Fall World 2014

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 27, Issue 3

Full Contents Now Available!

June 5, 2014

We Manage our Threats, but What About our Vendors?

Computerworld — Ever since we learned that last autumn's massive Target data breach was accomplished with the use of access credentials stolen from a third-party vendor, I've been concerned about similar threats at my company. We use lots of vendors, many of which have access to our network. I've spent a lot of money, time and energy fortifying my network and its perimeter. But what if one of the vendors gets compromised? Could hackers sneak into my network through the side door, posing as a legitimate service employee?

Of course, this is really nothing new. I've written a few columns in the past about problem vendors and some of the things I've done to deal with the consequences of business managers signing contracts with third parties without involving my team. I've also mentioned in the past that I try to review third-party SSAE16 (previously SAS70) reports on our vendors that audit firms have produced, and I hope those reports are accurate and unbiased.

...

http://www.cio.com/article/753719/We_Manage_our_Threats_but_What_About_our_Vendors_