Access is everything. It is the fundamental pillar that determines whether critical enterprise assets are safe or exposed. Knowing the answers to the questions of who is accessing what, where they are accessing that information from, why they are accessing that information and, finally, what exactly they’re accessing are the basic questions that stand between a breach and brand reputation.
Today, access extends well beyond the borders of the enterprise. Global supply chains are increasingly complex. This year at RSA, Josh Douglas, CTO at Raytheon, described the global supply chain as being comprised of shared processes and shared technology that distributes products used in creating, sharing and distributing information. The global supply chain is intertwined intimately and it doesn’t seem it will unravel itself anytime soon.
Enterprises are encompassed with the challenges around managing access to clouds and their various flavors, along with their network infrastructure, applications and data. In doing so, third parties become more and more critical to help deploy, control and maintain this transforming and fluid IT landscape.
This access is not only about people accessing machines to undertake their daily operational activities. This access also includes machines talking to other machines in an automated fashion and the underlying content of those interactions.
Yet for some reason, managing third-party access often comes as an afterthought in the industry’s overall security strategies and postures. However, the data would suggest that this topic warrants more attention:
- 70 percent of enterprises enter into contracts with external vendors without having conducted any security checks
- 92 percent of enterprises don’t have any supply chain risk management abilities in place.
- 44 percent this year compared to 54 percent last year – are bothering to put in the effort to vet the security of third-party providers and others in their IT supply chain
- 60 percent of organizations allow third-party vendors remote access to internal networks
- 63 percent of data breaches are caused by security vulnerabilities introduced by third parties
- 58 percent of organizations have no confidence that their third-party vendors are securing and monitoring privileged access to their network
The greater challenge in decreasing third-party risk exposure is what I call the “I got it, you take it” effect, where each party expects the other to take the primary responsibility for ensuring the security of the access. In reality, like any healthy relationship, security results from an equal continuous committed effort of both parties.
View the original content and more from this author here: http://ift.tt/1DB3Gdh
from critical infrastructure alliance http://ift.tt/1DB3Gd5
via IFTTT
No comments:
Post a Comment