CIO Symmetry

A SearchCIO Small Business blog

» VIEW ALL POSTS Apr 8 2010   7:57PM GMT

Is security part of your vendor risk assessment process?



Posted by: Kristen Caretta
Tags:
data breach
Midmarket CIO
SMB security

Security continues to be a top priority for IT organizations shelling out budget dollars and planning for the future. But do you know the right questions to ask when evaluating potential security vendors and service providers?

This week, I wrote a story for SearchCIO-Midmarket.com on the importance of performing vendor risk assessments on your data recovery service providers — something not many organizations regularly do today. According to Paul Reymann, CEO of security consulting firm Reymann Group Inc., the importance of vetting third-party data recovery providers is just not on the radar screen of many organizations.

While it’s crucial to know how secure your data recovery providers are, it’s equally important to have this security information for all of your (IT and non-IT) vendors and service providers. When it comes to protecting sensitive data, all outsiders are potential threats.

“Everyone that has access to your data, the network, the facilities and your devices poses a threat,” Reymann said. “I’m talking about the janitor, the painters you hire during your renovations, the dumpster removal company — everyone — and not just the ones that you’re directly outsourcing your data to.”

I started wondering how many small to midsized companies actually assess vendors, even those not related to IT, in regards to overall security. As I mentioned in my story, a recent survey showed that of the 636 IT security and IT support professionals surveyed, when asked if data security was a major criterion for selecting a data recovery provider, only 20% said that it was currently part of the process. And that’s data recovery providers! What about those providers that you aren’t handing over your data to — what do you know about them?

According to Reymann, you’re better safe than sorry, especially when you consider what you’re risking by not properly vetting service providers.

“If you have a data breach, [organizations] are vulnerable to class action lawsuits and lost customers,” Reymann said. “And when that happens, smaller companies will not survive.”

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: