Progress announced the latest release of Progress® Semaphore™, its metadata management and semantic AI platform.
Third Parties: Know the "Who" and the "When"
November 26, 2018
With the rise of next-generation technologies, businesses have access to more data than ever, creating opportunities to develop new channels for revenue. Contributing to the increase in data is a growing reliance on the external supply chain. However, with the influx of data comes the necessity to understand the entire third-party ecosystem; its benefits and risks.
Some of the most devastating breaches have been attributed to a third party, so it should be no secret that mitigating third-party risks is crucial. Because vigilance is key, organizations must get their entire vendor ecosystem in check to lower the risks that enterprises encounter when granting third-party vendors and non-employees' access to their network and data.
Assess Your Hygiene
According to research from the Ponemon Institute, 50 percent of organizations don't know who has access to their data, how they're using it, or what safeguards are in place to mitigate an incident. This is largely due to the lack of resources to track third parties, the complexity of business requirements and technology, and a breakdown in communication.
Businesses can start by assessing their security hygiene and enacting a multilayered defense strategy that covers the entire enterprise to include lifecycle management capabilities to manage the coming and going of third party, non-employees, as well as encryption and multifactor authentication for all network- and data-access requests from third parties. The business is going to hire non-employees, so organizations need to be prepared to track and manage risk at both the vendor and identity level.
Select Third-Party Providers That Improve Security, Not Jeopardize It
Some third-party vendors only need access to your network whereas others need access to specific data. No matter how much you trust a third-party vendor you must continuously assess the vendor's security standards and technology as well as track who is being granted access from those vendors once approved. Those companies with robust due diligence and third-party governance stand to benefit in many ways.
Do the Regulatory Changes Affect You
With the increasing data laws to include the EU's General Data Protection Regulation (GDPR) and the dozens of individual United States data policies, organizations must rethink their entire compliance process.
Organizations should restrict third-party access to sensitive data, complete an information audit to determine the data flow to third parties, collect only the data that serves a legitimate purpose, and make sure that all major leaders are aligned.
In the event that information has to be shared with third parties, companies should make certain they know who each person is that was granted access, have a way to manage those identities and, more importantly, have a process by which access can be removed in the event of a breach notification.
It's Not One-and-Done
Successfully managing third-party vendors is ongoing practice, not a one-time task. Companies must recognize that assessing the risk of the vendor is just one side of the coin. Once a vendor has been approved, companies need to be able to track and manage the individuals being brought in from those vendors and take action against the non-employee populations.
All businesses have a responsibility — to themselves and their customers — to implement measures that are appropriate to their unique risks and requirements.
Industry News
August 29, 2024
Elastic, the Search AI Company, announced the Elasticsearch Open Inference API now integrates with Anthropic, providing developers with seamless access to Anthropic’s Claude, including Claude 3.5 Sonnet, Claude 3 Haiku and Claude 3 Opus, directly from their Anthropic account.
August 28, 2024
Broadcom unveiled VMware Cloud Foundation (VCF) 9, the future of VCF that will accelerate customers’ transition from siloed IT architectures to a unified and integrated private cloud platform that lowers cost and risk.
August 27, 2024
Broadcom announced VMware Tanzu Platform 10, a cloud native application platform that accelerates software delivery, providing platform engineering teams enhanced governance and operational efficiency while reducing toil and complexity for development teams.
August 26, 2024
Red Hat announced the general availability of Red Hat OpenStack Services on OpenShift, the next major release of Red Hat OpenStack Platform.
August 26, 2024
Salesforce announced new innovations in Slack that make it easier for users to build automations, no matter their technical expertise.
August 26, 2024
GitLab announced the general availability of the GitLab Duo Enterprise add-on.
August 26, 2024
Tigera now delivers universal microsegmentation capabilities with Calico.
August 22, 2024
Tabnine announced a new platform partnership with Broadcom Inc., an integration with IBM, as well as continuing extensions of existing partnerships with Amazon Web Services (AWS), DigitalOcean, Google Cloud, and Oracle Cloud Infrastructure (OCI).
August 22, 2024
Wallarm released API Attack Surface Management (AASM), an agentless technology to help organizations identify, analyze, and secure their entire API attack surface.
August 21, 2024
LambdaTest launched KaneAI, an end-to-end software AI Test Agent.
August 20, 2024
Kubiya has closed its $12 million seed round with a $6 million extension of equity and debt financing and launched a paradigm-breaking new platform, AI Teammates, that enables true delegation of complex tasks to digital colleagues through organic, human-like conversations.
August 19, 2024
The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, announced the schedule for KubeCon + CloudNativeCon North America 2024, happening in Salt Lake City, Utah from November 12 – 15.
August 19, 2024
Diagrid announced the latest version of Dapr, a Cloud Native Computing Foundation incubating project maintained by Diagrid, Microsoft, Intel, Alibaba, and others, as well as an update to Conductor, a Software as a Service (SaaS) that helps manage, upgrade, and monitor Dapr on Kubernetes clusters.
August 15, 2024
Spectro Cloud announced two new formal recognitions of its strengthening position in the government technology space: the Government Software competency from AWS, and ‘Awardable’ status on the CDAO Tradewinds Solutions Marketplace for AI/ML solutions at the tactical edge.
