Top Menu

Looking after your security involves understanding the security of your third parties too

Today’s diverse IT environment is calling for a rethink of how information and intellectual property is secured from potential attackers. It is now crucial to have prudent strategies for dealing with the security levels of suppliers and partners as the traditional “four walls” perimeter no longer applies in dispersed, on-demand enterprise architecture.

On-premises, hosted, and cloud-based applications all house information about your organization at some point. And nowadays many applications have APIs that allow third parties access to different types of information. Simply ignoring the security model of this ecosystem is asking for trouble, and CIOs must keep a close eye on the available options.

The expanding perimeter

Some security experts might say the traditional “perimeter” no longer exists and it’s not possible to put a firewall in front of a security threat. To a certain extent, this is true; however, CIOs still need to balance the traditional with the emerging threats.

There are many enterprise IT trends forcing security change:

  • BYO devices and apps
  • Social networks
  • Cloud infrastructure and apps
  • Platform-as-a-Service
  • Selective sourcing agreements
  • APIs for automated data transfer

Modern security models will take these trends into account and work with them rather than try to block them.

Supplier security

Supplier security has received much attention with the advent of hosted services and applications. There are a number of practical steps CIOs can take to limit their risk when entering the cloud:

  • Do your homework: it never hurts to investigate the security level of a supplier and cover off the technology and processes they have in place to protect your data
  • Capture your data: have a backup of all data you give to suppliers, even if it is just an archive
  • Investigate workarounds: there are a number of options on the market for securing data that is used in a supplier environment, like encryption
  • Understand the value of data: is the data in question too valuable to the organization to allow a supplier direct access to it?

Partner security

Like supplier security, partner security centers on a risk profile of who is given access to what type of data. Keep a close eye on what you allow third parties to access and, in the case of APIs, review how you can revoke access in the event of a problem.

Today’s diverse partner and supplier IT architecture makes security more challenging than ever, but CIOs can adopt better security models that allow more agility and prevent them from falling into the trap of the “owning it means it’s secure” mentality.