In the second part of this two-part blog series, we look at the reality of your risk processes.
The complex, extensive vendor ecosystems in today’s enterprises have impacted the effectiveness of risk control processes. Local or otherwise decentralized IT and business functions procure SaaS solutions on their own, entirely bypassing the formal IT governance process. Paper-based risk control processes were developed for a time when your vendor population was much smaller, data storage was mostly on premise, and third parties were only a small piece of your security programs. Today, risk control processes must be adapted to new risk realities.