Security continues to be a top priority for IT organizations shelling out budget dollars and planning for the future. But do you know the right questions to ask when evaluating potential security vendors and service providers?
This week, I wrote a story for SearchCIO-Midmarket.com on the importance of performing vendor risk assessments on your data recovery service providers — something not many organizations regularly do today. According to Paul Reymann, CEO of security consulting firm Reymann Group Inc., the importance of vetting third-party data recovery providers is just not on the radar screen of many organizations.
While it’s crucial to know how secure your data recovery providers are, it’s equally important to have this security information for all of your (IT and non-IT) vendors and service providers. When it comes to protecting sensitive data, all outsiders are potential threats.
“Everyone that has access to your data, the network, the facilities and your devices poses a threat,” Reymann said. “I’m talking about the janitor, the painters you hire during your renovations, the dumpster removal company — everyone — and not just the ones that you’re directly outsourcing your data to.”
I started wondering how many small to midsized companies actually assess vendors, even those not related to IT, in regards to overall security. As I mentioned in my story, a recent survey showed that of the 636 IT security and IT support professionals surveyed, when asked if data security was a major criterion for selecting a data recovery provider, only 20% said that it was currently part of the process. And that’s data recovery providers! What about those providers that you aren’t handing over your data to — what do you know about them?
According to Reymann, you’re better safe than sorry, especially when you consider what you’re risking by not properly vetting service providers.
“If you have a data breach, [organizations] are vulnerable to class action lawsuits and lost customers,” Reymann said. “And when that happens, smaller companies will not survive.”