Third-party security vetting: Do it before you sign a contract

If you’re talking about stopping security risks from an outside vendor already on-board, Jerry Archer says, “You’ve already failed.” Chief security officer for Fannie Mae, Archer contends that risk mitigation should begin before your company closes the deal. That’s why his team has a go or no-go vote for any vendor Fannie Mae brings on. That’s not restricted to vendors IT typically oversees, like authentication tech or API gateway services. Not a single tool is onboarded by any department without security’s approval.

With more than 200 vendors total, that task isn’t easy. Archer says companies approach HR or another department, showing them “the shiny new gadget. They need it. They must have it.” The team that will use the software isn’t thinking about security, just functionality. Archer says they tell IT, “‘We can’t succeed without it.’ We all know that in our hearts that’s not necessarily true, but the fact is, people get emotionally tied to stuff and politically tied to it.”

To read this article in full, please click here

Story added 12. March 2018, content source with full text you can find at link above.

Third-party security vetting: Do it before you sign a contract

More antivirus and malware news?

Ads

Security news

Malware

Security

IT security

About site

Search Terms Tips

Recent New Tips

Recent Posts