Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

How to achieve better third-party security: Let us count the ways

Taylor Armerding | July 1, 2014
No enterprise is an island. In a connected world, a business cannot function without multiple relationships with third parties -- outside vendors, contractors, affiliates, partners and others.

Even with all that, Ulsch noted that protecting the integrity of information remains the primary responsibility of the company. "While various regulations may also hold third parties accountable, never assume that the obligation of compliance is assignable to another company," he wrote.

Finally, Arlen said a major weakness in BAAs or SLAs is that too often they are, "either focused on a specific compliance regulation — be it PCI or HIPAA — which is itself not a 'security' thing but rather a 'cover-asses-in-these-specific-ways' thing.

"The fix we need is meta-compliance — actual security rather than theatre that smells like security," he said.

 

Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.