Key Considerations for Implementing a Vendor Risk Management Strategy


Tehama Team

Tehama Team

Feb 14, 2019

·

4 min read time

Key Considerations for Implementing a Vendor Risk Management Strategy

If you’re running a business of any size, it almost goes without saying that you’re relying on third-party vendors in one way or another. Whether you call them contingent employees, contractors, freelancers or anything else, you’ve probably given them at least partial access to whatever’s under the hood of your business.

Data breach findings

According to a 2018 report from the Ponemon Institute and Opus, 59% of the executives surveyed experienced a data breach because of third-party vendors — a steady increase from 56% in 2017 and 49% in 2016.

And as for the companies’ efforts in preventing future breaches, the report offered some other depressing findings:

 

Would a vendor alert the company in the event of a data breach?  Only 29% of the executives said yes
Does the company have adequate resources for managing third-party relationships? 63% were less than sure
Can the organization’s vendor safeguards be trusted to prevent a breach? 57% of respondents simply didn’t know
Does the company have a comprehensive inventory of all its third-party suppliers?  Only 34% of respondents said yes

And from there, the news gets even worse. The Ponemon Institute also asked executives about their “Nth parties” — that is, the vendors used by the third parties, vendors who are even further removed from the organization’s sphere of influence. When it comes to these fourth parties, only 12% of the executives surveyed expressed the belief that they would hear about a breach from any of these far-flung vendors.

Implementing a Winning Strategy

Implementing a well thought out Vendor Risk Management (VRM) strategy encompasses many checks and balances. Proper vendor classification, onboarding, and offboarding policies, identity and access management setup, regulatory compliance and asset management are all key pillars. Many of these are obvious, but the real challenge is implementing a winning strategy with best practices that move at the speed and agility of the business.

The Ponemon report does offer some advice on best practices: Create an inventory of all third parties with access to your confidential data; review their policies and practices for data security, including how they address emerging threats such as new apps or employee-supplied devices; and include contract clauses requiring them to notify you if they share your confidential information with their own third parties.

These are good recommendations, to be sure. But at the risk of sounding unkind, they are the same recommendations that have been made by Ponemon and other organizations many, many times over the years.

The hard truth is that the modern digital enterprise is too busy innovating to focus on its countless points of vulnerability. And no matter how compliant your people are, they can still be the victims of theft, and they can still unthinkingly expose your data over the public wi-fi in a coffee shop.

A single source of truth

Tehama acts as a single source of truth for the management of vendors, subcontractors, third parties and anyone else contributing to your organization’s digital transformation practice.

Our SaaS VRM platform eliminates the risk associated with securing the network perimeter by leveraging MFA and IAM tools already used by your organization. This prevents tainted endpoint devices from accessing your network, databases and other critical business assets.

Control IT spending and reduce your IT footprint by taking away the need to configure and secure VPNs, setup jumpboxes or even, worse, shipping out expensive laptops and hardware.

Secure Tehama Rooms are created instantly and are only accessible by authorized vendors and 3rd parties contributing to their defined projects. The Tehama environment is fully compliant, and can be set up to adhere to the specific standards and regulations of your business.

Additionally, all actions that take place in the Secure Tehama Rooms are recorded. This provides you and your vendors with full visibility, in-depth forensic auditing and valuable information for future reference. Download our ebook on Securing the Workplace of the Future to learn more.

Get Tehama insights sent straight to your inbox!

See How Your Enterprise Can Securely Enable Hybrid Teams

Get a Demo

Shape line

Read More

Tehama CRO Mick Miralis Recognized by CRN Channel Chiefs

Tehama CRO Mick Miralis Recognized by CRN Channel Chiefs

Tehama is excited to see our CRO, Mick Miralis, recognized by CRN for the second year in a row as a CRN Channel Chief. We recently sat down with him to learn more about what this recognition means for him and Tehama.    What does it mean to be a CRN Channel Chief? Mick: Over the past year, our team has made tremendous strides in creating an environment and ecosystem built around partner success. We have a truly remarkable and talented team here at Tehama, and it feels great to be recognized by CRN for these accomplishments. It demonstrates that…
How to Protect Your Business from the Inevitable Attack Without Breaking the Bank

How to Protect Your Business from the Inevitable Attack Without Breaking the Bank

Are you worried about the growing risks stemming from the evolving cyber threat landscape that will undoubtedly one day impact your business?  Are you tired of paying for the high cost of your BC/DR provider to evaluate, procure, integrate, manage, and operationally maintain countless point solutions to protect your data, applications, and infrastructure? For a reliable, cost-effective solution for ensuring business continuity and disaster recovery, look no further than Tehama.    Don’t become a statistic According to the 2021 Hourly Cost of Downtime survey by ITIC, over 90% of mid-sized and large businesses experience costs exceeding $300,000 for an hour…
Now Available: Tehama’s Cybersecurity Platform delivers integrated, enterprise wide security.

Now Available: Tehama’s Cybersecurity Platform delivers integrated, enterprise wide security.

In today’s global marketplace, meeting compliance mandates is more than necessary; it’s a competitive advantage. In its recent report, Top Trends in Cybersecurity 2023¹, Gartner concluded that through 2026, more than 40% of organizations — including two-thirds of midsize enterprises — will rely on consolidated platforms to run cybersecurity validation assessments. Gartner also identified that restructuring the security function’s operations can enable agility without compromising security.  And that’s where the Tehama Cybersecurity Platform for Hybrid and Remote Work comes in. It’s built on Tehama’s groundbreaking P5 architecture and is the first to unify secure access to hybrid and remote work.…
/wp-content/uploads/2021/08/subscribe-background.jpg
#011627
Subscribe Here!
Get Tehama insights sent straight to your inbox!
By submitting this form, I consent to receive e‑newsletters, helpful information and promotional messages and can withdraw consent at anytime.
Subscribe Here!

Get Tehama insights sent straight to your inbox!

Loading