Only a small segment of the industry has gotten on board with the idea that they own the risk associated with the end-to-end supply chain that makes their business run. Many focus on their internal security posture, leaving the rest of the technology and information chain up for grabs when it comes to exploiting a weakness in a system, a service, or a partner’s employee’s user behavior.
Those that have taken steps to evaluate the security posture of their vendors often perform the evaluation when they onboard the new partner, leaving the posture to change over time without any updates to the risk profile they bring to the business.
Obviously, and given the relevance of this problem, there must be a better approach.
That’s where RSA Security and their partner RiskRecon come into play: together, they allow organizations to streamline the onboarding risk assessment process for their vendors while also providing a continuous security assessment that parallels how internal security teams assess, manage, and mitigate risk.