Although organisations are increasingly making use of a range of tools to manage third-party security risks, many of them tend to rely on just a few. Whether this applies to vendor security risk, monitoring or ratings services, it might be wiser to make use of others and incorporate this approach into a wide-ranging strategy. This advice comes from Gartner analyst Jie Zhang in a recent interview with Information Security Media Group.
She begins by talking about the most promising trends in the third-party security landscape and offers a summary of the current state of play. “Essentially, third-party risk is an outcome of the extended IT security parameters,” adding, “in many cases, third-party is the blanket term to talk about the multi-layered digital supply chain phenomenon.”
She then goes on to discuss how the challenges currently facing different organisations in different sectors are being met by people looking for best practices. In addition, there is a huge amount of investment going into the vendor space. “First and foremost today, a combination of risk assessment monitoring capabilities is being applied as the number one best practice. That means that you are integrating, coordinating and correlating a large set of information about your third parties.” The information could come in from rating services for example – although she warns against over-reliance on these.
In the interview Zhang also discusses:
• How to deal with the evolving “digital supply chain phenomenon”;
• How third-party security risk management varies in healthcare, financial services and other sectors;
• Vendor security risk management trends in 2020.
A summary of the interview is now available, as is an audio version – click on the link.
Jie Zhang is a senior director analyst at Gartner, responsible for covering risk and security management programs. Her areas of speciality include enterprise legal management, integrated risk management and digital innovation.