and the growth of cloud services, enterprises, and organizations, including government agencies, have transformed the way they do business and serve their constituents.